program: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r0}, 0x38) syz_80211_inject_frame(&(0x7f0000000240)=@device_b, &(0x7f0000000000)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_a, @random="aa09b799c0d7"}, 0x0, @default, 0x1001, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x1, [{0xb}]}, @void, @val={0x4, 0x6, {0x2, 0x80, 0xfffa, 0xf389}}, @void, @void, @void, @void, @val={0x3c, 0x0, {0x0, 0x5b, 0xa1, 0x9}}, @void, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x8, 0x21}}, @val={0x76, 0x0, {0x5, 0x3, 0x8, 0x4000}}}, 0xb5) r1 = gettid() fcntl$dupfd(r0, 0x406, r0) capget(&(0x7f0000000100)={0x19980330, r1}, &(0x7f0000000140)={0x5, 0xa, 0xb5e, 0xb, 0x40, 0x4}) r2 = socket$nl_generic(0x10, 0x3, 0x10) newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xc4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x7ffffffe}, 0x0, 0x0, 0xffffffff, 0x4, 0x0, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x9) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r4, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) setresuid(0x0, r3, 0x0) setuid(r3) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000a00)={0x28, r6, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x28}}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000280), &(0x7f00000002c0)=0x4) [ 73.585864][ T5311] Bluetooth: hci0: command tx timeout [ 73.679321][ T5324] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 73.683349][ T5324] capability: warning: `syz.0.0' uses 32-bit capabilities (legacy support in use) [ 73.696442][ T5324] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 73.699435][ T5324] #PF: supervisor instruction fetch in kernel mode [ 73.701930][ T5324] #PF: error_code(0x0010) - not-present page [ 73.704098][ T5324] PGD 42a22067 P4D 42a22067 PUD 42b1e067 PMD 0 [ 73.706508][ T5324] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 73.708830][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller-00212-g4a5df3796467 #0 [ 73.712605][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.716344][ T5324] RIP: 0010:0x0 [ 73.717703][ T5324] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 73.720338][ T5324] RSP: 0018:ffffc9000d2cf8d8 EFLAGS: 00010283 [ 73.722443][ T5324] RAX: ffffffff81cde05c RBX: 0000000000000000 RCX: 0000000000040000 [ 73.725457][ T5324] RDX: ffffc9000db6a000 RSI: ffffea00013235c0 RDI: ffff888000993540 [ 73.728541][ T5324] RBP: ffffc9000d2cf990 R08: ffffffff81cde026 R09: 1ffffd40002646b8 [ 73.731559][ T5324] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd40002646b8 [ 73.734320][ T5324] R13: ffffea00013235c0 R14: ffffc9000d2cf920 R15: 1ffffd40002646b9 [ 73.736900][ T5324] FS: 00007f92b01186c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 73.739910][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.741819][ T5324] CR2: ffffffffffffffd6 CR3: 0000000042afe000 CR4: 0000000000352ef0 [ 73.744107][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.746700][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.749385][ T5324] Call Trace: [ 73.750499][ T5324] [ 73.751560][ T5324] ? __die_body+0x5f/0xb0 [ 73.753310][ T5324] ? page_fault_oops+0x8e4/0xcc0 [ 73.755193][ T5324] ? __pfx_page_fault_oops+0x10/0x10 [ 73.757266][ T5324] ? __pfx_lock_acquire+0x10/0x10 [ 73.759201][ T5324] ? __folio_batch_add_and_move+0x81a/0xf00 [ 73.761517][ T5324] ? __pfx_lock_release+0x10/0x10 [ 73.763509][ T5324] ? rcu_is_watching+0x15/0xb0 [ 73.765344][ T5324] ? rcu_is_watching+0x15/0xb0 [ 73.767162][ T5324] ? is_errata93+0xbe/0x260 [ 73.768882][ T5324] ? exc_page_fault+0x5ed/0x8c0 [ 73.770676][ T5324] ? asm_exc_page_fault+0x26/0x30 [ 73.772505][ T5324] ? filemap_read_folio+0x106/0x630 [ 73.774480][ T5324] ? filemap_read_folio+0x13c/0x630 [ 73.776324][ T5324] filemap_read_folio+0x14b/0x630 [ 73.778183][ T5324] ? __pfx_filemap_read_folio+0x10/0x10 [ 73.780207][ T5324] ? __filemap_get_folio+0x949/0xbd0 [ 73.782287][ T5324] do_read_cache_folio+0x3f5/0x850 [ 73.784232][ T5324] freader_get_folio+0x57a/0xb50 [ 73.786037][ T5324] freader_fetch+0x9d/0x650 [ 73.787781][ T5324] ? mt_find+0x2a9/0x920 [ 73.789461][ T5324] __build_id_parse+0x188/0x8a0 [ 73.791338][ T5324] ? __pfx___build_id_parse+0x10/0x10 [ 73.793338][ T5324] ? __might_fault+0xc6/0x120 [ 73.795280][ T5324] procfs_procmap_ioctl+0xcf5/0x1600 [ 73.797545][ T5324] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 73.799658][ T5324] ? __fget_files+0x29/0x470 [ 73.801290][ T5324] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 73.803240][ T5324] __se_sys_ioctl+0xf9/0x170 [ 73.804738][ T5324] do_syscall_64+0xf3/0x230 [ 73.806190][ T5324] ? clear_bhb_loop+0x35/0x90 [ 73.807726][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.809725][ T5324] RIP: 0033:0x7f92af37e719 [ 73.811195][ T5324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.817928][ T5324] RSP: 002b:00007f92b0118038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 73.821002][ T5324] RAX: ffffffffffffffda RBX: 00007f92af535f80 RCX: 00007f92af37e719 [ 73.824020][ T5324] RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 73.826911][ T5324] RBP: 00007f92af3f175e R08: 0000000000000000 R09: 0000000000000000 [ 73.829861][ T5324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.832783][ T5324] R13: 0000000000000000 R14: 00007f92af535f80 R15: 00007ffd04431398 [ 73.835538][ T5324] [ 73.836644][ T5324] Modules linked in: [ 73.837944][ T5324] CR2: 0000000000000000 [ 73.839343][ T5324] ---[ end trace 0000000000000000 ]--- [ 73.841215][ T5324] RIP: 0010:0x0 [ 73.842457][ T5324] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 73.844991][ T5324] RSP: 0018:ffffc9000d2cf8d8 EFLAGS: 00010283 [ 73.846901][ T5324] RAX: ffffffff81cde05c RBX: 0000000000000000 RCX: 0000000000040000 [ 73.849810][ T5324] RDX: ffffc9000db6a000 RSI: ffffea00013235c0 RDI: ffff888000993540 [ 73.852834][ T5324] RBP: ffffc9000d2cf990 R08: ffffffff81cde026 R09: 1ffffd40002646b8 [ 73.855734][ T5324] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd40002646b8 [ 73.858781][ T5324] R13: ffffea00013235c0 R14: ffffc9000d2cf920 R15: 1ffffd40002646b9 [ 73.861696][ T5324] FS: 00007f92b01186c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 73.864965][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.867437][ T5324] CR2: ffffffffffffffd6 CR3: 0000000042afe000 CR4: 0000000000352ef0 [ 73.870495][ T5324] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 73.873498][ T5324] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 73.876572][ T5324] Kernel panic - not syncing: Fatal exception [ 73.879133][ T5324] Kernel Offset: disabled [ 73.880843][ T5324] Rebooting in 86400 seconds..