program: r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_buf(r1, 0x0, 0x8008000000010, &(0x7f00000000c0)="17000000020001000003be8c5ee17688a2003208030300ecff3f0000000300000a0000000098fc5ad9485bbb6a880000d6c8db0000dba67e06000000e28900000200df018000000000f50607bdff59100ac45761547a681f009cee4a5acb3da400001fb700674f00c88ebbf9315033bf79ac2dff060115003901000000000000ea000000000000000002ffff02dfccebf6ba000840024f0298e9e90554062a80e605007f71174aa951f3c63e5c83f1ba2112ce68bf17a6e0", 0xb8) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)={0x2, 0x16, 0x0, 0x0, 0x2}, 0x10}}, 0x0) sendmsg$key(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x2, 0x15, 0x3, 0x8, 0x2, 0x0, 0x70bd2a, 0x25dfdbfe}, 0x10}}, 0x84) sendmsg$key(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x2, 0x12, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x80002, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7) sendmsg(r4, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e", 0x24}], 0x1}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newlink={0x28, 0x10, 0xc362e63b3f31ba5f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20080, 0x80e1}, [@IFLA_GROUP={0x8}]}, 0x28}}, 0x0) bind$inet6(r0, 0x0, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x2, 0x0, &(0x7f0000000340)) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) r6 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r8 = dup(r7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000007, 0x38011, r8, 0x2c9ab000) r9 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x2, 0x4, 0x6, 0x504}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000200), 0xa7c, r9}, 0x38) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x17, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) ptrace(0x10, r6) capset(&(0x7f0000000040)={0x20080522, r6}, &(0x7f0000000080)={0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x7}) [ 385.007957][ T45] Bluetooth: hci0: command tx timeout [ 385.011871][ T1315] ieee802154 phy0 wpan0: encryption failed: -22 [ 385.014363][ T1315] ieee802154 phy1 wpan1: encryption failed: -22 [ 385.121714][ T5425] bridge0: port 2(bridge_slave_1) entered disabled state [ 385.125574][ T5425] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.206290][ T5426] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 385.209631][ T5426] #PF: supervisor instruction fetch in kernel mode [ 385.212517][ T5426] #PF: error_code(0x0010) - not-present page [ 385.215074][ T5426] PGD 0 P4D 0 [ 385.216563][ T5426] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 385.218814][ T5426] CPU: 0 UID: 0 PID: 5426 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 385.222513][ T5426] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 385.227111][ T5426] RIP: 0010:0x0 [ 385.228699][ T5426] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 385.231851][ T5426] RSP: 0018:ffffc9000d48f998 EFLAGS: 00010287 [ 385.234412][ T5426] RAX: ffffffff81f90f64 RBX: 1ffffd4000269108 RCX: 0000000000100000 [ 385.237654][ T5426] RDX: ffffc9000e83b000 RSI: ffffea0001348840 RDI: ffff8880002db540 [ 385.241141][ T5426] RBP: ffffc9000d48fa50 R08: ffffea0001348847 R09: 1ffffd4000269108 [ 385.244446][ T5426] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 385.247656][ T5426] R13: ffffea0001348848 R14: ffffea0001348840 R15: 1ffffd4000269109 [ 385.250895][ T5426] FS: 00007fcac38a56c0(0000) GS:ffff88808d001000(0000) knlGS:0000000000000000 [ 385.255367][ T5426] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 385.258215][ T5426] CR2: ffffffffffffffd6 CR3: 0000000043063000 CR4: 0000000000352ef0 [ 385.261689][ T5426] Call Trace: [ 385.263238][ T5426] [ 385.264544][ T5426] filemap_read_folio+0x114/0x380 [ 385.266832][ T5426] ? __pfx_filemap_read_folio+0x10/0x10 [ 385.269195][ T5426] ? filemap_add_folio+0x1af/0x270 [ 385.271468][ T5426] do_read_cache_folio+0x350/0x590 [ 385.273814][ T5426] freader_get_folio+0x3c4/0x830 [ 385.275992][ T5426] freader_fetch+0xa3/0x5d0 [ 385.277970][ T5426] __build_id_parse+0x133/0x7d0 [ 385.280162][ T5426] ? __pfx___build_id_parse+0x10/0x10 [ 385.282345][ T5426] ? find_vma+0xe7/0x160 [ 385.284156][ T5426] ? __pfx_find_vma+0x10/0x10 [ 385.286067][ T5426] ? query_matching_vma+0x1b2/0x1d0 [ 385.288293][ T5426] procfs_procmap_ioctl+0x7f0/0xce0 [ 385.290548][ T5426] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 385.292938][ T5426] ? __fget_files+0x2a/0x420 [ 385.294908][ T5426] ? __fget_files+0x2a/0x420 [ 385.297041][ T5426] ? __fget_files+0x3a0/0x420 [ 385.299154][ T5426] ? __fget_files+0x2a/0x420 [ 385.301189][ T5426] ? bpf_lsm_file_ioctl+0x9/0x20 [ 385.303278][ T5426] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 385.305640][ T5426] __se_sys_ioctl+0xf9/0x170 [ 385.307573][ T5426] do_syscall_64+0xfa/0x3b0 [ 385.309437][ T5426] ? lockdep_hardirqs_on+0x9c/0x150 [ 385.311645][ T5426] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.313915][ T5426] ? clear_bhb_loop+0x60/0xb0 [ 385.315552][ T5426] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 385.317996][ T5426] RIP: 0033:0x7fcac298eec9 [ 385.319794][ T5426] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 385.327796][ T5426] RSP: 002b:00007fcac38a5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 385.331300][ T5426] RAX: ffffffffffffffda RBX: 00007fcac2be6090 RCX: 00007fcac298eec9 [ 385.334560][ T5426] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000d [ 385.338053][ T5426] RBP: 00007fcac2a11f91 R08: 0000000000000000 R09: 0000000000000000 [ 385.341549][ T5426] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 385.344984][ T5426] R13: 00007fcac2be6128 R14: 00007fcac2be6090 R15: 00007fff0ebe78a8 [ 385.348377][ T5426] [ 385.349683][ T5426] Modules linked in: [ 385.351311][ T5426] CR2: 0000000000000000 [ 385.353190][ T5426] ---[ end trace 0000000000000000 ]--- [ 385.355471][ T5426] RIP: 0010:0x0 [ 385.357047][ T5426] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 385.360129][ T5426] RSP: 0018:ffffc9000d48f998 EFLAGS: 00010287 [ 385.362843][ T5426] RAX: ffffffff81f90f64 RBX: 1ffffd4000269108 RCX: 0000000000100000 [ 385.366233][ T5426] RDX: ffffc9000e83b000 RSI: ffffea0001348840 RDI: ffff8880002db540 [ 385.369619][ T5426] RBP: ffffc9000d48fa50 R08: ffffea0001348847 R09: 1ffffd4000269108 [ 385.372997][ T5426] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 385.376304][ T5426] R13: ffffea0001348848 R14: ffffea0001348840 R15: 1ffffd4000269109 [ 385.379588][ T5426] FS: 00007fcac38a56c0(0000) GS:ffff88808d001000(0000) knlGS:0000000000000000 [ 385.383469][ T5426] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 385.386262][ T5426] CR2: ffffffffffffffd6 CR3: 0000000043063000 CR4: 0000000000352ef0 [ 385.389672][ T5426] Kernel panic - not syncing: Fatal exception [ 385.392585][ T5426] Kernel Offset: disabled [ 385.394277][ T5426] Rebooting in 86400 seconds..