program: io_uring_setup(0x47a, &(0x7f0000000080)) (async) io_uring_setup(0x47a, &(0x7f0000000080)) sendmsg$key(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="020800000100000000000001000000000100140003"], 0x18}}, 0x0) io_setup(0x8, &(0x7f0000000600)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88840, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x38e, 0x0, 0x1}]}) (async) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0x38e, 0x0, 0x1}]}) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) (async) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000002740), 0x101002) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) (async) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) (async) mknodat(0xffffffffffffff9c, &(0x7f0000000140)='./file4\x00', 0x40, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x105042, 0x1ff) linkat(0xffffffffffffff9c, &(0x7f0000000000)='./file4\x00', 0xffffffffffffff9c, &(0x7f00000006c0)='./file5\x00', 0x0) syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000080)='./bus\x00', 0x1000000, &(0x7f0000000040)=ANY=[@ANYBLOB='\x00'], 0x2, 0x58a, &(0x7f0000000740)="$eJzs3c1rXWkZAPDnPc1NbzrtzJ22ttaOckHBMmJJ006qpjjWyQSE4oRp04UrY5N2wtwkJclIOgzahejG/8HVbBRkQN0ILnTrQnciA67ErVEGBhRHOSfnfiUZk5mbm4/m94PknnvOcz7eAwk872cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABFff/nm8JW0308BAAAA9NM3b786PCL/BwAAgCfaHe3/AAAAAAAAAHDYpcjih5Fi9dRaOll8X1e9NbfwxurU+MTWpw2l4sxjRXz+U70ycvXaC6PXv9T8/P/n77YL8crtOzfrLy3OP1yaXV6enalPLczdW5yZ3fEVej1/o+eLF1Cff/2Nmfv3l+sjl692HV6t/e34U+dqY19++eytZuzU+MTE7Y6YgcrHvvsmengAAAAcbYORxbVIcefiz9OpiMii91x4m7qDfhuKWp5/F4WYGp8oCtKYm15YyQ9ONhPhWndOPNjMkfcgF+9JLeJ0/qyDMnoAAAB2rhJZfCZSXPhgLT0dEceaefAXiokBt79AbQ8ecgsDEXEmIi7FIcjZAQAAYJ8djyxejRS/adTimTKvLvL/r0WM7ffDAQAAALtiILK4HineG1tLtaI/QEQ8PzU+Ub91t/6NhfuLHbGTqWxRP+zjA/aSvgkAAAAcANXI4lTR4r+Wnv2QmIE9fiYAAABgdw1FFv+KFJ9/8bvFvHJRzEv/zNhXTt6Y6Jxh7vw218ljL0fExR2Oya+Ucw1OpsmUsk1Xe7wrhQMAAAAK1ZTFXyPF+3+uFt8vlbl50ugPAAAAT46UxQ8ixVcn11LasC79sY71/VsO+9j//j7/UPWlxYePluYevLay5fET1ZvfWV5Zmr639eH1tQu7ukNst44hAAAA7EAlZfHPSPH7xjutvLNcA6DsAdBONN++0c5Nq2nD0aLe4Omi3qA1huCpkZHO7S1T1o8wP16tvO+x3osNAAAAR0pKWQxGis/97pPl2v8nYlMbdBn3h0hxY/G5Mi4bzOOawwRqxe/q/bnG7HAeOx4pftloxkYRe7yMPdOOvZLH/ja/7nR3bLWMPduOHcljP4gUry1tHfuJduzVPHYpUvzsJ/Vm7Ik89mQZe64de/neYmOmby8YAAAADoBKyuJXkeLH/663hvx3t/+3W9vffqvd3r9pgr4PafPvtf2/1rHvcVkPcbysrxjYpr7ilUhx4dnnmuUp6gqa3QrW1zpo11f8I1Isfas7drCMPd2OvbLjFwsAAAAHSLP//x/v/rrV5b7MgcuvW+f/n9o4P2Cf8v/ONQnzey4/evP16UZjdmk/Nyof8azvR0TXnnQQSmHjv6WD8jx7ulH+UT0+KM/T60Zv/wcBAOAoyPP/u5Fi9b13W+3dZf5fdpVv5//vf6+d/49tvFCf8v/THfvGyvkGKgMR1ZX5h5XzEdXlR29+cW5++sHsg9mFq6MvjA6Pjl6/NlIZbDbut7d6flcAAABwWOX5/3Ck+PuPftoan7+T9v8TGy/Up/z/TMe+/J7tRr98z196LT4AAAAcCXn+/4tI8aeL77Tm0evO/zvm/3+rPc7+0mfXewu0agf6lP+f7dhXK+4bMbRLZQcAAAAAAAAAAAAAAAAAAICDopKy+E+keLc6kMoJ/3c0/9/Mxgv1afz/uY59M7E36//1/FIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkMoii7lI8enza+nFfMe3I052fgIAAACH3v8CAAD//16XHzs=") write$binfmt_script(r3, &(0x7f00000008c0), 0xfecc) openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) openat$incfs(0xffffffffffffff9c, &(0x7f0000000640)='.log\x00', 0xa5d, 0x1) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x161442, 0xb6) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) (async) syz_clone(0x2000400, 0x0, 0xfffffebf, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='pids.current\x00', 0x275a, 0x0) open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b40000000015000073119f000000000016000000000600"/32], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb}, 0x48) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpu.stat\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) [ 133.424381][ [ 133.432816][ T5336] loop0: detected capacity change from 0 to 64 [ 133.458797][ T44] Bluetooth: hci0: command tx timeout [ 133.867503][ T5343] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN NOPTI [ 133.872748][ T5343] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 133.876576][ T5343] CPU: 0 UID: 0 PID: 5343 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 133.880874][ T5343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 133.885360][ T5343] RIP: 0010:bfs_get_block+0x589/0xae0 [ 133.887786][ T5343] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 30 c1 86 ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 04 c1 86 ff 4c 89 ef [ 133.896348][ T5343] RSP: 0018:ffffc9000de36418 EFLAGS: 00010206 [ 133.899140][ T5343] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 133.902618][ T5343] RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff88801cd40be8 [ 133.905990][ T5343] RBP: ffff88801cc25a28 R08: ffffea00006a7777 R09: 1ffffd40000d4eee [ 133.909525][ T5343] R10: dffffc0000000000 R11: fffff940000d4eef R12: 0000000000000028 [ 133.912986][ T5343] R13: ffff88801cd40bc8 R14: 0000000000000000 R15: 000000000000002a [ 133.916413][ T5343] FS: 00007f4fce2926c0(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000 [ 133.920285][ T5343] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 133.923231][ T5343] CR2: 00007ffda19649c0 CR3: 0000000034b5a000 CR4: 0000000000352ef0 [ 133.926812][ T5343] Call Trace: [ 133.928364][ T5343] [ 133.929776][ T5343] __block_write_begin_int+0x6c6/0x1910 [ 133.932275][ T5343] ? __pfx_bfs_get_block+0x10/0x10 [ 133.934593][ T5343] ? __pfx___block_write_begin_int+0x10/0x10 [ 133.937292][ T5343] ? ktime_get_coarse_real_ts64_mg+0x59/0x1e0 [ 133.940016][ T5343] ? __pfx_bfs_get_block+0x10/0x10 [ 133.942305][ T5343] block_write_begin+0x8d/0x120 [ 133.944475][ T5343] ? bfs_write_begin+0x1e/0xd0 [ 133.946608][ T5343] bfs_write_begin+0x35/0xd0 [ 133.948702][ T5343] generic_perform_write+0x2e2/0x8f0 [ 133.951147][ T5343] ? __pfx_generic_perform_write+0x10/0x10 [ 133.953815][ T5343] ? file_update_time_flags+0x219/0x4a0 [ 133.956292][ T5343] ? __generic_file_write_iter+0xf9/0x230 [ 133.958867][ T5343] ? generic_file_write_iter+0x136/0x680 [ 133.961417][ T5343] generic_file_write_iter+0x14a/0x680 [ 133.963903][ T5343] ? __pfx_generic_file_write_iter+0x10/0x10 [ 133.966595][ T5343] ? unwind_next_frame+0xa6/0x2550 [ 133.968931][ T5343] ? is_bpf_text_address+0x26/0x2b0 [ 133.971243][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 133.973391][ T5343] ? is_bpf_text_address+0x292/0x2b0 [ 133.975610][ T5343] ? is_bpf_text_address+0x26/0x2b0 [ 133.977898][ T5343] ? kernel_text_address+0xa5/0xe0 [ 133.980204][ T5343] ? __kernel_text_address+0xd/0x30 [ 133.982560][ T5343] ? do_raw_spin_lock+0x12b/0x2f0 [ 133.984830][ T5343] __kernel_write_iter+0x41e/0x880 [ 133.987158][ T5343] ? __pfx___kernel_write_iter+0x10/0x10 [ 133.989743][ T5343] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 133.992362][ T5343] ? __asan_memset+0x22/0x50 [ 133.994511][ T5343] ? iov_iter_kvec+0xb8/0x180 [ 133.996682][ T5343] __kernel_write+0x106/0x170 [ 133.998854][ T5343] ? __pfx___kernel_write+0x10/0x10 [ 134.001291][ T5343] dump_emit+0x8e9/0xab0 [ 134.003238][ T5343] ? __pfx_dump_emit+0x10/0x10 [ 134.005417][ T5343] ? __kasan_kmalloc+0x93/0xb0 [ 134.007632][ T5343] ? __kmalloc_cache_noprof+0x31c/0x660 [ 134.010168][ T5343] elf_core_dump+0x2e5d/0x3ad0 [ 134.012351][ T5343] ? __pfx_elf_core_dump+0x10/0x10 [ 134.014677][ T5343] ? __kasan_kmalloc+0x93/0xb0 [ 134.016862][ T5343] ? __kvmalloc_node_noprof+0x528/0x8a0 [ 134.019311][ T5343] ? coredump_write+0x387/0x1910 [ 134.021533][ T5343] ? vfs_coredump+0x3807/0x4530 [ 134.023756][ T5343] ? get_signal+0x1107/0x1330 [ 134.025841][ T5343] ? arch_do_signal_or_restart+0xbc/0x840 [ 134.028491][ T5343] ? irqentry_exit+0x289/0x760 [ 134.030747][ T5343] ? asm_exc_page_fault+0x26/0x30 [ 134.033007][ T5343] ? mas_ascend+0x304/0x890 [ 134.035068][ T5343] ? vfs_coredump+0x3807/0x4530 [ 134.037292][ T5343] coredump_write+0x1216/0x1910 [ 134.039446][ T5343] ? __pfx_coredump_write+0x10/0x10 [ 134.041771][ T5343] ? do_raw_spin_lock+0x12b/0x2f0 [ 134.044020][ T5343] ? put_files_struct+0x256/0x350 [ 134.046480][ T5343] ? do_raw_spin_unlock+0x4d/0x210 [ 134.048781][ T5343] ? unshare_files+0xfc/0x140 [ 134.050783][ T5343] vfs_coredump+0x3807/0x4530 [ 134.052613][ T5343] ? __pfx_vfs_coredump+0x10/0x10 [ 134.054685][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 134.056898][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 134.059080][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 134.061294][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 134.063462][ T5343] ? __lock_acquire+0x6b5/0x2cf0 [ 134.065746][ T5343] ? unwind_next_frame+0xa6/0x2550 [ 134.068057][ T5343] ? lock_acquire+0x106/0x350 [ 134.070096][ T5343] ? unwind_next_frame+0xa6/0x2550 [ 134.072440][ T5343] ? is_bpf_text_address+0x26/0x2b0 [ 134.074817][ T5343] ? lock_acquire+0x106/0x350 [ 134.076951][ T5343] ? is_bpf_text_address+0x26/0x2b0 [ 134.079312][ T5343] ? is_bpf_text_address+0x292/0x2b0 [ 134.081677][ T5343] ? is_bpf_text_address+0x26/0x2b0 [ 134.084012][ T5343] ? kernel_text_address+0xa5/0xe0 [ 134.086221][ T5343] ? __kernel_text_address+0xd/0x30 [ 134.088411][ T5343] ? unwind_get_return_address+0x4d/0x90 [ 134.090748][ T5343] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 134.093555][ T5343] ? arch_stack_walk+0xfb/0x150 [ 134.095770][ T5343] ? stack_trace_save+0xa9/0x100 [ 134.097998][ T5343] ? __pfx_stack_trace_save+0x10/0x10 [ 134.100442][ T5343] ? stack_depot_save_flags+0x33/0x810 [ 134.102660][ T5343] ? kasan_save_track+0x4f/0x80 [ 134.104626][ T5343] ? kasan_save_track+0x3e/0x80 [ 134.106856][ T5343] ? kasan_save_free_info+0x46/0x50 [ 134.109254][ T5343] ? __kasan_slab_free+0x5c/0x80 [ 134.111500][ T5343] ? kmem_cache_free+0x182/0x650 [ 134.113537][ T5343] ? get_signal+0xa4a/0x1330 [ 134.115365][ T5343] ? arch_do_signal_or_restart+0xbc/0x840 [ 134.117764][ T5343] ? irqentry_exit+0x289/0x760 [ 134.119890][ T5343] ? asm_exc_page_fault+0x26/0x30 [ 134.122079][ T5343] ? _raw_spin_unlock_irq+0x23/0x50 [ 134.124324][ T5343] get_signal+0x1107/0x1330 [ 134.126261][ T5343] arch_do_signal_or_restart+0xbc/0x840 [ 134.128661][ T5343] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 134.131249][ T5343] irqentry_exit+0x289/0x760 [ 134.133098][ T5343] ? trace_irq_disable+0x3b/0x140 [ 134.135200][ T5343] asm_exc_page_fault+0x26/0x30 [ 134.137380][ T5343] RIP: 0033:0x7f4fcd39cde1 [ 134.139413][ T5343] Code: 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 48 3d 01 f0 ff ff 73 01 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f [ 134.147301][ T5343] RSP: 002b:00000000fffffeb0 EFLAGS: 00010217 [ 134.149879][ T5343] RAX: 0000000000000000 RBX: 00007f4fcd616090 RCX: 00007f4fcd39cdd9 [ 134.153044][ T5343] RDX: 0000000000000000 RSI: 00000000fffffeb0 RDI: 0000000002000400 [ 134.156513][ T5343] RBP: 00007f4fcd432d69 R08: 0000000000000000 R09: 0000000000000000 [ 134.159807][ T5343] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 134.164529][ T5343] R13: 00007f4fcd616128 R14: 00007f4fcd616090 R15: 00007ffda1965178 [ 134.167753][ T5343] [ 134.169314][ T5343] Modules linked in: [ 134.171729][ T5343] ---[ end trace 0000000000000000 ]--- [ 134.287591][ T5343] RIP: 0010:bfs_get_block+0x589/0xae0 [ 134.290191][ T5343] Code: f8 48 c1 e8 03 42 80 3c 20 00 74 05 e8 30 c1 86 ff 49 8b 5d 20 4d 8d 66 28 4c 89 e0 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 48 8b 6c 24 18 74 08 4c 89 e7 e8 04 c1 86 ff 4c 89 ef [ 134.299573][ T5343] RSP: 0018:ffffc9000de36418 EFLAGS: 00010206 [ 134.302159][ T5343] RAX: 0000000000000005 RBX: 0000000000000200 RCX: dffffc0000000000 [ 134.342707][ T5343] RDX: 0000000000000000 RSI: 0000000000000040 RDI: ffff88801cd40be8 [ 134.348201][ T5343] RBP: ffff88801cc25a28 R08: ffffea00006a7777 R09: 1ffffd40000d4eee