program: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040), 0x404040, 0x0) r1 = syz_open_dev$vcsn(&(0x7f0000000a00), 0x9, 0xc2102) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f0000000080)={0x100000, 0xdddd0000, 0x7, 0x0, 0x1}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xc) (async) madvise(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xd) (async) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='X\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="090d0000000000f0ff000700000008000300", @ANYRES32=r5, @ANYBLOB="0800051d000000001400060076657468115f746f5f7465616d0000000400cc0008000500040000001400040073"], 0x58}}, 0x0) (async, rerun: 64) socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64) syz_usb_connect$cdc_ecm(0x6, 0xcc, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xba, 0x1, 0x1, 0x63, 0x40, 0x9, [{{0x9, 0x4, 0x0, 0xc8, 0x3, 0x2, 0x6, 0x0, 0x1, {{0x5}, {0x5, 0x24, 0x0, 0x978}, {0xd, 0x24, 0xf, 0x1, 0x105, 0xe, 0x9, 0x3}, [@obex={0x5, 0x24, 0x15, 0x5}, @ncm={0x6, 0x24, 0x1a, 0x6, 0x11}, @mdlm_detail={0x6a, 0x24, 0x13, 0x20, "f1bef90093628374fb24f8f13a3caf73543ba8e273b30c1afc77cda4bd18795ca58a5358ff9fc2600c1364b3dfb0c87832cd86d03639779740d13f047c41b4e1bae6ebe4832349c463c168057cef4b6811476412fe530c1afc8790ffc99e4b62edb581acc74d"}, @acm={0x4, 0x24, 0x2, 0x4}, @ncm={0x6, 0x24, 0x1a, 0xfffe, 0x2}]}, {[], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x8, 0x1, 0x8}}, {{0x9, 0x5, 0x3, 0x2, 0x5a7, 0x9, 0xe3, 0x3}}}}}]}}]}}, &(0x7f0000000680)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x4c, 0x5, 0x1, 0x20, 0x3}, 0x25, &(0x7f00000002c0)={0x5, 0xf, 0x25, 0x2, [@ss_container_id={0x14, 0x10, 0x4, 0x9, "e9d6f99ff00b08cb53b09f093aaa76a9"}, @ssp_cap={0xc, 0x10, 0xa, 0x9, 0x0, 0x7fffffc, 0x0, 0x80}]}, 0x7, [{0xe8, &(0x7f0000000540)=@string={0xe8, 0x3, "9d569e038e9c23ec94a7a77c3e4321649e4e91f14132c1ebaaf1de6f8e96173d0e1340b117eb075411c464af5bf3b3418b249d836307d21e02caff6391bc502d6e6fab0b34815fbd9f17ee3636c8e8e5e2bd7283f5c203bf3eb6fb955e794456e22d079858a3693cd06fab643b74cac5238135d19bcf781374fd6124e3557c71490e307d4492a94ef772dc3a1502fbd257a8beb4cbb2bf2c09c36ddd2c5c532eccf4bd290230e16bfb9a35d5ab57f170fe4938e84aa07cbc78524b25c3657018519c26f4f2c2200f8cd110509b5ed647e2855ec438f8f6d0a760620491e595252efb44a8ff72"}}, {0x10, &(0x7f0000000340)=@string={0x10, 0x3, "be53fdbe7d746292c041993bff79"}}, {0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x843}}, {0x34, &(0x7f0000000700)=ANY=[@ANYBLOB="340321193b9bf2fcbae9519a7f1c0141368b371166a7f11061982229a655972cd92735da00fc3ad86e5fe518754b3249eaaf8500e9b778e318423a1afc0b82190549a278eb0cab033cbbc10710a04bb9c856b7470fc8d99fba0d72f2e6490e999a5f83239f28014fde72a54644cb7c5d786cb0225ed923a1f65b7d013b1a5555791459e5e135c39c7f432d0fba9e544ceb31a3c67da569abc68940aaab9a687154d09373b303d571a3feee18ea0ca7a4c068dee536d69405a648e64c33a541d178566e4e75f8a3c42bff15e42f78bb3b9597c1d35230c8f2a906fabe2eae5613f5ad880679a5b673aacb4321c81725dccd21f37f35ab8e224a18731691d0dcbf94f82ab6cdc80953da75981831f49204945cca293cebd5e5396124ed0a4fe6f96d26115043138faa6d007edaea83edfb1c13852a0d160aea1c00f487f659f45106045f93de69f8fd6b9e4e3628da3e25"]}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x441}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x1039}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0x440a}}]}) (async) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000440)={0x0, 0x0, r0}) (async) r8 = syz_open_dev$dri(&(0x7f0000000040), 0x20, 0x0) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000000c40)={0x2, 0x0, &(0x7f0000000bc0)=[{&(0x7f0000000a40)=""/31, 0x1f}, {&(0x7f0000000a80)=""/217, 0xd9}, {&(0x7f0000000b80)=""/55, 0x37}], &(0x7f0000000c00)=[0x3, 0x6, 0xd274, 0x7, 0x3, 0x0], 0x3}, 0x20) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r8, 0xc00864bf, &(0x7f0000000240)={0x0}) ioctl$DRM_IOCTL_SYNCOBJ_WAIT(r8, 0xc02864c3, &(0x7f0000000400)={&(0x7f0000000440)=[r9], 0x800000000000002, 0x1, 0x9}) (async) ioctl$DRM_IOCTL_SYNCOBJ_CREATE(r0, 0xc00864bf, &(0x7f0000000880)={0x0}) (async) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(0xffffffffffffffff, 0xc01064c2, &(0x7f00000008c0)={0x0, 0x0, r0}) (async, rerun: 32) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_FD(r0, 0xc01064c2, &(0x7f0000000900)={0x0, 0x0, r0}) (rerun: 32) ioctl$DRM_IOCTL_SYNCOBJ_QUERY(r6, 0xc01864cb, &(0x7f00000009c0)={&(0x7f0000000940)=[r7, r9, 0x0, r10, r11, r12], &(0x7f0000000980)=[0x0], 0x6, 0x1}) (async) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x1c, 0x2c, 0x9, 0x70bd27, 0x0, {0x5}, [@typed={0x8, 0xa, 0x0, 0x0, @u32=0x2}]}, 0x1c}}, 0x84) [ 68.268257][ T5306] Bluetooth: hci0: command tx timeout [ 68.291028][ T5327] netlink: 'syz.0.0': attribute type 11 has an invalid length. [ 68.301411][ T5329] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 68.304757][ T5329] #PF: supervisor instruction fetch in kernel mode [ 68.307503][ T5329] #PF: error_code(0x0010) - not-present page [ 68.310098][ T5329] PGD 0 P4D 0 [ 68.311588][ T5329] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 68.313994][ T5329] CPU: 0 UID: 0 PID: 5329 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) [ 68.318853][ T5329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.323099][ T5329] RIP: 0010:0x0 [ 68.324542][ T5329] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 68.327791][ T5329] RSP: 0018:ffffc9000d56f998 EFLAGS: 00010293 [ 68.330452][ T5329] RAX: ffffffff81f853f4 RBX: 1ffffd4000266d40 RCX: ffff888035634880 [ 68.334018][ T5329] RDX: 0000000000000000 RSI: ffffea0001336a00 RDI: ffff88801a16d1c0 [ 68.337604][ T5329] RBP: ffffc9000d56fa50 R08: ffffea0001336a07 R09: 1ffffd4000266d40 [ 68.341379][ T5329] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 68.345099][ T5329] R13: ffffea0001336a08 R14: ffffea0001336a00 R15: 1ffffd4000266d41 [ 68.348474][ T5329] FS: 00007f59b11cc6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 68.352217][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.355068][ T5329] CR2: ffffffffffffffd6 CR3: 000000004361e000 CR4: 0000000000352ef0 [ 68.358767][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.362270][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.366190][ T5329] Call Trace: [ 68.367747][ T5329] [ 68.369116][ T5329] filemap_read_folio+0x117/0x380 [ 68.371528][ T5329] ? __pfx_filemap_read_folio+0x10/0x10 [ 68.374317][ T5329] ? filemap_add_folio+0x1af/0x270 [ 68.377129][ T5329] do_read_cache_folio+0x350/0x590 [ 68.379514][ T5329] freader_get_folio+0x3c4/0x830 [ 68.381951][ T5329] freader_fetch+0xa3/0x5d0 [ 68.384442][ T5329] __build_id_parse+0x133/0x7d0 [ 68.387107][ T5329] ? __pfx___build_id_parse+0x10/0x10 [ 68.389721][ T5329] ? find_vma+0xe7/0x160 [ 68.391614][ T5329] ? __pfx_find_vma+0x10/0x10 [ 68.393782][ T5329] ? query_matching_vma+0x1b2/0x1d0 [ 68.396215][ T5329] procfs_procmap_ioctl+0x7f0/0xce0 [ 68.398751][ T5329] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 68.401490][ T5329] ? __fget_files+0x2a/0x420 [ 68.403628][ T5329] ? __fget_files+0x2a/0x420 [ 68.406220][ T5329] ? __fget_files+0x3a0/0x420 [ 68.408156][ T5329] ? __fget_files+0x2a/0x420 [ 68.410078][ T5329] ? bpf_lsm_file_ioctl+0x9/0x20 [ 68.412321][ T5329] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 68.414707][ T5329] __se_sys_ioctl+0xfc/0x170 [ 68.416591][ T5329] do_syscall_64+0xfa/0x3b0 [ 68.418639][ T5329] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.421003][ T5329] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.423625][ T5329] ? clear_bhb_loop+0x60/0xb0 [ 68.425651][ T5329] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.428171][ T5329] RIP: 0033:0x7f59b038e929 [ 68.430237][ T5329] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.439234][ T5329] RSP: 002b:00007f59b11cc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 68.442970][ T5329] RAX: ffffffffffffffda RBX: 00007f59b05b6160 RCX: 00007f59b038e929 [ 68.446420][ T5329] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000046 [ 68.449405][ T5329] RBP: 00007f59b0410b39 R08: 0000000000000000 R09: 0000000000000000 [ 68.452954][ T5329] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.456470][ T5329] R13: 0000000000000000 R14: 00007f59b05b6160 R15: 00007fff55f0c398 [ 68.459952][ T5329] [ 68.461372][ T5329] Modules linked in: [ 68.463131][ T5329] CR2: 0000000000000000 [ 68.464796][ T5329] ---[ end trace 0000000000000000 ]--- [ 68.467065][ T5329] RIP: 0010:0x0 [ 68.468554][ T5329] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 68.471937][ T5329] RSP: 0018:ffffc9000d56f998 EFLAGS: 00010293 [ 68.474652][ T5329] RAX: ffffffff81f853f4 RBX: 1ffffd4000266d40 RCX: ffff888035634880 [ 68.478470][ T5329] RDX: 0000000000000000 RSI: ffffea0001336a00 RDI: ffff88801a16d1c0 [ 68.482182][ T5329] RBP: ffffc9000d56fa50 R08: ffffea0001336a07 R09: 1ffffd4000266d40 [ 68.485675][ T5329] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 68.489282][ T5329] R13: ffffea0001336a08 R14: ffffea0001336a00 R15: 1ffffd4000266d41 [ 68.492936][ T5329] FS: 00007f59b11cc6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 68.496964][ T5329] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.499976][ T5329] CR2: ffffffffffffffd6 CR3: 000000004361e000 CR4: 0000000000352ef0 [ 68.503710][ T5329] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 68.507344][ T5329] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 68.510802][ T5329] Kernel panic - not syncing: Fatal exception [ 68.513917][ T5329] Kernel Offset: disabled [ 68.515751][ T5329] Rebooting in 86400 seconds..