program: r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) socket$inet6(0xa, 0x3, 0x2) r2 = syz_open_procfs(r0, &(0x7f0000000600)='environ\x00') syz_usb_disconnect(0xffffffffffffffff) read$FUSE(r2, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300)=0x1000000004) ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) r5 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) getpeername$packet(r3, &(0x7f0000000140)={0x11, 0x0, 0x0}, &(0x7f00000003c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000640)=ANY=[@ANYBLOB="cebace74bdd95c284e6563a1ba0bf6cc2eaecefc0cab10000000bae5efab80fbbdd6ca1afaecd535f2a5c82912fa6e6f88001c69d0fab37afb04b7ba16d664a4620b693e1d5e904eba04f3a80833b93bdceedb1c4cce0421c860efc040ff6c706fc1bbdfd9436cd0bb20f0da6b5e263e4973df9f2385c9f51234b84ad633f7a2ffff418ae071c1b380b3c7e32d4eb51fbde0d3b67f0d8fef83681d810babf8e2c350e4234b1542d6988007906a9df5cd36322533176b55cf4d5fc6ac6165fe0867f7a4ae42aa468806df8c9b1b116018", @ANYRES32=r6, @ANYRES32=0x0], 0x3c}, 0x1, 0x0, 0x0, 0x10}, 0x40020) write$binfmt_aout(r5, &(0x7f0000000000)=ANY=[@ANYBLOB="03040000b5"], 0xc8) write$binfmt_aout(r5, &(0x7f0000000200)=ANY=[@ANYBLOB="03000000b500000001000000feefffff"], 0xc8) r7 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000540)=0x2, 0x4) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17) r8 = syz_open_procfs$pagemap(r0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r8, 0xc0606610, &(0x7f0000000480)={0x60, 0x0, &(0x7f0000ff9000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x0, &(0x7f0000000580)=[{0xfffffffffffffffc, 0x6, 0x1000}], 0x1, 0x4, 0x1a}) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f0000000380)={0xaa, 0xa0}) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(r7, 0x84, 0x13, &(0x7f0000000580), &(0x7f00000005c0)=0x8) openat$userio(0xffffffffffffff9c, &(0x7f00000002c0), 0x2, 0x0) setsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x7b, &(0x7f0000000000)=@int=0x7, 0x4) write$binfmt_aout(r3, &(0x7f00000002c0)=ANY=[], 0xc1) truncate(&(0x7f0000000000)='./file0\x00', 0x6) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r7, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'}) [ 72.460072][ T4680] Bluetooth: hci0: command tx timeout [ 72.782637][ T5334] Oops: general protection fault, probably for non-canonical address 0xdffffc000000003c: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 72.787151][ T5334] KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7] [ 72.790118][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-09073-g9f16d5e6f220 #0 [ 72.793786][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 72.797730][ T5334] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 72.800211][ T5334] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d cb 65 ac 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 68 a5 8f 00 48 be 00 00 00 00 00 fc [ 72.807334][ T5334] RSP: 0018:ffffc9000d14f850 EFLAGS: 00010006 [ 72.809488][ T5334] RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000001 [ 72.812447][ T5334] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00000000000001e0 [ 72.815170][ T5334] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 72.817758][ T5334] R10: dffffc0000000000 R11: fffffbfff203a9ff R12: ffff888000fe4880 [ 72.820772][ T5334] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000001e0 [ 72.823811][ T5334] FS: 00007f2229f006c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 72.827074][ T5334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.829430][ T5334] CR2: 00007f222930c170 CR3: 0000000036cec000 CR4: 0000000000352ef0 [ 72.832490][ T5334] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.835409][ T5334] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.838361][ T5334] Call Trace: [ 72.839620][ T5334] [ 72.840761][ T5334] ? __die_body+0x5f/0xb0 [ 72.842373][ T5334] ? die_addr+0xb0/0xe0 [ 72.843936][ T5334] ? exc_general_protection+0x3dd/0x5d0 [ 72.846002][ T5334] ? asm_exc_general_protection+0x26/0x30 [ 72.848224][ T5334] ? __lock_acquire+0x6a/0x2100 [ 72.850054][ T5334] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 72.852134][ T5334] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 72.854445][ T5334] lock_acquire+0x1ed/0x550 [ 72.856143][ T5334] ? do_pagemap_cmd+0x82e/0x1240 [ 72.857976][ T5334] ? __pfx_lock_acquire+0x10/0x10 [ 72.859781][ T5334] ? __pfx___might_resched+0x10/0x10 [ 72.861744][ T5334] down_read_killable+0xca/0xd30 [ 72.863699][ T5334] ? do_pagemap_cmd+0x82e/0x1240 [ 72.865575][ T5334] ? do_pagemap_cmd+0x82e/0x1240 [ 72.867312][ T5334] ? __pfx_down_read_killable+0x10/0x10 [ 72.869317][ T5334] ? do_pagemap_cmd+0x5f8/0x1240 [ 72.871136][ T5334] ? do_pagemap_cmd+0x5f8/0x1240 [ 72.872925][ T5334] ? rcu_is_watching+0x15/0xb0 [ 72.874664][ T5334] ? do_pagemap_cmd+0x5f8/0x1240 [ 72.876486][ T5334] ? do_pagemap_cmd+0x5f8/0x1240 [ 72.878280][ T5334] ? __kmalloc_noprof+0x21a/0x400 [ 72.880136][ T5334] do_pagemap_cmd+0x82e/0x1240 [ 72.881881][ T5334] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 72.883851][ T5334] ? __fget_files+0x2a/0x410 [ 72.885533][ T5334] ? __fget_files+0x2a/0x410 [ 72.887212][ T5334] ? __pfx_do_pagemap_cmd+0x10/0x10 [ 72.889181][ T5334] __se_sys_ioctl+0xf5/0x170 [ 72.890870][ T5334] do_syscall_64+0xf3/0x230 [ 72.892570][ T5334] ? clear_bhb_loop+0x35/0x90 [ 72.894332][ T5334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 72.896485][ T5334] RIP: 0033:0x7f222917e819 [ 72.898098][ T5334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 72.904976][ T5334] RSP: 002b:00007f2229f00038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 72.907948][ T5334] RAX: ffffffffffffffda RBX: 00007f2229335fa0 RCX: 00007f222917e819 [ 72.910803][ T5334] RDX: 0000000020000480 RSI: 00000000c0606610 RDI: 0000000000000008 [ 72.913848][ T5334] RBP: 00007f22291f175e R08: 0000000000000000 R09: 0000000000000000 [ 72.916773][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 72.919545][ T5334] R13: 0000000000000000 R14: 00007f2229335fa0 R15: 00007ffc38b48f68 [ 72.922400][ T5334] [ 72.923520][ T5334] Modules linked in: [ 72.924942][ T5334] ---[ end trace 0000000000000000 ]--- [ 72.926916][ T5334] RIP: 0010:__lock_acquire+0x6a/0x2100 [ 72.928887][ T5334] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d cb 65 ac 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 68 a5 8f 00 48 be 00 00 00 00 00 fc [ 72.935735][ T5334] RSP: 0018:ffffc9000d14f850 EFLAGS: 00010006 [ 72.937789][ T5334] RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000001 [ 72.940665][ T5334] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00000000000001e0 [ 72.943639][ T5334] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000 [ 72.946485][ T5334] R10: dffffc0000000000 R11: fffffbfff203a9ff R12: ffff888000fe4880 [ 72.949466][ T5334] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000001e0 [ 72.952416][ T5334] FS: 00007f2229f006c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 72.955631][ T5334] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 72.958170][ T5334] CR2: 00007f222930c170 CR3: 0000000036cec000 CR4: 0000000000352ef0 [ 72.961146][ T5334] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 72.964052][ T5334] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 72.966987][ T5334] Kernel panic - not syncing: Fatal exception [ 72.969490][ T5334] Kernel Offset: disabled [ 72.971047][ T5334] Rebooting in 86400 seconds..