diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 180c46d7..e785dc3b 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -3050,8 +3050,9 @@ static int action_decrypt_luks2(struct crypt_device *cd)
 	};
 	size_t passwordLen;
 
-	if (!crypt_get_metadata_device_name(cd) || crypt_header_is_detached(cd) <= 0) {
-		log_err(_("LUKS2 decryption is supported with detached header device only."));
+	if (!crypt_get_metadata_device_name(cd) || crypt_header_is_detached(cd) <= 0 ||
+	    crypt_get_data_offset(cd) > 0) {
+		log_err(_("LUKS2 decryption is supported with detached header device only (with data offset set to 0)."));
 		return -ENOTSUP;
 	}
 
diff --git a/tests/luks2-reencryption-test b/tests/luks2-reencryption-test
index 78c17999..a1be5113 100755
--- a/tests/luks2-reencryption-test
+++ b/tests/luks2-reencryption-test
@@ -961,6 +961,18 @@ echo $PWD1 | $CRYPTSETUP reencrypt --decrypt --active-name $DEV_NAME --header $D
 $CRYPTSETUP status $DEV_NAME | grep -q "reencryption:  in-progress" && fail
 $CRYPTSETUP close $DEV_NAME
 
+# yet another funny idea
+rm -f $IMG_HDR
+$CRYPTSETUP luksHeaderBackup --header-backup-file $IMG_HDR $DEV || fail
+chmod +w $IMG_HDR || fail
+which wipefs >/dev/null 2>&1 && {
+	wipefs -a $DEV >/dev/null 2>&1  || fail
+}
+open_crypt $PWD1 $IMG_HDR
+echo $PWD1 | $CRYPTSETUP reencrypt --active-name $DEV_NAME --decrypt --header $IMG_HDR -q 2>/dev/null && fail
+$CRYPTSETUP status $DEV_NAME | grep -q "reencryption:  in-progress" && fail
+$CRYPTSETUP close $DEV_NAME || fail
+
 if ! dm_delay_features; then
 	echo "dm-delay target is missing, skipping recovery tests."
 	remove_mapping