program: r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f00000007c0)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5a}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x3}}]}, 0x1, 0x46f, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey72WYTYzadmP18YHafZ+bZnee7z7w8+zy7AXStoewhidgREb9GxEAju7jAUOPp+tXzkzeunp9MYmHhtT+SvNy1q+cny6Ll67YXmeE0Iv0wKXay2OzZcycn6vXamSI/OnfqrdHZs+eeeOfUxInaidrp8SNHDh8ae/qp8Sc7EmcW17V978/s3/viG5denjx26c0fv87qu6PY3hxHpwxlgf+5kGvd9mind1axnU3ppLfCirAqPRGRNVdffv4PRE/caryBeOGDSisHrKvs3rSl/eb5BWATS6LqGgDVKG/02fffcrlDXY8N4cqzjS9AWdzXi6WxpTfSokxfy/fbThqKiGPzf32eLbFO4xAAAM0+nvzsaH9EvHfjq5eyvsdARJTjQffkj7/lj7uKOZTBiPh/ROyOiLsiYk9E3F2UvTci7ltjfW7v/6SX1/iWy8r6f88Uc1uL+39l7y8Ge4rczjz+vuT4dL12sPhMhqNvS5YfW2Yf3z7/yyfttjX3/7Il23/ZFyzqcbm3ZYBuamJuIu+UdsCVixH7epeKP7k5E5BExN6I2Le6t95VJqYf+3J/u0Irx7+MDswzLXyRhTefxT8fLfGXkub5yenb5idHt0a9dnC0PCpu99PPH73abv9rir8DrtQaz03t31pkMGmer53t7P7/5fGf9iev5/PM/cW6dyfm5s6MRfQnR/P8ovXjt15b5svy2fE/fGDp83938Zos/vsjIjuIH4iIByPioaLuD0fEIxFxYJkYf3hu5fgjraj9L0ZMLXn9u3n8t7T/6hM9J7//pt3+/1n7H85Tw8Wa/Pq3gqWqk10uWiu4ls8OAAAA/ivS/DfwSTpyM52mIyON3/Dvif+l9ZnZucePz7x9eqrxW/nB6EvLka6BYjy0Pl2vjSXzxTs2xkfHi7Hicrz0UDFu/GnPtjw/MjlTn6o4duh229uc/5nfe6quHbDOti25drz/jlcEqEDrPHq6OHvhlXAxgM3K/7Whe61w/jf/DwbYZNz/oXstdf5faMmbC4DNyf0fupfzH7pU+l3VNQAq5P4PXWkt/+tfx8TWjVGNahIbtVHyRESZSDdEfSTWKVH1lQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAz/g4AAP//K2Lmiw==") r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="010000000000000000007700000008000300", @ANYRES32=r6], 0x55}}, 0x0) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x4ffe2, 0x0) r7 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) sendmsg$NL80211_CMD_START_AP(r4, &(0x7f0000000480)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000440)={&(0x7f0000000880)={0x330, r5, 0x200, 0x70bd2c, 0x25dfdbff, {{}, {@void, @void}}, [@beacon=[@NL80211_ATTR_IE={0x3d, 0x2a, [@mic={0x8c, 0x10, {0xc97, "90afb8c73eeb", @short="c510303b0554b58a"}}, @ht={0x2d, 0x1a, {0x2, 0x1, 0x0, 0x0, {0x7cf, 0x8, 0x0, 0x244, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x300, 0x5, 0x3e}}, @dsss={0x3, 0x1, 0x38}, @mesh_chsw={0x76, 0x6, {0x4, 0x92, 0x14, 0x1}}]}, @NL80211_ATTR_IE={0xf8, 0x2a, [@random={0x1, 0xf2, "9d374ce9435a635d4348d34e66745af480e5617777b7638bda7ed19eebc19f5517912f5687d6223ecc22fcc26c702671a8b9f8252c47df0e8a39bb0d3a647fd71fb23ff0ef329d782cd5a866b24c4d5acd4b24c3b4b3d60c7858b7c4a4ffea1937620ea1d684a6c68440b8a980d06982a6bc3c4329fbbf77eb02c8875b0b7c3da1fc0503067e6131c12bd197e870e9ab89f7dacb2ef4f9d7cc633e8249d93bb57253ba35bd4845fad4c307495a200680bdd2fb4b6d6e7f9616ae87c0c94785f536fdfdedbbf7fb282144c11805da1961db822971a90985c02802618ff3b3a04136488723551fd0dd077bc74cd6aeeb67768b"}]}, @NL80211_ATTR_BEACON_HEAD={0x148, 0xe, {{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1}, {0x7}, @device_a, @broadcast, @random="695665f57334", {0x9, 0x7}, @value=@ver_80211n={0x0, 0x9, 0x2, 0x3, 0x0, 0x1, 0x1, 0x0, 0x1}}, 0x401, @random=0x8, 0x8e4, @val={0x0, 0x6, @default_ibss_ssid}, @val={0x1, 0x4, [{0x12, 0x1}, {0x60}, {0x2, 0x1}, {0x48}]}, @void, @void, @void, @void, @val={0x25, 0x3, {0x1, 0x2, 0x1}}, @val={0x2a, 0x1, {0x1, 0x1}}, @void, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0x2, 0xd, 0x20}}, @val={0x76, 0x6, {0x6, 0x9, 0x26, 0x2}}, [{0xdd, 0x26, "6fe6a7abcb54d19b8dbc8cc96954cbe074102e5a2bbc463168bfe21a8032023377e0c1bf4c05"}, {0xdd, 0xc3, "b4b964d5879822b3f50861bf9a527194e9ddff38ec8e2ec196c0038da3ab5849f17135595a9fb3ec847f84ae694b639f149da16424b343e7f1ba05e21fbdb71e745731c4cb623dcfbd7444d8ada95cedcb37ac0c5ecb2dc812c6e7c40cb626ce9ac385186ed5094fa8a25ff37f3728141dc793bc8014e110162dccbfce2eedb16f5a9279e3bc3f2eb18e3ab9c9d4d6a0863d6545d6e7d71d3d51bc402860c533ff89549a90833494de7b823edb2aeced3f68a823b5bc3b0ab706ed23415c56fa9c36f9"}]}}, @NL80211_ATTR_FTM_RESPONDER={0x94, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_LCI={0x8d, 0x2, "89b4ecb8cde74768a1ea5f785d565bf9064b705d6b05ad79a9873d5bd1b4e17c6ed39e2cbc943d4a9c65a0384ff4a64409b37c1079edb518187e1fbe2a7309e3030d1d0458ee1595e6fff8412b38b53164212a4524352b1348c010e34e9273c87e54f081063458e7c03fbfd719814b57f42995c84d9e0bb88a589d0d5a8e01d39d99e9b4cf3c7523dd"}]}], @NL80211_ATTR_EXTERNAL_AUTH_SUPPORT={0x4}, @NL80211_ATTR_PRIVACY={0x4}]}, 0x330}, 0x1, 0x0, 0x0, 0x20040040}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0xe, 0x4, &(0x7f0000000040)=@framed={{0xffffffb7, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x4c}, [@ldst={0x5, 0x3, 0x5}]}, &(0x7f00000002c0)='GPL\x00', 0x5, 0xfd90, &(0x7f0000000300)=""/188, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x1f3, 0x10, &(0x7f0000000080), 0xfffffffffffffc79}, 0x2a) ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f00000000c0)=0x0) ioctl$SIOCAX25ADDUID(r2, 0x89e1, &(0x7f0000000140)={0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, r8}) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000040)=0x9, 0x4) ioctl$sock_bt_hci(r7, 0x800448d2, &(0x7f0000000040)) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80002, 0x0) r10 = ioctl$KVM_CREATE_VM(r9, 0xae01, 0x1) ioctl$KVM_CREATE_GUEST_MEMFD(r10, 0xc040aed4, &(0x7f0000000000)={0x8d, 0x6}) r11 = syz_open_dev$sg(&(0x7f00000003c0), 0x0, 0x101005) writev(r11, &(0x7f00000005c0)=[{&(0x7f0000000000)="aefdda9d240300005a90f57f07703aefeef64ebbee07962c22772e11b44e65d76641cb010052f436dd2a", 0x2a}, {&(0x7f0000000080)="530000002412ffa0fd6d320984d21194945e447511703d000000000000670c8e5307e7f7", 0x58}], 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r0, 0x0) r12 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r12, 0xc1105511, &(0x7f0000000600)={{0x7, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 'syz0\x00', 0x0}) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000040)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 85.058952][ T4677] Bluetooth: hci0: command tx timeout [ 85.145210][ T5338] loop0: detected capacity change from 0 to 512 [ 85.207810][ T5338] EXT4-fs error (device loop0): ext4_xattr_inode_iget:441: inode #11: comm syz.0.0: iget: bad extra_isize 90 (inode size 256) [ 85.230695][ T5338] EXT4-fs (loop0): Remounting filesystem read-only [ 85.233730][ T5338] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2857: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 85.262848][ T5338] EXT4-fs warning (device loop0): ext4_evict_inode:256: couldn't mark inode dirty (err -30) [ 85.267182][ T5338] EXT4-fs (loop0): 1 orphan inode deleted [ 85.273969][ T5338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.290928][ T5338] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.348549][ T5339] netlink: 36 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.369677][ T5339] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 85.372834][ T5339] #PF: supervisor instruction fetch in kernel mode [ 85.375070][ T5339] #PF: error_code(0x0010) - not-present page [ 85.377433][ T5339] PGD 0 P4D 0 [ 85.378978][ T5339] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 85.381380][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.385156][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.389343][ T5339] RIP: 0010:0x0 [ 85.390703][ T5339] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.393529][ T5339] RSP: 0018:ffffc9000b527958 EFLAGS: 00010287 [ 85.395849][ T5339] RAX: ffffffff81fbd4f4 RBX: 1ffffd4000094248 RCX: 0000000000100000 [ 85.398895][ T5339] RDX: ffffc90021603000 RSI: ffffea00004a1240 RDI: ffff88803328f540 [ 85.401784][ T5339] RBP: ffffc9000b527a18 R08: ffffea00004a1247 R09: 1ffffd4000094248 [ 85.404666][ T5339] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.408100][ T5339] R13: ffffea00004a1248 R14: ffffea00004a1240 R15: 1ffffd4000094249 [ 85.411495][ T5339] FS: 00007fb85d5ee6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 85.414975][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.417885][ T5339] CR2: ffffffffffffffd6 CR3: 000000001f912000 CR4: 0000000000352ef0 [ 85.421339][ T5339] Call Trace: [ 85.422965][ T5339] [ 85.424331][ T5339] filemap_read_folio+0x117/0x380 [ 85.426739][ T5339] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.429149][ T5339] do_read_cache_folio+0x358/0x590 [ 85.431430][ T5339] freader_get_folio+0x3c7/0x830 [ 85.433665][ T5339] freader_fetch+0xa3/0x750 [ 85.435673][ T5339] __build_id_parse+0x133/0x7d0 [ 85.437813][ T5339] ? __pfx___build_id_parse+0x10/0x10 [ 85.440225][ T5339] procfs_procmap_ioctl+0x76f/0xce0 [ 85.442612][ T5339] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.445133][ T5339] ? __fget_files+0x2a/0x420 [ 85.447200][ T5339] ? __fget_files+0x2a/0x420 [ 85.449238][ T5339] ? __fget_files+0x3a0/0x420 [ 85.451313][ T5339] ? __fget_files+0x2a/0x420 [ 85.453373][ T5339] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.455833][ T5339] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.458582][ T5339] __se_sys_ioctl+0xfc/0x170 [ 85.460722][ T5339] do_syscall_64+0xec/0xf80 [ 85.462725][ T5339] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.465258][ T5339] ? trace_irq_disable+0x37/0x100 [ 85.467497][ T5339] ? clear_bhb_loop+0x60/0xb0 [ 85.469523][ T5339] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.472136][ T5339] RIP: 0033:0x7fb85c78f7c9 [ 85.473990][ T5339] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.481947][ T5339] RSP: 002b:00007fb85d5ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.485202][ T5339] RAX: ffffffffffffffda RBX: 00007fb85c9e6090 RCX: 00007fb85c78f7c9 [ 85.488173][ T5339] RDX: 0000200000000040 RSI: 00000000c0686611 RDI: 000000000000000e [ 85.491286][ T5339] RBP: 00007fb85c813f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.494360][ T5339] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.497384][ T5339] R13: 00007fb85c9e6128 R14: 00007fb85c9e6090 R15: 00007ffddffc8318 [ 85.500714][ T5339] [ 85.502176][ T5339] Modules linked in: [ 85.503844][ T5339] CR2: 0000000000000000 [ 85.505571][ T5339] ---[ end trace 0000000000000000 ]--- [ 85.507716][ T5339] RIP: 0010:0x0 [ 85.509159][ T5339] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.512115][ T5339] RSP: 0018:ffffc9000b527958 EFLAGS: 00010287 [ 85.514309][ T5339] RAX: ffffffff81fbd4f4 RBX: 1ffffd4000094248 RCX: 0000000000100000 [ 85.517275][ T5339] RDX: ffffc90021603000 RSI: ffffea00004a1240 RDI: ffff88803328f540 [ 85.520665][ T5339] RBP: ffffc9000b527a18 R08: ffffea00004a1247 R09: 1ffffd4000094248 [ 85.524152][ T5339] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.527567][ T5339] R13: ffffea00004a1248 R14: ffffea00004a1240 R15: 1ffffd4000094249 [ 85.531033][ T5339] FS: 00007fb85d5ee6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 85.534972][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.537849][ T5339] CR2: ffffffffffffffd6 CR3: 000000001f912000 CR4: 0000000000352ef0 [ 85.541254][ T5339] Kernel panic - not syncing: Fatal exception [ 85.544291][ T5339] Kernel Offset: disabled [ 85.546149][ T5339] Rebooting in 86400 seconds..