program: syz_mount_image$vfat(&(0x7f0000000100), &(0x7f00000002c0)='./bus\x00', 0x1800840, &(0x7f0000000180)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c756e695f786c6174653d302c73686f72746e616d653d6c6f7765722c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e39352c6e6f6e756d7461696c3d302c757466383d302c756e695f786c6174653d312c696f636861727365743d69736f383835392d31342c636f6465706167653d3935302c696f636861727365743d6d616363656e746575726f2c757466383d302c73686f72746e616d653d6c6f7765722c00eb35cd69a309a1cd59f889d47f6ece19f2f93c7c42fee6d42a74a07aedee8d38362cec0a8a369a2bd5754fa3f8c0626979e68e9ae4cf36"], 0x1, 0x367, &(0x7f0000000840)="$eJzs3U9oHFUYAPBvO0k2KdTkIBQFYfQmaOgfPOgppaRQ3IvKUvXkYlOVbCxkcTE9dBsv4lHwqCcv4kEPHnoWQRFvHrxaQariQXsrWH2yu7PZ2ewmpsK2Fn+/w/Lle++b995mkp1Msi8vrcT6+dm4cOPG9Zifr8TMyumVuFmJpchi4EqMm5uQAwDuDTdTit9T3wFLKlOeEgAwZb3X/1eOlDJvfblf/+TVHwDuecXP/wv79Znfq+HiVKYEAEzZ2P3/R0aa50Z/1T9T+qsAAOBe9dwLLz59qhbxbJ7PR2y83a636/HUsP3UhXgtmrEWx2IxbkX0LxS6D5Xe45mztdVjeZ534qelqHcr2vWIjU673r9SOJX16qtxPBZjqagvrjZSStmZz2qrx/OeiLjS6Y0fG5V2fTYOF+N/fzjW4kTkcf9YfcTZ2uqJvDhAfWNQ34nYHt636M5/ORbj25fjYjTj/MK5SGlwWVNbvXw8z0+n2kh9u16N8zvPwp53QAAAAAAAAAAAAAAAAAAAAAAA4F9Zzncs7ex/k4b79ywvT2jv7Y/Try/2B9ru7w+UqilS+u3Nx+vvZDGyP9Du/Xna9Zk4dHeXDgAAAAAAAAAAAAAAAAAAAP8Zra25aDSba5utrUvr5aCz2do6FBHdzOtff/LFQoz3+Ydgphij1JQXqUvrjZQNOqdspE8RZN3BB5mPr+7MuNynurOKidOo7t3UbB55+Mf3h5mHssGR/xr2yWLyArNd0ygHG/f1p3Q7T9Slk0VwYnKfwTKb11JKk4/zZ0pp/MhRiZi5/U/cSJDvzqRu8NX1Vx842Tr6RC/zeep79LHFc9fe+/CX9UazO3Jvyh/NbbZupfVG8fHkk23vICudP5XoB5XymTCzX/n2aKaRfffr8w+++83BRk/lzBsT+mT95Xy62dqqFF8pvaZK/7Tp5nZVLTTPZhG7jjM74eSfQnD0g5XG1cs//HzQqtI3CRt1AAAAAAAAAAAAAAAAAADAHVF6r3iheLPv7H5VTz4z/ZkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ0z/P//pWB7LHOQ4I9OjDdV1zZbEXN3e5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzP/R0AAP//pSBp3g==") r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={0x30, 0x40, 0x107, 0x70bd2b, 0x0, {0x3, 0x7c}, [@nested={0x4, 0x9c}, @nested={0x15, 0x9, 0x0, 0x1, [@generic="f8e6d8ffed6c1097d7a2e1b20a0bf42fdf"]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4048090}, 0xc000) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f00000010c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x200000, &(0x7f0000000140)={[{@user_xattr}, {@nombcache}, {@dioread_lock}, {@grpquota}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@nodelalloc}, {@usrquota}, {@bsdgroups}]}, 0xfe, 0x54d, &(0x7f0000000400)="$eJzs3U1rG0cfAPD/ynLenycOhEB7KIYcmpJGju2+pNBDeixtaKC9p8LemGApCpYcYjfQ5NBceimhUEoDpR+g9x5Dv0A/RaANhBJMe+hFZeWVo8SSrThKrFS/H6w9s7vy7Gj2P57RSCiAkTWZ/ShEvBIR3yQRhzuOFSM/OLl+3trD63PZlkSz+emfSST5vvb5Sf77YDtTjPj1q4iThc3l1ldWF8uVSrqU56ca1StT9ZXVU5eq5YV0Ib08Mzt75u3ZmffefWdgdX3j/N/ff3L3wzNfH1/77uf7R24ncTYO5cc66/EMbnRmJmMyf07G4+wTJ04PoLBhkuz2BbAjY3mcj0fWBxyOsTzqgf++LyOiCYyoRPzDiGqPA9pz+wHNg18aDz5YnwBtrn9x/bWR2NeaGx1YSx6bGWXz3YkBlJ+V8csfd25nWwzudQiAbd24GRGni8XN/V+S9387d7qPc54sQ/8HL87dbPzzZrfxT2Fj/BNdxj8Hu8TuTmwf/4X7Ayimp2z8937X8e/GotXEWJ77X2vMN55cvFRJs77t/xFxIsb3Zvmt1nPOrN1r9jrWOf7Ltqz89lgwv477xb2PP2a+3Cg/S507PbgZ8WrX8W+y0f5Jl/bPno/zfZZxLL3zWq9j29f/+Wr+FPF61/Z/tKKVbL0+OdW6H6bad8Vmf9069luv8ne7/ln7H9i6/hNJ53pt/enL+HHfP2mvYzu9//ckn7XSe/J918qNxtJ0xJ7k4837Zx49tp1vn5/V/8Txrfu/bvf//oj4vM/63zp6q+epw9D+80/V/k+fuPfRFz/0Kr+/9n+rlTqR7+mn/+v3Ap/luQMAAAAAAIBhU4iIQ5EUShvpQqFUWn9/x9E4UKjU6o2TF2vLl+ej9VnZiRgvtFe6D3e8H2I6fz9sOz/zRH42Io5ExLdj+1v50lytMr/blQcAAAAAAAAAAAAAAAAAAIAhcbDH5/8zv4/t9tUBz52v/IbRtW38D+KbnoCh5P8/jC7xD6NL/MPoEv8wusQ/jC7xD6NL/MPoEv8AAAAAAAAAAAAAAAAAAAAAAAAAAAAwUOfPncu25trD63NZfv7qyvJi7eqp+bS+WKouz5XmaktXSgu12kIlLc3Vqtv9vUqtdmV6JpavTTXSemOqvrJ6oVpbvty4cKlaXkgvpOMvpFYAAAAAAAAAAAAAAAAAAADwcqmvrC6WK5V0SUJiR4nicFyGxIATu90zAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAj/wYAAP//Gis4ow==") mount$9p_virtio(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r4, 0xc0205649, &(0x7f00000000c0)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000080)={0x98f90e, 0xffffbfff, '\x00', @p_u32=&(0x7f0000000040)}}) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="d5"], 0x24}}, 0x0) recvmmsg$unix(r3, &(0x7f0000005480)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001940)=""/4093, 0xffd}, {&(0x7f0000000000)=""/28, 0x1c}], 0x2}}], 0x1, 0x0, 0x0) write(r3, &(0x7f0000000100)="1400000016004f7fb3e4bf80a000080000000000", 0x14) connect$bt_l2cap(r3, &(0x7f0000000bc0)={0x1f, 0x2, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x8, 0x1}, 0xe) r5 = open(&(0x7f0000000140)='./file0/file0\x00', 0x4000, 0x9) read$FUSE(r5, &(0x7f0000001640)={0x2020}, 0xffa6) creat(&(0x7f0000000c00)='./file0/file0\x00', 0x6) clock_adjtime(0x0, &(0x7f0000000300)={0x5cb, 0xfffffffffffffffd, 0x100, 0x8000000000000, 0xecfb, 0xfffffffffffffffc, 0x0, 0x10000000000, 0x200000000, 0xffffffff9945ef5b, 0xf423f, 0x7, 0x0, 0x7, 0x0, 0x3, 0x8000000000000, 0x0, 0x0, 0x6, 0x7, 0x0, 0x0, 0x7}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f0000000100), 0xfecc) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000c40), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000c80)={0x3, 0x40, 0xfa00, {{0xa, 0x4e20, 0x9, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x200}, {0xa, 0x4e20, 0x1ff, @private2={0xfc, 0x2, '\x00', 0x1}, 0x7}, 0xffffffffffffffff, 0x9}}, 0x48) [ 75.188683][ T5314] Bluetooth: hci0: command tx timeout [ 75.260351][ T5336] loop0: detected capacity change from 0 to 256 [ 75.280556][ T5336] ======================================================= [ 75.280556][ T5336] WARNING: The mand mount option has been deprecated and [ 75.280556][ T5336] and is ignored by this kernel. Remove the mand [ 75.280556][ T5336] option from the mount to silence this warning. [ 75.280556][ T5336] ======================================================= [ 75.336957][ T5336] FAT-fs (loop0): Directory bread(block 64) failed [ 75.342038][ T5336] FAT-fs (loop0): Directory bread(block 65) failed [ 75.345696][ T5336] FAT-fs (loop0): Directory bread(block 66) failed [ 75.350660][ T5336] FAT-fs (loop0): Directory bread(block 67) failed [ 75.354305][ T5336] FAT-fs (loop0): Directory bread(block 68) failed [ 75.357690][ T5336] FAT-fs (loop0): Directory bread(block 69) failed [ 75.360954][ T5336] FAT-fs (loop0): Directory bread(block 70) failed [ 75.363941][ T5336] FAT-fs (loop0): Directory bread(block 71) failed [ 75.366884][ T5336] FAT-fs (loop0): Directory bread(block 72) failed [ 75.370292][ T5336] FAT-fs (loop0): Directory bread(block 73) failed [ 75.383428][ T5336] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 75.386874][ T5336] #PF: supervisor instruction fetch in kernel mode [ 75.389710][ T5336] #PF: error_code(0x0010) - not-present page [ 75.392472][ T5336] PGD 0 P4D 0 [ 75.394029][ T5336] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 75.396392][ T5336] CPU: 0 UID: 0 PID: 5336 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.400506][ T5336] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.405528][ T5336] RIP: 0010:0x0 [ 75.407306][ T5336] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.410865][ T5336] RSP: 0018:ffffc9000cd07958 EFLAGS: 00010287 [ 75.413815][ T5336] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000d1b90 RCX: 0000000000100000 [ 75.417489][ T5336] RDX: ffffc90020802000 RSI: ffffea000068dc80 RDI: ffff888031ac8380 [ 75.420911][ T5336] RBP: ffffc9000cd07a18 R08: ffffea000068dc87 R09: 1ffffd40000d1b90 [ 75.424283][ T5336] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.427762][ T5336] R13: ffffea000068dc88 R14: ffffea000068dc80 R15: 1ffffd40000d1b91 [ 75.431023][ T5336] FS: 00007f5d93e726c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.434934][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.437483][ T5336] CR2: ffffffffffffffd6 CR3: 000000004149e000 CR4: 0000000000352ef0 [ 75.441108][ T5336] Call Trace: [ 75.442598][ T5336] [ 75.443808][ T5336] filemap_read_folio+0x117/0x380 [ 75.446105][ T5336] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.448563][ T5336] do_read_cache_folio+0x358/0x590 [ 75.450842][ T5336] freader_get_folio+0x3c7/0x830 [ 75.453121][ T5336] freader_fetch+0xa3/0x750 [ 75.455192][ T5336] __build_id_parse+0x133/0x7d0 [ 75.457307][ T5336] ? __pfx___build_id_parse+0x10/0x10 [ 75.459744][ T5336] procfs_procmap_ioctl+0x76f/0xce0 [ 75.462032][ T5336] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.464429][ T5336] ? __fget_files+0x2a/0x420 [ 75.466416][ T5336] ? __fget_files+0x2a/0x420 [ 75.468508][ T5336] ? __fget_files+0x3a0/0x420 [ 75.470471][ T5336] ? __fget_files+0x2a/0x420 [ 75.472517][ T5336] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.474686][ T5336] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.477140][ T5336] __se_sys_ioctl+0xfc/0x170 [ 75.479130][ T5336] do_syscall_64+0xec/0xf80 [ 75.481178][ T5336] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.483908][ T5336] ? trace_irq_disable+0x37/0x100 [ 75.486302][ T5336] ? clear_bhb_loop+0x60/0xb0 [ 75.488442][ T5336] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.491072][ T5336] RIP: 0033:0x7f5d92f8f7c9 [ 75.493108][ T5336] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.501393][ T5336] RSP: 002b:00007f5d93e72038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.505025][ T5336] RAX: ffffffffffffffda RBX: 00007f5d931e5fa0 RCX: 00007f5d92f8f7c9 [ 75.508515][ T5336] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000004 [ 75.511987][ T5336] RBP: 00007f5d93013f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.515526][ T5336] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.518786][ T5336] R13: 00007f5d931e6038 R14: 00007f5d931e5fa0 R15: 00007ffdf67a0f98 [ 75.521596][ T5336] [ 75.522922][ T5336] Modules linked in: [ 75.524680][ T5336] CR2: 0000000000000000 [ 75.526618][ T5336] ---[ end trace 0000000000000000 ]--- [ 75.529032][ T5336] RIP: 0010:0x0 [ 75.530422][ T5336] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.533378][ T5336] RSP: 0018:ffffc9000cd07958 EFLAGS: 00010287 [ 75.535957][ T5336] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000d1b90 RCX: 0000000000100000 [ 75.539349][ T5336] RDX: ffffc90020802000 RSI: ffffea000068dc80 RDI: ffff888031ac8380 [ 75.542773][ T5336] RBP: ffffc9000cd07a18 R08: ffffea000068dc87 R09: 1ffffd40000d1b90 [ 75.546250][ T5336] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.549835][ T5336] R13: ffffea000068dc88 R14: ffffea000068dc80 R15: 1ffffd40000d1b91 [ 75.553231][ T5336] FS: 00007f5d93e726c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.556721][ T5336] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.559315][ T5336] CR2: ffffffffffffffd6 CR3: 000000004149e000 CR4: 0000000000352ef0 [ 75.562606][ T5336] Kernel panic - not syncing: Fatal exception [ 75.565536][ T5336] Kernel Offset: disabled [ 75.567537][ T5336] Rebooting in 86400 seconds..