program: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001e0005002dbd7000fcdbdf25ac1415aa00000000000000000000000000000400ff00000000000000d900000000f1ff07000003350000e497ec77ebb4eb762f974b124837e82ef7da0483a292e802c579f48cbae743d73ee2264bd8ee10688327db5b37695bdc5e1d4c3e4a66a6dd63f858026965b366c3e73df77771fdf4e8635da6bd2cf93f21d23521c8af1f8d63922e8a8b77f2e3ff5d36907579e94baa3ffc8e46c86c0500459123afb65a1a001a8401670f4d6f568ad1727f1968019aaf356ffbfe4e1a28ad526031207ca6b834b9cd5836362d397cb6af37df2209797ef6507b44d267aec05f56e61477634a7365bc8362be1a2ef4d347a35a8b381884cb5deeebe7970df6b845384bc30c110b08f5e7f28d1c6e44cd6745b284a0170dc46bd40a96079c15"], 0x40}, 0x1, 0x0, 0x0, 0x40810}, 0x10) syz_clone(0x91a0200, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000480)="24ab3f9fadf08a2bff49ec2208104e0c6339b39cda51a6b76683d93f1ad6a9b71cb8184fda55f020976ab9417b4afb12") syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000000)={0x0, &(0x7f0000000100)}) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002540), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x10000, &(0x7f0000002400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB="2c0093862da162a20b5f3ebadc59f6813d9177482f4dcfcd156c623cee98e0dc66e136223a693cef6e210cf01d181a4d13ad1899dbea1174707a2c80b7c7f6f9e563a59d53fd8973114ba002ef92f4b8ca9835c219ff850ae15d08e250933967f2fff1b3dd9d372aa7adfc44cd6d6f2906"]) read$FUSE(r3, &(0x7f0000000200)={0x2020, 0x0, 0x0}, 0x2020) open(&(0x7f0000002300)='./file0\x00', 0x0, 0x0) write$FUSE_INIT(r3, &(0x7f0000002280)={0x50, 0x0, r4, {0x7, 0x9, 0x7fffffff, 0x24080e0, 0x9, 0x0, 0x7}}, 0x50) read$FUSE(r3, &(0x7f0000004580)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INTERRUPT(r3, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r5}, 0x10) close_range(r2, 0xffffffffffffffff, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x108) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000b80)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x13f, 0x2}}, 0x20) write$RDMA_USER_CM_CMD_NOTIFY(r0, &(0x7f0000000bc0)={0xf, 0x8, 0xfa00, {0xffffffffffffffff, 0x11}}, 0x10) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x20442, 0x32) r8 = syz_open_dev$loop(&(0x7f0000000140), 0x0, 0x0) ioctl$LOOP_SET_STATUS(r8, 0x4c02, &(0x7f0000000300)={0x0, {}, 0x0, {}, 0x20007, 0x0, 0x200000, 0xd, "22536af39b7c7cb7435b0a43852dbc3a9ada34cc97af10fd4fcca15748328c53096c2f359e9ba743d30b59c491a7b3e74d938981061383374a1d79471a2d2dfe", "0410b1617b6217917d72322c0c5aa9263626c0240010f9db74161ccff2c5cf5e", [0x3, 0x800]}) pwrite64(r7, &(0x7f0000000140)='2', 0xfdef, 0xe7c) r9 = syz_open_dev$sg(&(0x7f0000001600), 0x0, 0x40042) r10 = socket$inet6(0xa, 0x2, 0x0) r11 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r12 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "22a33f4bc525090d9aca548e1d5044e868d208ee611983d58943b651a931216382ae75b8abc9d47cd94b0f885c51624d6da638c86b357813df38c7e474f20946"}, 0x48, 0xffffffffffffffff) keyctl$KEYCTL_WATCH_KEY(0x20, r12, r11, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r10, 0x89f3, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f00000002c0)={'ip6gre0\x00', 0x0, 0x2f, 0x1, 0x9, 0xc, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @mcast1, 0x20, 0x20, 0x9, 0xf}}) write$binfmt_aout(r9, &(0x7f0000000480)=ANY=[@ANYBLOB="0000000000000000000000800080000014000091ff0f00004500f5ff06ff00010100fc5e15f4c3d3fbd80dad000008"], 0x125) [ 76.293208][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.295894][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.300695][ T46] Bluetooth: hci0: command tx timeout [ 76.349384][ T5337] loop0: detected capacity change from 0 to 64 [ 76.542305][ T5337] loop0: detected capacity change from 64 to 11 [ 76.563228][ T5337] Dev loop0: unable to read RDB block 11 [ 76.566525][ T5338] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 76.571623][ T5338] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 76.575624][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.580066][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.585017][ T5338] RIP: 0010:bfs_get_block+0x589/0xae0 [ 76.587560][ T5338] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 c0 73 8b ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 94 73 8b ff 4c 89 ef [ 76.596895][ T5338] RSP: 0018:ffffc9000b947638 EFLAGS: 00010206 [ 76.599786][ T5338] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 76.603565][ T5338] RDX: ffffc90021513000 RSI: 00000000000002af RDI: ffff8880114e0be8 [ 76.607108][ T5338] RBP: ffff888031d5ce70 R08: ffffea00002ddc37 R09: 1ffffd400005bb86 [ 76.610639][ T5338] R10: dffffc0000000000 R11: fffff9400005bb87 R12: 0000000000000028 [ 76.614074][ T5338] R13: ffff8880114e0bc8 R14: 0000000000000000 R15: 000000000000000a [ 76.617702][ T5338] FS: 00007f1400b456c0(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000 [ 76.621747][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.624798][ T5338] CR2: 00007f9da458c000 CR3: 0000000023163000 CR4: 0000000000352ef0 [ 76.628297][ T5338] Call Trace: [ 76.629884][ T5338] [ 76.631223][ T5338] __block_write_begin_int+0x6b5/0x1900 [ 76.633759][ T5338] ? __pfx_bfs_get_block+0x10/0x10 [ 76.636024][ T5338] ? __pfx___block_write_begin_int+0x10/0x10 [ 76.638704][ T5338] ? __pfx_bfs_get_block+0x10/0x10 [ 76.641417][ T5338] block_write_begin+0x8d/0x120 [ 76.643739][ T5338] ? bfs_write_begin+0x1e/0xd0 [ 76.645937][ T5338] bfs_write_begin+0x35/0xd0 [ 76.647971][ T5338] generic_perform_write+0x2c5/0x900 [ 76.650091][ T5338] ? __pfx_generic_perform_write+0x10/0x10 [ 76.652465][ T5338] ? file_update_time_flags+0x2cb/0x4e0 [ 76.654695][ T5338] ? __generic_file_write_iter+0xf9/0x230 [ 76.656987][ T5338] ? generic_file_write_iter+0x103/0x550 [ 76.659971][ T5338] generic_file_write_iter+0x117/0x550 [ 76.662700][ T5338] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.665500][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 76.667775][ T5338] ? __pfx_aa_file_perm+0x10/0x10 [ 76.669835][ T5338] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.672163][ T5338] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 76.674719][ T5338] vfs_write+0x5c9/0xb30 [ 76.676561][ T5338] ? __pfx_generic_file_write_iter+0x10/0x10 [ 76.679093][ T5338] ? __pfx_vfs_write+0x10/0x10 [ 76.681195][ T5338] ? __fget_files+0x2a/0x420 [ 76.683313][ T5338] __x64_sys_pwrite64+0x193/0x220 [ 76.685663][ T5338] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 76.688210][ T5338] ? do_syscall_64+0xbe/0xf80 [ 76.690414][ T5338] do_syscall_64+0xfa/0xf80 [ 76.692249][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.694814][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 76.696825][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.699392][ T5338] RIP: 0033:0x7f13ffd8f7c9 [ 76.701394][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.709842][ T5338] RSP: 002b:00007f1400b45038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 76.713210][ T5338] RAX: ffffffffffffffda RBX: 00007f13fffe6090 RCX: 00007f13ffd8f7c9 [ 76.716458][ T5338] RDX: 000000000000fdef RSI: 0000200000000140 RDI: 0000000000000006 [ 76.719728][ T5338] RBP: 00007f13ffe13f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.723112][ T5338] R10: 0000000000000e7c R11: 0000000000000246 R12: 0000000000000000 [ 76.726724][ T5338] R13: 00007f13fffe6128 R14: 00007f13fffe6090 R15: 00007fffb07b3408 [ 76.730426][ T5338] [ 76.731743][ T5338] Modules linked in: [ 76.734863][ T5338] ---[ end trace 0000000000000000 ]--- [ 76.757231][ T5337] loop0: unable to read partition table [ 76.766075][ T5337] loop0: partition table beyond EOD, truncated [ 76.771758][ T5337] loop_reread_partitions: partition scan of loop0 ("Sj||C[ [ 76.771758][ T5337] C-:4̗O̡WH2S l/5C YđM7JyG--) failed (rc=-5) [ 76.779292][ T5338] RIP: 0010:bfs_get_block+0x589/0xae0 [ 76.784566][ T5338] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 c0 73 8b ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 94 73 8b ff 4c 89 ef [ 76.793827][ T5338] RSP: 0018:ffffc9000b947638 EFLAGS: 00010206 [ 76.796619][ T5338] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 76.800874][ T5338] RDX: ffffc90021513000 RSI: 00000000000002af RDI: ffff8880114e0be8 [ 76.804489][ T5338] RBP: ffff888031d5ce70 R08: ffffea00002ddc37 R09: 1ffffd400005bb86 [ 76.810085][ T5337] sg_write: process 3 (syz.0.0) changed security contexts after opening file descriptor, this is not allowed. [ 76.815259][ T5338] R10: dffffc0000000000 R11: fffff9400005bb87 R12: 0000000000000028 [ 76.818719][ T5338] R13: ffff8880114e0bc8 R14: 0000000000000000 R15: 000000000000000a [ 76.823076][ T5338] FS: 00007f1400b456c0(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000 [ 76.827226][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.830712][ T5338] CR2: 0000200000001600 CR3: 0000000023163000 CR4: 0000000000352ef0 [ 76.834623][ T5338] Kernel panic - not syncing: Fatal exception [ 76.837849][ T5338] Kernel Offset: disabled [ 76.839830][ T5338] Rebooting in 86400 seconds..