program:
r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r1 = creat(&(0x7f0000000440)='./file0\x00', 0x0)
open_by_handle_at(r1, &(0x7f0000000000)=@ceph_nfs_fh={0x18, 0xfb, {0xfbff}}, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r4=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x0, 0x4, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x1, 0x400}, 0xa5, 0x4, 0x10000000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080)
sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x78, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xf}, {0xd, 0xa}, {0x6}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x7, 0x10001, 0x3, 0x0, 0x7}, 0xf0, 0x1, 0x8, 0x3, 0x88a, 0x9, 0x8e, 0x1f, 0x3, 0xff, {0x4415, 0x2, 0x800, 0x5, 0x0, 0x5}}}}]}, 0x78}}, 0x4000)
r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000001f80), r6)
sendmsg$IEEE802154_LLSEC_DEL_DEVKEY(r6, &(0x7f00000020c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={0x38, r7, 0x1, 0xfffffffd, 0x25dfdbfc, {0x28}, [@IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}, @IEEE802154_ATTR_PAN_ID={0x6}, @IEEE802154_ATTR_SHORT_ADDR={0x6, 0x4, 0xaaa0}, @IEEE802154_ATTR_LLSEC_KEY_MODE={0x5}]}, 0x38}}, 0x4)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0)
r8 = syz_open_dev$evdev(&(0x7f0000001200), 0xdb8, 0x802)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=@newtaction={0x60, 0x30, 0xffff, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0xffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}}, 0x0)
ioctl$EVIOCGKEYCODE(r8, 0x80084504, &(0x7f0000001240)=""/70)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})

[  128.784125][   T47] Bluetooth: hci0: command tx timeout
[  128.869127][ T5365] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-61)
[  128.876602][ T5365] sch_tbf: burst 4398 is lower than device lo mtu (65550) !
[  128.926564][ T5365] bridge0: port 2(bridge_slave_1) entered disabled state
[  128.931293][ T5365] bridge0: port 1(bridge_slave_0) entered disabled state
[  128.995955][ T5365] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  129.005746][ T5368] BUG: kernel NULL pointer dereference, address: 0000000000000000
[  129.008936][ T5368] #PF: supervisor instruction fetch in kernel mode
[  129.011608][ T5368] #PF: error_code(0x0010) - not-present page
[  129.014049][ T5368] PGD 0 P4D 0 
[  129.015537][ T5368] Oops: Oops: 0010 [#1] SMP KASAN NOPTI
[  129.017874][ T5368] CPU: 0 UID: 0 PID: 5368 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[  129.021728][ T5368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[  129.026372][ T5368] RIP: 0010:0x0
[  129.027913][ T5368] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  129.031074][ T5368] RSP: 0018:ffffc9000f04f958 EFLAGS: 00010283
[  129.033641][ T5368] RAX: ffffffff81fbd4f4 RBX: 1ffffd400027dc80 RCX: 0000000000100000
[  129.036934][ T5368] RDX: ffffc90021e64000 RSI: ffffea00013ee400 RDI: ffff888041cb5e00
[  129.040221][ T5368] RBP: ffffc9000f04fa18 R08: ffffea00013ee407 R09: 1ffffd400027dc80
[  129.043619][ T5368] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[  129.046775][ T5368] R13: ffffea00013ee408 R14: ffffea00013ee400 R15: 1ffffd400027dc81
[  129.049914][ T5368] FS:  00007f957e67b6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[  129.053345][ T5368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.055741][ T5368] CR2: ffffffffffffffd6 CR3: 000000001f36c000 CR4: 0000000000352ef0
[  129.058857][ T5368] Call Trace:
[  129.060333][ T5368]  <TASK>
[  129.061622][ T5368]  filemap_read_folio+0x117/0x380
[  129.064000][ T5368]  ? __pfx_filemap_read_folio+0x10/0x10
[  129.066248][ T5368]  do_read_cache_folio+0x358/0x590
[  129.068476][ T5368]  freader_get_folio+0x3c7/0x830
[  129.070637][ T5368]  freader_fetch+0xa3/0x750
[  129.072532][ T5368]  __build_id_parse+0x133/0x7d0
[  129.074741][ T5368]  ? __pfx___build_id_parse+0x10/0x10
[  129.077072][ T5368]  procfs_procmap_ioctl+0x76f/0xce0
[  129.079265][ T5368]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  129.081638][ T5368]  ? __fget_files+0x2a/0x420
[  129.083752][ T5368]  ? __fget_files+0x2a/0x420
[  129.085727][ T5368]  ? __fget_files+0x3a0/0x420
[  129.087971][ T5368]  ? __fget_files+0x2a/0x420
[  129.089973][ T5368]  ? bpf_lsm_file_ioctl+0x9/0x20
[  129.092019][ T5368]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[  129.094067][ T5368]  __se_sys_ioctl+0xfc/0x170
[  129.095927][ T5368]  do_syscall_64+0xec/0xf80
[  129.097717][ T5368]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.100225][ T5368]  ? trace_irq_disable+0x37/0x100
[  129.102347][ T5368]  ? clear_bhb_loop+0x60/0xb0
[  129.104500][ T5368]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  129.107208][ T5368] RIP: 0033:0x7f957d78f7c9
[  129.109137][ T5368] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  129.117536][ T5368] RSP: 002b:00007f957e67b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  129.120936][ T5368] RAX: ffffffffffffffda RBX: 00007f957d9e6180 RCX: 00007f957d78f7c9
[  129.125365][ T5368] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000003
[  129.129131][ T5368] RBP: 00007f957d813f91 R08: 0000000000000000 R09: 0000000000000000
[  129.132560][ T5368] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  129.135795][ T5368] R13: 00007f957d9e6218 R14: 00007f957d9e6180 R15: 00007ffcc0e33248
[  129.138739][ T5368]  </TASK>
[  129.139972][ T5368] Modules linked in:
[  129.141294][ T5368] CR2: 0000000000000000
[  129.143032][ T5368] ---[ end trace 0000000000000000 ]---
[  129.145244][ T5368] RIP: 0010:0x0
[  129.146847][ T5368] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[  129.149792][ T5368] RSP: 0018:ffffc9000f04f958 EFLAGS: 00010283
[  129.152413][ T5368] RAX: ffffffff81fbd4f4 RBX: 1ffffd400027dc80 RCX: 0000000000100000
[  129.155824][ T5368] RDX: ffffc90021e64000 RSI: ffffea00013ee400 RDI: ffff888041cb5e00
[  129.159453][ T5368] RBP: ffffc9000f04fa18 R08: ffffea00013ee407 R09: 1ffffd400027dc80
[  129.162728][ T5368] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[  129.165909][ T5368] R13: ffffea00013ee408 R14: ffffea00013ee400 R15: 1ffffd400027dc81
[  129.169366][ T5368] FS:  00007f957e67b6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[  129.173026][ T5368] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  129.175701][ T5368] CR2: ffffffffffffffd6 CR3: 000000001f36c000 CR4: 0000000000352ef0
[  129.178907][ T5368] Kernel panic - not syncing: Fatal exception
[  129.181831][ T5368] Kernel Offset: disabled
[  129.183764][ T5368] Rebooting in 86400 seconds..