program: syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8008, &(0x7f0000001980)=ANY=[@ANYRESOCT, @ANYRES16, @ANYRES16, @ANYRES16, @ANYRESOCT=0x0, @ANYRESOCT, @ANYRES8, @ANYRES32, @ANYBLOB="2fecfb2b47b99181063f4ea9a91ac6f65072f0152c20c39ac1fa3f98a9bf4519f1ddd806e46d4f97e3a0c06d3b224332dd177d91e19dbd12718934e5c33da190f134ef5de5cd25678f897b106a4bcc4956a5b987b8b305cec56493d8d526a15bc1359b9c7c18c1c9cf278f262b8d7fea7e8630bec974d1d44f316f6be8491fa5febafde1aece65252ae1609105a79749c16f8ef0593680b0ab39ae08bb", @ANYRESDEC, @ANYRES8, @ANYRESDEC, @ANYRES64, @ANYRES8], 0xd, 0xb6, &(0x7f00000001c0)="$eJzs1zFKxEAYBeCXCDGtjQgW2qbxDp7F0kqsFEG8gRfxKh4hvYVFOhF1RJNlCdul2IXl+4qBN4+fmfZ//Xw5fe6S8piU7uTmrazd3t1fP+XvTJWZJuyHOslhkjbJ2dGY3y/Hrpr6fni46oeD843h5qOUsvDh7+WjAADAMnUu5vmnTBdf0xb4H45Xfbvl/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2m8AAAD//6ykLvo=") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040ed5000410"], 0x11) syz_clone(0x4080, &(0x7f0000000180)="bec17978a1fc07f0f0c514acc775a0af529160614d175101bb5f17089b", 0x1d, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000380)="bc8fbfd3625412f0eae13dd0ac1e193f65a84903df3bdbe65b857394b6ef383d0b34f7566e99a57e41aadc38e27470c2a9172c4a04380c2db8d7f3077622a7fd36308d24d5f7f6e76d52f842cce04adb98bcf468c7f10dfd03d868a5da63d8c76c2c7f14272a59505ee53f92fc175db9069b2a8e1d80cb1b9e81292909fe01c59515b788f0b64c4dee7ce2a23db07d54e23eb2d91d9b5a5f1551cecc618c3225655806f30e8241e7fc15afb804310718") r1 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000140)='.pending_reads\x00', 0x1a10c1, 0x0) write$FUSE_INIT(r0, &(0x7f0000000300)={0x50, 0x0, 0x0, {0x7, 0x28, 0x1, 0x1000001, 0x2, 0x4, 0x9, 0x7f}}, 0x50) write$FUSE_DIRENTPLUS(r1, &(0x7f0000000200)=ANY=[], 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) syz_open_dev$loop(&(0x7f0000000640), 0x0, 0x22400) ioctl$LOOP_SET_STATUS(r0, 0x4c02, &(0x7f00000000c0)={0x0, {}, 0x0, {}, 0x40010001, 0x1, 0xb, 0x1d, "9e959f16b6787b08aa26e66c4056a51695284854c382ec6bcfeef4fb0efcc162a6078ed98e203fd5f0643902dd8f6fac274de9d940bba5e51e92bbd4ce85450d", "f625c1076e4c36c800defb6015e0fb7e904d865c8ec58d347f41be5a0800", [0x80004, 0x7]}) write$binfmt_script(r2, &(0x7f0000000100), 0xfecc) [ 74.081747][ T5312] Bluetooth: hci0: command tx timeout [ 74.180418][ T5326] loop0: detected capacity change from 0 to 64 [ 74.455141][ T5326] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 74.459749][ T5326] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] [ 74.462788][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00070-g0a9b9d17f3a7 #0 [ 74.466642][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.470776][ T5326] RIP: 0010:bfs_get_block+0xa75/0xb70 [ 74.472872][ T5326] Code: 00 41 8b 0f b8 77 7f ff ff 21 c1 81 c9 08 80 00 00 4c 89 ef 4c 89 f6 e8 d9 12 a0 ff 49 89 c5 48 8d 68 28 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 3c 6f 7b ff 4c 8b 75 00 48 8d 7b [ 74.480105][ T5326] RSP: 0018:ffffc9000d467870 EFLAGS: 00010206 [ 74.482448][ T5326] RAX: 0000000000000005 RBX: ffff888043fc5d98 RCX: 0000000000040000 [ 74.485404][ T5326] RDX: ffffc9000d631000 RSI: 00000000000006c8 RDI: 00000000000006c9 [ 74.488493][ T5326] RBP: 0000000000000028 R08: ffffffff82236dd7 R09: 1ffffd400028745e [ 74.491490][ T5326] R10: dffffc0000000000 R11: fffff9400028745f R12: dffffc0000000000 [ 74.494487][ T5326] R13: 0000000000000000 R14: 0000000000000064 R15: ffff888031cc4e68 [ 74.497582][ T5326] FS: 00007f9924b006c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.500975][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.503507][ T5326] CR2: 00007f9924afff98 CR3: 0000000043248000 CR4: 0000000000352ef0 [ 74.506589][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.509631][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.512395][ T5326] Call Trace: [ 74.513656][ T5326] [ 74.514674][ T5326] ? __die_body+0x5f/0xb0 [ 74.516187][ T5326] ? die_addr+0xb0/0xe0 [ 74.517686][ T5326] ? exc_general_protection+0x3dd/0x5d0 [ 74.519757][ T5326] ? asm_exc_general_protection+0x26/0x30 [ 74.521757][ T5326] ? bdev_getblk+0x3e7/0x550 [ 74.523667][ T5326] ? bfs_get_block+0xa75/0xb70 [ 74.525359][ T5326] __block_write_begin_int+0x50c/0x1a70 [ 74.527447][ T5326] ? __pfx_bfs_get_block+0x10/0x10 [ 74.529059][ T5326] ? __pfx___block_write_begin_int+0x10/0x10 [ 74.531473][ T5326] ? __filemap_get_folio+0x90b/0xbd0 [ 74.533596][ T5326] ? __pfx_bfs_get_block+0x10/0x10 [ 74.535491][ T5326] block_write_begin+0x8f/0x120 [ 74.537343][ T5326] bfs_write_begin+0x35/0xd0 [ 74.539037][ T5326] generic_perform_write+0x344/0x6d0 [ 74.541019][ T5326] ? __pfx_generic_perform_write+0x10/0x10 [ 74.543218][ T5326] ? __generic_file_write_iter+0x102/0x230 [ 74.545394][ T5326] generic_file_write_iter+0xae/0x310 [ 74.547363][ T5326] vfs_write+0xaeb/0xd30 [ 74.548906][ T5326] ? __pfx_generic_file_write_iter+0x10/0x10 [ 74.551220][ T5326] ? __pfx_vfs_write+0x10/0x10 [ 74.553140][ T5326] ? fdget_pos+0x24e/0x320 [ 74.554859][ T5326] ksys_write+0x183/0x2b0 [ 74.556479][ T5326] ? __pfx_ksys_write+0x10/0x10 [ 74.558345][ T5326] ? do_syscall_64+0x100/0x230 [ 74.560148][ T5326] ? do_syscall_64+0xb6/0x230 [ 74.561896][ T5326] do_syscall_64+0xf3/0x230 [ 74.563587][ T5326] ? clear_bhb_loop+0x35/0x90 [ 74.565376][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.567418][ T5326] RIP: 0033:0x7f9923d7e719 [ 74.568990][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.576271][ T5326] RSP: 002b:00007f9924b00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 74.578905][ T5326] RAX: ffffffffffffffda RBX: 00007f9923f35f80 RCX: 00007f9923d7e719 [ 74.581457][ T5326] RDX: 000000000000fecc RSI: 0000000020000100 RDI: 0000000000000007 [ 74.584381][ T5326] RBP: 00007f9923df175e R08: 0000000000000000 R09: 0000000000000000 [ 74.587321][ T5326] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 74.590205][ T5326] R13: 0000000000000000 R14: 00007f9923f35f80 R15: 00007ffcbf6dd488 [ 74.592934][ T5326] [ 74.594038][ T5326] Modules linked in: [ 74.595844][ T5326] ---[ end trace 0000000000000000 ]--- [ 74.615155][ T5326] RIP: 0010:bfs_get_block+0xa75/0xb70 [ 74.616852][ T5326] Code: 00 41 8b 0f b8 77 7f ff ff 21 c1 81 c9 08 80 00 00 4c 89 ef 4c 89 f6 e8 d9 12 a0 ff 49 89 c5 48 8d 68 28 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 3c 6f 7b ff 4c 8b 75 00 48 8d 7b [ 74.623505][ T5326] RSP: 0018:ffffc9000d467870 EFLAGS: 00010206 [ 74.625797][ T5326] RAX: 0000000000000005 RBX: ffff888043fc5d98 RCX: 0000000000040000 [ 74.629121][ T5326] RDX: ffffc9000d631000 RSI: 00000000000006c8 RDI: 00000000000006c9 [ 74.633103][ T5326] RBP: 0000000000000028 R08: ffffffff82236dd7 R09: 1ffffd400028745e [ 74.636361][ T5326] R10: dffffc0000000000 R11: fffff9400028745f R12: dffffc0000000000 [ 74.639611][ T5326] R13: 0000000000000000 R14: 0000000000000064 R15: ffff888031cc4e68 [ 74.643124][ T5326] FS: 00007f9924b006c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 74.646947][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.649608][ T5326] CR2: 00007f9924afff98 CR3: 0000000043248000 CR4: 0000000000352ef0 [ 74.653112][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 74.656271][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 74.659476][ T5326] Kernel panic - not syncing: Fatal exception [ 74.662035][ T5326] Kernel Offset: disabled [ 74.663652][ T5326] Rebooting in 86400 seconds..