program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @remote={0xac, 0x3}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_LABELS={0x6, 0x16, 0x1, 0x0, [0x0, 0x0]}]}, 0x70}}, 0x0) (async) r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) (async) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000200)={0x3, @win={{}, 0x3, 0x0, 0x0, 0x0, &(0x7f0000000140)}}) (async) getdents64(0xffffffffffffffff, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2c040, 0x0) (async) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002480)=[{0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x5, &(0x7f0000000040), 0xfffffffffffffeff}, 0x0) (async) setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1, &(0x7f0000000040), 0x4) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r1, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 76.407599][ T4681] Bluetooth: hci0: command tx timeout [ 76.479746][ T5335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 76.520044][ T5336] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 76.523895][ T5336] #PF: supervisor instruction fetch in kernel mode [ 76.526938][ T5336] #PF: error_code(0x0010) - not-present page [ 76.529519][ T5336] PGD 0 P4D 0 [ 76.531052][ T5336] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 76.533314][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.536994][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.541613][ T5336] RIP: 0010:0x0 [ 76.543248][ T5336] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 76.546453][ T5336] RSP: 0018:ffffc9000ed4f958 EFLAGS: 00010293 [ 76.549106][ T5336] RAX: ffffffff81fbd4f4 RBX: 1ffffd40002835c0 RCX: ffff88804284c980 [ 76.552577][ T5336] RDX: 0000000000000000 RSI: ffffea000141ae00 RDI: ffff8880370e1000 [ 76.556036][ T5336] RBP: ffffc9000ed4fa18 R08: ffffea000141ae07 R09: 1ffffd40002835c0 [ 76.559438][ T5336] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 76.562844][ T5336] R13: ffffea000141ae08 R14: ffffea000141ae00 R15: 1ffffd40002835c1 [ 76.566316][ T5336] FS: 00007f7e7238f6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 76.570166][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.573031][ T5336] CR2: ffffffffffffffd6 CR3: 00000000124bc000 CR4: 0000000000352ef0 [ 76.576482][ T5336] Call Trace: [ 76.577991][ T5336] [ 76.579255][ T5336] filemap_read_folio+0x117/0x380 [ 76.581533][ T5336] ? __pfx_filemap_read_folio+0x10/0x10 [ 76.583851][ T5336] do_read_cache_folio+0x358/0x590 [ 76.586057][ T5336] freader_get_folio+0x3c7/0x830 [ 76.588185][ T5336] freader_fetch+0xa3/0x750 [ 76.590177][ T5336] __build_id_parse+0x133/0x7d0 [ 76.592257][ T5336] ? __pfx___build_id_parse+0x10/0x10 [ 76.594525][ T5336] procfs_procmap_ioctl+0x76f/0xce0 [ 76.596749][ T5336] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 76.599267][ T5336] ? __fget_files+0x2a/0x420 [ 76.601351][ T5336] ? __fget_files+0x2a/0x420 [ 76.603422][ T5336] ? __fget_files+0x3a0/0x420 [ 76.605558][ T5336] ? __fget_files+0x2a/0x420 [ 76.607597][ T5336] ? bpf_lsm_file_ioctl+0x9/0x20 [ 76.609638][ T5336] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 76.612088][ T5336] __se_sys_ioctl+0xfc/0x170 [ 76.614120][ T5336] do_syscall_64+0xec/0xf80 [ 76.616028][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.618706][ T5336] ? trace_irq_disable+0x37/0x100 [ 76.620976][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 76.622998][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.625555][ T5336] RIP: 0033:0x7f7e7158f7c9 [ 76.627461][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.635502][ T5336] RSP: 002b:00007f7e7238f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 76.639063][ T5336] RAX: ffffffffffffffda RBX: 00007f7e717e6090 RCX: 00007f7e7158f7c9 [ 76.642471][ T5336] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000005 [ 76.645756][ T5336] RBP: 00007f7e71613f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.649402][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.652987][ T5336] R13: 00007f7e717e6128 R14: 00007f7e717e6090 R15: 00007ffce42fe618 [ 76.656283][ T5336] [ 76.657662][ T5336] Modules linked in: [ 76.659312][ T5336] CR2: 0000000000000000 [ 76.661288][ T5336] ---[ end trace 0000000000000000 ]--- [ 76.663816][ T5336] RIP: 0010:0x0 [ 76.665191][ T5336] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 76.668085][ T5336] RSP: 0018:ffffc9000ed4f958 EFLAGS: 00010293 [ 76.670689][ T5336] RAX: ffffffff81fbd4f4 RBX: 1ffffd40002835c0 RCX: ffff88804284c980 [ 76.673995][ T5336] RDX: 0000000000000000 RSI: ffffea000141ae00 RDI: ffff8880370e1000 [ 76.677034][ T5336] RBP: ffffc9000ed4fa18 R08: ffffea000141ae07 R09: 1ffffd40002835c0 [ 76.680340][ T5336] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 76.683689][ T5336] R13: ffffea000141ae08 R14: ffffea000141ae00 R15: 1ffffd40002835c1 [ 76.687289][ T5336] FS: 00007f7e7238f6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 76.691304][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.694188][ T5336] CR2: ffffffffffffffd6 CR3: 00000000124bc000 CR4: 0000000000352ef0 [ 76.697669][ T5336] Kernel panic - not syncing: Fatal exception [ 76.700709][ T5336] Kernel Offset: disabled [ 76.702398][ T5336] Rebooting in 86400 seconds..