program: r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000140)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}]}}]}, 0x3c}}, 0x200400c4) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) connect$inet(r3, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) writev(r3, &(0x7f0000002180)=[{&(0x7f00000020c0)="e0b2", 0x2}], 0x1) perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x4, 0xa, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10001, 0x4, @perf_bp={0x0, 0xd}, 0x204, 0xeb, 0x0, 0x5, 0x59f4}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x1080080, &(0x7f0000000240)={[{@nodelalloc}, {@quota}, {@journal_dev={'journal_dev', 0x3d, 0x4}}, {@grpid}, {@auto_da_alloc}, {@noload}, {@nouid32}, {@bh}, {@user_xattr}]}, 0x1, 0x4e8, &(0x7f0000001080)="$eJzs3c9vG1kdAPDvTOImm81usrASPwRsWRYKqmon7m602lO5gNBqJUTFiUMaEjeKasdR7ZQmVCL9H5CoxAn+BA5IHJB64sSFG9y4lANSgQrUIHEwmvEkTdM4SdvE7safjzSaefPG832v1rznfpP4BTC0zkfEVkSci4hrETFVnE+KLa50t+y6x4/uLG4/urOYRKdz9Z9JXp+diz2vybxe3HM8In7w3YgfJ8/GbY0/Xa60G2uV1sbmpZXGwnJtubZarc7Nzs18ePmD6on19Z3Gbx5+Z+XjH/7+d19+8Ketb/00a9ZkUbe3Hyep2/XSbpzMaER8fBrBBmCk6M+5QTeEF5JGxGci4t38+Z+KkfzdPJ4DHmsA4FOg05mKztTeMgBw1qV5DixJy0UuYDLStFzu5vDejom03my1L15vrq8udXNl01FKr6/UazNFrnA6SklWns2Pn5Sr+8qXI+KtiPj52Gt5ubx4/DwDAHCyXt83//9nrDv/AwBn3PhRF8z3px0AQP8cOf8DAGeO+R8Aho/5HwCGj/kfAIaP+R8Ahk8x/48Muh0AQF98/5NPsq2zXXz/9dKtjfUbzVuXlmqtG+XG+mJ5sXlzrbzcbC7Xa+XFZuOo+9WbzbXZ92P9dqVda7UrrY3N+UZzfbU9n3+v93yt1JdeAQCHeeud+39JImLro9fyLfas5WCuhrMtHXQDgIGR84fh5Vu4YXj5Pz5w1FqePX9F+N4LBOv87AVeBJy0C1+Q/4dhJf8Pw0v+H4aX/D8Mr04n6bXmf7p7CQBwpsjxA339+T8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcEZP5lqTlYi3wyUjTcjnijYiYjlJyfaVem4mINyPiz2Olsaw8O+hGAwAvKf17Uqz/dWHqvcn9teeS/47l+4j4yS+v/uL2Qrt9czY7/6/d8+17xfnqINoPAHT9sd6rZmee3pnHdzx+dGdxZ+tTI3MPv91dXDSLu11s3ZrRGM3341GKiIl/J0W5K/u8MnIC8bfuRsTnD+p/kudGpouVT/fHz2K/0df46VPx07yuu8/+LT77HDGPWusVhsX9bPy5ctDzl8b5fD9+4OLH4/kI9fJ2xr/tZ8a/dHf8G+kx/p0/boz3//C9nnV3I744elD8ZDd+0iP+e8eM/9cvfeXdXnWdX0VciIPj741VaTfWKq2NzUsrjYXl2nJttVqdm52b+fDyB9VKnqOu7GSqn/WPjy6+eVj/J3rEHz+i/18/tNedsZ2jX//v2o++ekj8b37t4Pf/7UPiZ3PiNw6N/8TCxG97Lt+dxV/q9v/u877/F48Z/8HfNpeOeSkA0Aetjc0bC/V67eaJHpTihG+45yA5pTb36+DKq9GM4TvIPo+/7H0+V6TMXoHunPbBoEcm4LQ9eegH3RIAAAAAAAAAAAAAAKCXU/9zonTQPQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOAs+38AAAD//8/Lx8I=") openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000440), 0x2, 0x0) syz_mount_image$minix(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x804008, &(0x7f0000000100)=ANY=[], 0x5a, 0x20d, &(0x7f0000000200)="$eJzs3L9u00AAx/Gf40BIQfwVf8RUCQmxkEBbqcpGFzZeAImhakNV4UJpWBohQV+CnZWJR+BNWBnagY2JQ2dfwHFSfHFIHOHvR2rj2Pfzndue765RIgCV9Sj+HuiMe26Mebcs6ekTSbVSmwZgxox7/GkAVE9I1wcq6mQjjMf/L4H09fvbrWP3dc5z/nCykSwS7PrhOJVvnhZ4lskfBfHj7fpwfknS+ZFwfXT+8jHJ383Uf8G3/a7+pUy+4Z1Prv/eneH8RUmXJF2WdEXSVUnXpPi01+UOpOrfztR/Kzl85NkMAAAAAAD+yq4+W4Mnvov+bL7lU/LB2L129fx8N+qOP+qhluQfFoyfdfWvTJlfzbQpl3vBteHyra1X0XbBNgBF1dL9P9/IHcK//2vsv7PCKft/Pc5/KJgGqq132H+xGUXdg7ltSJOm7FBZvNLmYONbbuFPdkM/kldGZv/TGNxM7Z5ln1TgCs/t96X8Mu9zyjR10DMe55n7xuvHyextBlXYQSm9pz/tCYNsP60PdaLPqT+kKDJhb/8fXJc9oQl/3yjCMu5OAGap/WZvv9077N/f3dvc6e50X66tdzrra6srnXY8LW9PtTgHsMj+DPpltwQAAAAAAAAAAAAAABR1Q9LNyWOnfrwHAAAAgMU1+RuDGhO/najsawQAAAAAAAAAAAAA4H/3KwAA//9/rD04") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x62042, 0x0) pwritev2(r4, &(0x7f0000000140)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x5402, 0x0, 0x0) r5 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff) r6 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_WPAN_PHY(r6, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, r5, 0xb15, 0x0, 0x0, {}, [@NL802154_ATTR_IFINDEX={0x8}]}, 0x1c}}, 0x0) sendfile(r4, r4, 0x0, 0x7a680000) creat(&(0x7f0000000080)='./bus\x00', 0x0) [ 69.010839][ T4661] Bluetooth: hci0: command tx timeout [ 69.094318][ T5315] loop0: detected capacity change from 0 to 512 [ 69.108712][ T5315] loop0: detected capacity change from 0 to 64 [ 69.153716][ T5315] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 69.158379][ T5315] KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] [ 69.161424][ T5315] CPU: 0 UID: 0 PID: 5315 Comm: syz.0.0 Not tainted 6.13.0-rc6-syzkaller-00231-g77a903cd8e5a #0 [ 69.165332][ T5315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.169148][ T5315] RIP: 0010:perf_trace_block_buffer+0x293/0x490 [ 69.171599][ T5315] Code: 24 18 48 8d 58 30 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 db 03 65 fd 4c 8b 3b 49 83 c7 34 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 6c 01 00 00 45 8b 3f 49 8d 5c 24 08 48 [ 69.178626][ T5315] RSP: 0018:ffffc9000d4579e0 EFLAGS: 00010207 [ 69.180647][ T5315] RAX: 0000000000000006 RBX: ffff888043b41dc8 RCX: 0000000000100000 [ 69.183308][ T5315] RDX: ffffc9000e1d2000 RSI: 00000000000029d6 RDI: ffff88801fc37768 [ 69.186235][ T5315] RBP: ffffc9000d457ac8 R08: ffffffff81a9171b R09: 1ffffffff203305e [ 69.189138][ T5315] R10: dffffc0000000000 R11: fffffbfff203305f R12: ffffe8ffffc48780 [ 69.192018][ T5315] R13: dffffc0000000000 R14: ffff88801fc376e0 R15: 0000000000000034 [ 69.194774][ T5315] FS: 00007f5734ee96c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.197989][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.200401][ T5315] CR2: 000055a31c654678 CR3: 000000003a2ac000 CR4: 0000000000352ef0 [ 69.203357][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.206218][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.208977][ T5315] Call Trace: [ 69.210200][ T5315] [ 69.211280][ T5315] ? __die_body+0x5f/0xb0 [ 69.212892][ T5315] ? die_addr+0xb0/0xe0 [ 69.214459][ T5315] ? exc_general_protection+0x3dd/0x5d0 [ 69.216614][ T5315] ? asm_exc_general_protection+0x26/0x30 [ 69.218737][ T5315] ? perf_trace_buf_alloc+0x18b/0x2f0 [ 69.221030][ T5315] ? perf_trace_block_buffer+0x293/0x490 [ 69.223195][ T5315] ? __pfx_lock_release+0x10/0x10 [ 69.225100][ T5315] ? __pfx_perf_trace_block_buffer+0x10/0x10 [ 69.227414][ T5315] ? do_raw_spin_unlock+0x58/0x8b0 [ 69.229455][ T5315] ? __d_instantiate+0x3e6/0x740 [ 69.231454][ T5315] mark_buffer_dirty+0x3c5/0x440 [ 69.233341][ T5315] minix_fill_super+0x12e3/0x1ae0 [ 69.235218][ T5315] get_tree_bdev_flags+0x48c/0x5c0 [ 69.237161][ T5315] ? __pfx_minix_fill_super+0x10/0x10 [ 69.239199][ T5315] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 69.241278][ T5315] ? apparmor_capable+0x13b/0x1b0 [ 69.243178][ T5315] vfs_get_tree+0x90/0x2b0 [ 69.244750][ T5315] do_new_mount+0x2be/0xb40 [ 69.246329][ T5315] ? __pfx_do_new_mount+0x10/0x10 [ 69.247888][ T5315] __se_sys_mount+0x2d6/0x3c0 [ 69.249609][ T5315] ? __pfx___se_sys_mount+0x10/0x10 [ 69.251492][ T5315] ? do_syscall_64+0x100/0x230 [ 69.253191][ T5315] ? __x64_sys_mount+0x20/0xc0 [ 69.254921][ T5315] do_syscall_64+0xf3/0x230 [ 69.256679][ T5315] ? clear_bhb_loop+0x35/0x90 [ 69.258426][ T5315] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.260791][ T5315] RIP: 0033:0x7f57341874ca [ 69.262763][ T5315] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.269808][ T5315] RSP: 002b:00007f5734ee8e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 69.272896][ T5315] RAX: ffffffffffffffda RBX: 00007f5734ee8ef0 RCX: 00007f57341874ca [ 69.275693][ T5315] RDX: 0000000020000140 RSI: 0000000020000040 RDI: 00007f5734ee8eb0 [ 69.278639][ T5315] RBP: 0000000020000140 R08: 00007f5734ee8ef0 R09: 0000000000804008 [ 69.281288][ T5315] R10: 0000000000804008 R11: 0000000000000246 R12: 0000000020000040 [ 69.284511][ T5315] R13: 00007f5734ee8eb0 R14: 000000000000020d R15: 0000000020000100 [ 69.287326][ T5315] [ 69.288454][ T5315] Modules linked in: [ 69.290237][ T5315] ---[ end trace 0000000000000000 ]--- [ 69.292459][ T5315] RIP: 0010:perf_trace_block_buffer+0x293/0x490 [ 69.294775][ T5315] Code: 24 18 48 8d 58 30 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 db 03 65 fd 4c 8b 3b 49 83 c7 34 4c 89 f8 48 c1 e8 03 <42> 0f b6 04 28 84 c0 0f 85 6c 01 00 00 45 8b 3f 49 8d 5c 24 08 48 [ 69.302772][ T5315] RSP: 0018:ffffc9000d4579e0 EFLAGS: 00010207 [ 69.304994][ T5315] RAX: 0000000000000006 RBX: ffff888043b41dc8 RCX: 0000000000100000 [ 69.307791][ T5315] RDX: ffffc9000e1d2000 RSI: 00000000000029d6 RDI: ffff88801fc37768 [ 69.310579][ T5315] RBP: ffffc9000d457ac8 R08: ffffffff81a9171b R09: 1ffffffff203305e [ 69.313740][ T5315] R10: dffffc0000000000 R11: fffffbfff203305f R12: ffffe8ffffc48780 [ 69.317436][ T5315] R13: dffffc0000000000 R14: ffff88801fc376e0 R15: 0000000000000034 [ 69.321093][ T5315] FS: 00007f5734ee96c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.324962][ T5315] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.327802][ T5315] CR2: 000055a31c654678 CR3: 000000003a2ac000 CR4: 0000000000352ef0 [ 69.331464][ T5315] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.334874][ T5315] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.337883][ T5315] Kernel panic - not syncing: Fatal exception [ 69.340234][ T5315] Kernel Offset: disabled [ 69.341855][ T5315] Rebooting in 86400 seconds..