program: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x26, 0x7, 0xc, 0x22}, 0x50) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x108) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r1, &(0x7f0000000bc0)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x11}}, 0x10) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x20442, 0x36) r4 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r4, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x20007, 0x0, 0x200000, 0xd, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97af10fd4fcca15748328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d79471a2d2dfe", "0410b1617b6217917d72322c0c5aa9263626c0240010f9db74161ccff2c5cf5e", [0x3, 0x800]}) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xe7c) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) [ 96.227043][ T1347] cfg80211: failed to load regulatory.db [ 96.244738][ T47] Bluetooth: hci0: command tx timeout [ 96.371262][ T5339] loop0: detected capacity change from 0 to 64 [ 96.525785][ T5339] loop0: detected capacity change from 64 to 11 [ 96.551139][ T5340] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 96.556522][ T5340] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 96.560778][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 96.564839][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 96.569616][ T5340] RIP: 0010:bfs_get_block+0x589/0xae0 [ 96.572251][ T5340] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 20 71 8b ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 f4 70 8b ff 4c 89 ef [ 96.581694][ T5340] RSP: 0018:ffffc90009f07638 EFLAGS: 00010206 [ 96.584189][ T5340] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 96.587484][ T5340] RDX: ffffc90021803000 RSI: 0000000000000610 RDI: ffff8880126c1b00 [ 96.590922][ T5340] RBP: ffff888031c7ce70 R08: ffffea00008c03f7 R09: 1ffffd400011807e [ 96.594411][ T5340] R10: dffffc0000000000 R11: fffff9400011807f R12: 0000000000000028 [ 96.598014][ T5340] R13: ffff8880126c1ae0 R14: 0000000000000000 R15: 000000000000000a [ 96.601602][ T5340] FS: 00007f0a801796c0(0000) GS:ffff88808d239000(0000) knlGS:0000000000000000 [ 96.605442][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.608431][ T5340] CR2: 000055617841f010 CR3: 000000001a235000 CR4: 0000000000352ef0 [ 96.612096][ T5340] Call Trace: [ 96.613676][ T5340] [ 96.615072][ T5340] __block_write_begin_int+0x6b5/0x1900 [ 96.617637][ T5340] ? __pfx_bfs_get_block+0x10/0x10 [ 96.620063][ T5340] ? __pfx___block_write_begin_int+0x10/0x10 [ 96.622729][ T5340] ? __pfx_bfs_get_block+0x10/0x10 [ 96.624843][ T5340] block_write_begin+0x8d/0x120 [ 96.627068][ T5340] ? bfs_write_begin+0x1e/0xd0 [ 96.629241][ T5340] bfs_write_begin+0x35/0xd0 [ 96.631501][ T5340] generic_perform_write+0x2c5/0x900 [ 96.634006][ T5340] ? __pfx_generic_perform_write+0x10/0x10 [ 96.636762][ T5340] ? file_update_time_flags+0x2cb/0x4e0 [ 96.639250][ T5340] ? __generic_file_write_iter+0xf9/0x230 [ 96.641949][ T5340] ? generic_file_write_iter+0x103/0x550 [ 96.644447][ T5340] generic_file_write_iter+0x117/0x550 [ 96.646725][ T5340] ? __pfx_generic_file_write_iter+0x10/0x10 [ 96.649299][ T5340] ? __lock_acquire+0x6b6/0x2cf0 [ 96.651431][ T5340] ? __pfx_aa_file_perm+0x10/0x10 [ 96.653365][ T5340] ? rcu_read_lock_any_held+0xb3/0x120 [ 96.655776][ T5340] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 96.658233][ T5340] vfs_write+0x5c9/0xb30 [ 96.660173][ T5340] ? __pfx_generic_file_write_iter+0x10/0x10 [ 96.663645][ T5340] ? __pfx_vfs_write+0x10/0x10 [ 96.665935][ T5340] ? __fget_files+0x2a/0x420 [ 96.668142][ T5340] __x64_sys_pwrite64+0x193/0x220 [ 96.670464][ T5340] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 96.673126][ T5340] ? do_syscall_64+0xbe/0xf80 [ 96.675388][ T5340] do_syscall_64+0xfa/0xf80 [ 96.677481][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.680186][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 96.682322][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.685068][ T5340] RIP: 0033:0x7f0a7f38f7c9 [ 96.687157][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.696277][ T5340] RSP: 002b:00007f0a80179038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 96.700041][ T5340] RAX: ffffffffffffffda RBX: 00007f0a7f5e6090 RCX: 00007f0a7f38f7c9 [ 96.703542][ T5340] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000007 [ 96.707107][ T5340] RBP: 00007f0a7f413f91 R08: 0000000000000000 R09: 0000000000000000 [ 96.710849][ T5340] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 96.714438][ T5340] R13: 00007f0a7f5e6128 R14: 00007f0a7f5e6090 R15: 00007ffd628acdb8 [ 96.718009][ T5340] [ 96.719486][ T5340] Modules linked in: [ 96.721930][ T5340] ---[ end trace 0000000000000000 ]--- [ 96.730813][ T5339] Dev loop0: unable to read RDB block 11 [ 96.734389][ T5339] loop0: unable to read partition table [ 96.737079][ T5339] loop0: partition table beyond EOD, truncated [ 96.762087][ T5339] loop_reread_partitions: partition scan of loop0 ("Sj||C[ [ 96.762087][ T5339] C-:4̗O̡WH2S l/5C YđM7JyG--) failed (rc=-5) [ 96.769495][ T5340] RIP: 0010:bfs_get_block+0x589/0xae0 [ 96.772784][ T5340] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 20 71 8b ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 f4 70 8b ff 4c 89 ef [ 96.780676][ T5340] RSP: 0018:ffffc90009f07638 EFLAGS: 00010206 [ 96.783847][ T5340] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 96.787342][ T5340] RDX: ffffc90021803000 RSI: 0000000000000610 RDI: ffff8880126c1b00 [ 96.790759][ T5340] RBP: ffff888031c7ce70 R08: ffffea00008c03f7 R09: 1ffffd400011807e [ 96.794843][ T5340] R10: dffffc0000000000 R11: fffff9400011807f R12: 0000000000000028 [ 96.798173][ T5340] R13: ffff8880126c1ae0 R14: 0000000000000000 R15: 000000000000000a [ 96.802246][ T5340] FS: 00007f0a801796c0(0000) GS:ffff88808d239000(0000) knlGS:0000000000000000 [ 96.806349][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 96.809322][ T5340] CR2: 00007ffebc5a0eb4 CR3: 000000001a235000 CR4: 0000000000352ef0 [ 96.813305][ T5340] Kernel panic - not syncing: Fatal exception [ 96.816483][ T5340] Kernel Offset: disabled [ 96.818602][ T5340] Rebooting in 86400 seconds..