program: creat(&(0x7f00000002c0)='./file0\x00', 0x0) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") write$binfmt_script(r0, &(0x7f00000008c0), 0xfecc) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x10a) sendmmsg$unix(r1, &(0x7f000000e980)=[{{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f0000000c00)="ad58198d35eb441a161bb3ae204eb9d8d9b5d50dc78b592304061f005f3e8deefc2c7d01a7567d81e6541e816e860670bb34f4802545571460b5a0bfe966921659b1f199", 0x44}], 0x1, 0x0, 0x0, 0x4000085}}], 0x1, 0x4020014) r2 = open$dir(&(0x7f0000000080)='./file0\x00', 0xc402, 0x80) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x12, r2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000003bc0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) write$P9_RVERSION(r1, &(0x7f0000000c40)=ANY=[], 0x13) [ 101.001715][ T5323] loop0: detected capacity change from 0 to 64 [ 101.057036][ T4666] Bluetooth: hci0: command tx timeout [ 101.264167][ T5328] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 101.269678][ T5328] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 101.274523][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 101.278637][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 101.282891][ T5328] RIP: 0010:bfs_get_block+0x589/0xae0 [ 101.285608][ T5328] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 50 79 86 ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 24 79 86 ff 4c 89 ef [ 101.295537][ T5328] RSP: 0000:ffffc9000ef56418 EFLAGS: 00010206 [ 101.298298][ T5328] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 101.301907][ T5328] RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff88801a8512d8 [ 101.306177][ T5328] RBP: ffff88801cc2e7b8 R08: ffffea000141d9b7 R09: 1ffffd4000283b36 [ 101.309841][ T5328] R10: dffffc0000000000 R11: fffff94000283b37 R12: 0000000000000028 [ 101.313500][ T5328] R13: ffff88801a8512b8 R14: 0000000000000000 R15: 0000000000000022 [ 101.317449][ T5328] FS: 00007fac97ba76c0(0000) GS:ffff88808ca49000(0000) knlGS:0000000000000000 [ 101.321964][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 101.325022][ T5328] CR2: 00007f3f2f9909c0 CR3: 0000000011f88000 CR4: 0000000000352ef0 [ 101.328476][ T5328] Call Trace: [ 101.330043][ T5328] [ 101.331475][ T5328] __block_write_begin_int+0x6c6/0x1910 [ 101.334514][ T5328] ? __pfx_bfs_get_block+0x10/0x10 [ 101.337134][ T5328] ? __pfx___block_write_begin_int+0x10/0x10 [ 101.339687][ T5328] ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0 [ 101.342430][ T5328] ? __pfx_bfs_get_block+0x10/0x10 [ 101.344844][ T5328] block_write_begin+0x8d/0x120 [ 101.347142][ T5328] ? bfs_write_begin+0x1e/0xd0 [ 101.349259][ T5328] bfs_write_begin+0x35/0xd0 [ 101.351644][ T5328] generic_perform_write+0x2e2/0x8f0 [ 101.354826][ T5328] ? __pfx_generic_perform_write+0x10/0x10 [ 101.357709][ T5328] ? file_update_time_flags+0x219/0x4a0 [ 101.360254][ T5328] ? __generic_file_write_iter+0xf9/0x230 [ 101.362897][ T5328] ? generic_file_write_iter+0x136/0x680 [ 101.365562][ T5328] generic_file_write_iter+0x14a/0x680 [ 101.368485][ T5328] ? __pfx_generic_file_write_iter+0x10/0x10 [ 101.371631][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.374124][ T5328] ? is_bpf_text_address+0x292/0x2b0 [ 101.376328][ T5328] ? is_bpf_text_address+0x26/0x2b0 [ 101.378539][ T5328] ? kernel_text_address+0xa5/0xe0 [ 101.380834][ T5328] ? __kernel_text_address+0xd/0x30 [ 101.383203][ T5328] ? unwind_get_return_address+0x4d/0x90 [ 101.386013][ T5328] ? do_raw_spin_lock+0x12b/0x2f0 [ 101.388694][ T5328] __kernel_write_iter+0x41e/0x880 [ 101.391251][ T5328] ? __pfx___kernel_write_iter+0x10/0x10 [ 101.393563][ T5328] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 101.395953][ T5328] ? __asan_memset+0x22/0x50 [ 101.397870][ T5328] ? iov_iter_kvec+0xb8/0x180 [ 101.400439][ T5328] __kernel_write+0x106/0x170 [ 101.403199][ T5328] ? __pfx___kernel_write+0x10/0x10 [ 101.406045][ T5328] dump_emit+0x8e9/0xab0 [ 101.407995][ T5328] ? __pfx_dump_emit+0x10/0x10 [ 101.410181][ T5328] ? __kasan_kmalloc+0x93/0xb0 [ 101.412272][ T5328] ? __kmalloc_cache_noprof+0x31c/0x660 [ 101.414955][ T5328] elf_core_dump+0x2e5d/0x3ad0 [ 101.417600][ T5328] ? __pfx_elf_core_dump+0x10/0x10 [ 101.420183][ T5328] ? __kasan_kmalloc+0x93/0xb0 [ 101.422450][ T5328] ? __kvmalloc_node_noprof+0x528/0x8a0 [ 101.424970][ T5328] ? coredump_write+0x387/0x1910 [ 101.427450][ T5328] ? vfs_coredump+0x36a9/0x4280 [ 101.430291][ T5328] ? get_signal+0x1107/0x1330 [ 101.432963][ T5328] ? arch_do_signal_or_restart+0xbc/0x830 [ 101.435753][ T5328] ? irqentry_exit+0x176/0x620 [ 101.437825][ T5328] ? asm_exc_page_fault+0x26/0x30 [ 101.440069][ T5328] ? mas_ascend+0x304/0x890 [ 101.442133][ T5328] coredump_write+0x1216/0x1910 [ 101.444640][ T5328] ? __pfx_coredump_write+0x10/0x10 [ 101.447509][ T5328] ? do_raw_spin_lock+0x12b/0x2f0 [ 101.450747][ T5328] ? put_files_struct+0x256/0x350 [ 101.453745][ T5328] ? do_raw_spin_unlock+0x4d/0x210 [ 101.456154][ T5328] ? unshare_files+0xfc/0x140 [ 101.458374][ T5328] vfs_coredump+0x36a9/0x4280 [ 101.460496][ T5328] ? __pfx_vfs_coredump+0x10/0x10 [ 101.462799][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.465033][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.467710][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.470767][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.473569][ T5328] ? __lock_acquire+0x6b5/0x2cf0 [ 101.475869][ T5328] ? unwind_next_frame+0xa5/0x23c0 [ 101.478159][ T5328] ? is_bpf_text_address+0x26/0x2b0 [ 101.480442][ T5328] ? is_bpf_text_address+0x292/0x2b0 [ 101.482847][ T5328] ? is_bpf_text_address+0x26/0x2b0 [ 101.485523][ T5328] ? kernel_text_address+0xa5/0xe0 [ 101.487923][ T5328] ? __kernel_text_address+0xd/0x30 [ 101.490419][ T5328] ? unwind_get_return_address+0x4d/0x90 [ 101.493591][ T5328] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 101.497136][ T5328] ? arch_stack_walk+0xfb/0x150 [ 101.499209][ T5328] ? stack_trace_save+0xa9/0x100 [ 101.501466][ T5328] ? __pfx_stack_trace_save+0x10/0x10 [ 101.503885][ T5328] ? stack_depot_save_flags+0x33/0x810 [ 101.506366][ T5328] ? __lock_acquire+0x670/0x2cf0 [ 101.508682][ T5328] ? kasan_save_track+0x4f/0x80 [ 101.511814][ T5328] ? kasan_save_track+0x3e/0x80 [ 101.514824][ T5328] ? kasan_save_free_info+0x46/0x50 [ 101.517824][ T5328] ? __kasan_slab_free+0x5c/0x80 [ 101.520080][ T5328] ? kmem_cache_free+0x187/0x630 [ 101.522363][ T5328] ? get_signal+0xa4a/0x1330 [ 101.524335][ T5328] ? arch_do_signal_or_restart+0xbc/0x830 [ 101.527045][ T5328] ? irqentry_exit+0x176/0x620 [ 101.529250][ T5328] ? asm_exc_page_fault+0x26/0x30 [ 101.531628][ T5328] ? _raw_spin_unlock_irq+0x23/0x50 [ 101.534181][ T5328] get_signal+0x1107/0x1330 [ 101.536577][ T5328] arch_do_signal_or_restart+0xbc/0x830 [ 101.539234][ T5328] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 101.541975][ T5328] irqentry_exit+0x176/0x620 [ 101.544120][ T5328] ? trace_irq_disable+0x3b/0x150 [ 101.546749][ T5328] asm_exc_page_fault+0x26/0x30 [ 101.549665][ T5328] RIP: 0033:0x7fac96d9c821 [ 101.552261][ T5328] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 101.561008][ T5328] RSP: 002b:00000000fffffeb0 EFLAGS: 00010217 [ 101.563532][ T5328] RAX: 0000000000000000 RBX: 00007fac97016090 RCX: 00007fac96d9c819 [ 101.567144][ T5328] RDX: 0000000000000000 RSI: 00000000fffffeb0 RDI: 0000000002000400 [ 101.570922][ T5328] RBP: 00007fac96e32c91 R08: 0000000000000000 R09: 0000000000000000 [ 101.575451][ T5328] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 101.579767][ T5328] R13: 00007fac97016128 R14: 00007fac97016090 R15: 00007ffe59b05358 [ 101.582894][ T5328] [ 101.584253][ T5328] Modules linked in: [ 101.587001][ T5328] ---[ end trace 0000000000000000 ]---