program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@resuid}, {@abort}, {@noinit_itable}, {@norecovery}, {@discard}, {@lazytime}, {@nogrpid}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x563, &(0x7f0000000440)="$eJzs3c9rHFUcAPDvbH70R6pNoRT1IIEerNRumsQfFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+If4N1j8R/w6F9Q0EKREvTgJTKb2XTT7CabdNtsu58PTPvezCTvvbz5vn2zb5YNoG+NZf8UIl6NiG+TiMNNxwYjPzi2dt7Kw+vT2ZbE6upnfyeR5Psa5yf5/yN55pWI+O3riJOFzeVWl5bnSuVyupDnx2vzV8arS8unLs2XZtPZ9PLk1NSZd6Ym33/v3a619c3z//7w6d2PznxzfOX7X+4fuZ3E2TiUH2tuxxO40ZwZi7H8bzIUZx87caILhfWSZK8rwK4M5HE+FNkYcDgG8qgHXnxfRcQq0KcS8Q99qjEPaNzbd+k++Lnx4MO1G6DN7R9ce28k9tfvjQ6uJBvujLL73dEulJ+V8etfd25nW3TvfQiAbd24GRGnBwc3j39JPv7t3ukOznm8jB2Of6s7rBLQ5G42/3mr1fynsD7/iRbzn5EWsbsb28d/4X4Ximkrm/990HL+u75oNTqQ516qz/mGkouXymk2tr0cESdiaF+W32o958zKvbbjVPP8L9uy8htzwbwe9wf3bfyZmVKt9CRtbvbgZsRrLee/yXr/Jy36f+NK19aOpXdeb3ds+/Y/Xas/R7zRsv8frWglW69Pjtevh/HGVbHZP7eO/d6u/L1uf9b/B7du/2jSvF5b3XkZP+3/L213bLfX/3DyeT09nO+7VqrVFiYihpNPNu+ffPSzjXzj/Kz9J45vPf61uv4PRMQXHbb/1tFbbU/thf6f2VH/7zxx7+Mvf2xXfmf9/3Y9dSLf08n412kFn+RvBwAAAAAAAL2mEBGHIikU19OFQrG49nzH0ThYKFeqtZMXK4uXZ6L+WdnRGCo0VrpHmp6HmMifh23kJx/LT0XEkYj4buBAPV+crpRn9rrxAAAAAAAAAAAAAAAAAAAA0CNG2nz+P/PnwF7XDnjqfOU39K9t478b3/QE9CSv/9C/xD/0L/EP/Wur+B9+hvUAnj2v/9C/Oor/PzwNAC8ir//Qv8Q/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNX5c+eybXXl4fXpLD9zdWlxrnL11ExanSvOL04XpysLV4qzlcpsOS1OV+a3+33lSuXKxGQsXhuvpdXaeHVp+cJ8ZfFy7cKl+dJseiEdeiatAgAAAAAAAAAAAAAAAAAAgOdLdWl5rlQupwsSErtKDPZGNSTWEvWoTroQ3Xs6LAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADABv8HAAD//zupNTE=") mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)={[{@index_on}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@metacopy_on}]}) syz_emit_ethernet(0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000002aaaaaaaaaaaa08004500006000000000002f9078640101000000000024806558000000000000000010000800000086dd"], 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@newqdisc={0x3c, 0x24, 0x800, 0x70bd29, 0x25dfdc00, {0x60, 0x0, 0x0, 0x0, {0xfff1, 0xf}, {0x1, 0x2}, {0xfff3, 0x8}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_OVERHEAD={0x8, 0x6, 0xffffffffffffffd3}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x44045}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="5000000010000104"], 0x50}}, 0x4000084) sendmsg$key(0xffffffffffffffff, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[@ANYBLOB="020200020c00000000000000000000000200080008"], 0x60}, 0x1, 0x7}, 0x0) r0 = syz_open_dev$mouse(&(0x7f0000000080), 0x0, 0x40) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x822b01) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan1\x00'}) write$char_usb(r1, &(0x7f00000009c0)="e2a9caae9fd0cceb5af6fbb1553f8a20e0113b7254dbbd1e7a75004e3ef3fd95e47bbd6eb3b1ccdf615788b4f44d7a00927663e99a4e8d5fc396209f23b449c152c8c3b6d7ad88b9f7ed5ea18a953db3d2b998016a2b7d74104e675e19a7eb8cc593254646895bae69728355c0a782c5a52fe01fdef75d4e985fb834c01f0bd308ae2d48df7bf97dd3f928501bf75a1e85cf31969d3b0b44a0f402a37ba225635d668b1e65e0649f2370c8065b8573d73654eecf462c8fac21f0d165d5fc8fa34748ee0625809f09", 0xc8) select(0x40, &(0x7f0000000000)={0xe, 0x92f, 0x9, 0x7, 0xd82b, 0x882b, 0x7, 0x3}, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000140), 0xffffffffffffffff) r2 = socket$kcm(0x10, 0x2, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000040900010073797a30000000009c000000090a010400000000000000000700000308000a40000000000900020073797a30000000000900010073797a3000000000080005400000000d58001280200001800e000100636f6e6e6c696d69740000000c0002800800014000000008200001800e000100636f6e6e6c696d69740000000c00028008000140000000001400017b090001006cdbf80789f3f947dd000280080003"], 0xe4}, 0x1, 0x0, 0x0, 0x8001}, 0x20050840) r3 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000e0000000000000000aa674fd1000000000000"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r3, @ANYBLOB="0000000000000000b704000006000000850000001c00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000f80)={0xffffffffffffffff, 0x5, 0x8}, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000001000)={0x15, 0x20, &(0x7f0000000ac0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000bc0)='GPL\x00', 0x9, 0x0, 0x0, 0x41000, 0x10, '\x00', 0x0, @fallback=0x2e, r0, 0x8, &(0x7f0000000c00)={0x9, 0x2}, 0x8, 0x10, &(0x7f0000000c40)={0x4, 0x10, 0xfff, 0x1000}, 0x10, 0x0, r4, 0x0, &(0x7f0000000fc0)=[r3, r5, r0, r0, r3, r3], 0x0, 0x10, 0x5}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000001bc0)={r4, 0x2f000000, 0x4c, 0x4c, &(0x7f0000001cc0)="633268f83ca3000000a2029e3815bb2fa117d8326687688b2c969fd7267d546214af00d1ca2524d00f9e4d9555f3ab381b5d44fd6bda8c509e66101d296f10c805252e7c5d48d9814f46db8f07441878734b13270fe47fba418b7358984b9a61c2bbf964a520459fd0d90590b46cf1677d580a26933b6e35aee75996b73a15a25aa8ae2f1f9bc9699a505c0dc4050ab2255fc35f508ccc52f10ac12febf28652fe36f725714868675ca2a7042ab4b26904b2f000589694f69ab0b22a5aec72c5036ce1c8974690045e4ab412a70336b4c65b2dfc8121af4143c2e10a0e5632bcd44e0b000029da424d86f298656822dae2c002e289fbfa6fe0dfb2fd57713a7684dc166c628dc45027ac174c5db54f22e409eb4e94263dbc9919f90f1af3290918b9824c3e0268b300bf69cc2eb3fc58f655439bdbe2b905", &(0x7f0000001c40)=""/76, 0x4000, 0x0, 0x47, 0x50, &(0x7f0000001ac0)="9c01bd6f9a6028c80d7364240fd78867d9d62eca43c565f2c5ac65dd4a0fadceb6c65dcb07f2421e69087e0f17b4eb709e4805f2722709c46bef17c4cb9aed9fb1c342179ea349", &(0x7f0000001a40)="408fd0050dc7945b483103067eca9bd26ffbe35abf0f88a103f6893dc2b1d1cdc2195d4ae89abc04ff5fe5d2466892c81015df835a7d47be4f852161bc4015e7564b08584290fe1762f943a653008ac5", 0x1, 0x8000000, 0x13}, 0x22) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xd18c9b25, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00", 0x33fe0}], 0x1}, 0x0) r6 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) write(r6, &(0x7f0000000540)="953820a61a166fd5dd4b4b", 0xfdef) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r6, 0xc0305616, &(0x7f0000000300)={0x0, {0x10, 0xfffffffb}}) chdir(&(0x7f00000003c0)='./bus\x00') r7 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x40010, r7, 0xfffff000) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') mknodat$loop(r8, &(0x7f0000000000)='./file1\x00', 0x40, 0x1) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 85.019654][ T4687] Bluetooth: hci0: command tx timeout [ 85.121305][ T5347] loop0: detected capacity change from 0 to 1024 [ 85.213099][ T5347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 85.241658][ T5347] netlink: 201004 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.252422][ T5347] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 85.256021][ T5347] #PF: supervisor instruction fetch in kernel mode [ 85.258909][ T5347] #PF: error_code(0x0010) - not-present page [ 85.261480][ T5347] PGD 0 P4D 0 [ 85.263043][ T5347] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 85.265393][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.269262][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.273634][ T5347] RIP: 0010:0x0 [ 85.275146][ T5347] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.278316][ T5347] RSP: 0018:ffffc9000a8bf958 EFLAGS: 00010283 [ 85.280622][ T5347] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000f6370 RCX: 0000000000100000 [ 85.283909][ T5347] RDX: ffffc90020b12000 RSI: ffffea00007b1b80 RDI: ffff8880425e3a80 [ 85.287182][ T5347] RBP: ffffc9000a8bfa18 R08: ffffea00007b1b87 R09: 1ffffd40000f6370 [ 85.290317][ T5347] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.293677][ T5347] R13: ffffea00007b1b88 R14: ffffea00007b1b80 R15: 1ffffd40000f6371 [ 85.296897][ T5347] FS: 00007fe12f93f6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 85.300565][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.303499][ T5347] CR2: ffffffffffffffd6 CR3: 00000000126d9000 CR4: 0000000000352ef0 [ 85.306812][ T5347] Call Trace: [ 85.308275][ T5347] [ 85.309516][ T5347] filemap_read_folio+0x117/0x380 [ 85.311757][ T5347] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.314214][ T5347] do_read_cache_folio+0x358/0x590 [ 85.316524][ T5347] freader_get_folio+0x3c7/0x830 [ 85.320026][ T5347] freader_fetch+0xa3/0x750 [ 85.322135][ T5347] __build_id_parse+0x133/0x7d0 [ 85.324161][ T5347] ? __pfx___build_id_parse+0x10/0x10 [ 85.326334][ T5347] procfs_procmap_ioctl+0x76f/0xce0 [ 85.328460][ T5347] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.330772][ T5347] ? __fget_files+0x2a/0x420 [ 85.332515][ T5347] ? __fget_files+0x2a/0x420 [ 85.334184][ T5347] ? __fget_files+0x3a0/0x420 [ 85.336043][ T5347] ? __fget_files+0x2a/0x420 [ 85.338009][ T5347] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.340092][ T5347] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.342668][ T5347] __se_sys_ioctl+0xfc/0x170 [ 85.344668][ T5347] do_syscall_64+0xec/0xf80 [ 85.346701][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.349359][ T5347] ? trace_irq_disable+0x37/0x100 [ 85.351308][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 85.353058][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.355406][ T5347] RIP: 0033:0x7fe12eb8f7c9 [ 85.357225][ T5347] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.365165][ T5347] RSP: 002b:00007fe12f93f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.368724][ T5347] RAX: ffffffffffffffda RBX: 00007fe12ede5fa0 RCX: 00007fe12eb8f7c9 [ 85.371828][ T5347] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 85.374861][ T5347] RBP: 00007fe12ec13f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.378230][ T5347] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.382009][ T5347] R13: 00007fe12ede6038 R14: 00007fe12ede5fa0 R15: 00007ffc03531208 [ 85.385601][ T5347] [ 85.387018][ T5347] Modules linked in: [ 85.388672][ T5347] CR2: 0000000000000000 [ 85.390430][ T5347] ---[ end trace 0000000000000000 ]--- [ 85.392967][ T5347] RIP: 0010:0x0 [ 85.394846][ T5347] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.397917][ T5347] RSP: 0018:ffffc9000a8bf958 EFLAGS: 00010283 [ 85.400428][ T5347] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000f6370 RCX: 0000000000100000 [ 85.403621][ T5347] RDX: ffffc90020b12000 RSI: ffffea00007b1b80 RDI: ffff8880425e3a80 [ 85.406675][ T5347] RBP: ffffc9000a8bfa18 R08: ffffea00007b1b87 R09: 1ffffd40000f6370 [ 85.409667][ T5347] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.413107][ T5347] R13: ffffea00007b1b88 R14: ffffea00007b1b80 R15: 1ffffd40000f6371 [ 85.416833][ T5347] FS: 00007fe12f93f6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 85.420389][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.423116][ T5347] CR2: ffffffffffffffd6 CR3: 00000000126d9000 CR4: 0000000000352ef0 [ 85.426499][ T5347] Kernel panic - not syncing: Fatal exception [ 85.429333][ T5347] Kernel Offset: disabled [ 85.431279][ T5347] Rebooting in 86400 seconds..