program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = openat$binfmt_register(0xffffff9c, &(0x7f0000000180), 0x1, 0x0) write$binfmt_register(r2, &(0x7f00000001c0)={0x3a, 'syz3', 0x3a, 'E', 0x3a, 0x4000000000000c1, 0x3a, '\x00', 0x3a, ']\xff\xff\xff\x7f^{', 0x3a, './file0'}, 0x2f) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) syz_emit_vhci(&(0x7f0000000540)=ANY=[@ANYBLOB="04143e"], 0xe) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r3, 0x1000) r4 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x404400, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r4, 0x40043311, &(0x7f0000000040)) r5 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) r6 = io_uring_setup(0x497c, &(0x7f0000000440)) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r5) ioctl$SNDCTL_SEQ_RESET(r7, 0x5100) close_range(r6, 0xffffffffffffffff, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000004c0)={0x30, r1, 0xc4fc9e906872338b, 0x0, 0x0, {{0x15}, {@val={0x8}, @void}}, [@NL80211_ATTR_TID_CONFIG={0x14, 0x11d, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0xc, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0x0, 0x0, [@NL80211_TXRATE_HT={0x4}]}]}]}]}]}, 0x30}}, 0x0) [ 58.339946][ T5309] Bluetooth: hci0: unexpected event 0x14 length: 11 > 6 [ 58.416880][ T5309] Bluetooth: hci0: command tx timeout [ 58.576188][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 58.728495][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 58.732226][ T9] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 65327, setting to 1024 [ 58.737525][ T9] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 58.741283][ T9] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 58.744678][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 58.752456][ T5325] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 58.760800][ T9] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 58.982898][ T9] usb 5-1: USB disconnect, device number 2 [ 59.204498][ T5325] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 59.207398][ T5325] #PF: supervisor instruction fetch in kernel mode [ 59.209736][ T5325] #PF: error_code(0x0010) - not-present page [ 59.212014][ T5325] PGD 3dc17067 P4D 3dc17067 PUD 395f6067 PMD 0 [ 59.214350][ T5325] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 59.216636][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00110-gff7afaeca1a1 #0 [ 59.220296][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.224161][ T5325] RIP: 0010:0x0 [ 59.225422][ T5325] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 59.228031][ T5325] RSP: 0018:ffffc9000d1df8d8 EFLAGS: 00010287 [ 59.230151][ T5325] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: 0000000000040000 [ 59.232748][ T5325] RDX: ffffc9000d679000 RSI: ffffea0001325d40 RDI: ffff888000e448c0 [ 59.235324][ T5325] RBP: ffffc9000d1df990 R08: ffffffff81cdced6 R09: 1ffffd4000264ba8 [ 59.238321][ T5325] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000264ba8 [ 59.241308][ T5325] R13: ffffea0001325d40 R14: ffffc9000d1df920 R15: 1ffffd4000264ba9 [ 59.244301][ T5325] FS: 00007fad21b666c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.247276][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.249619][ T5325] CR2: ffffffffffffffd6 CR3: 0000000042ddc000 CR4: 0000000000352ef0 [ 59.252354][ T5325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.255435][ T5325] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.258505][ T5325] Call Trace: [ 59.259746][ T5325] [ 59.260843][ T5325] ? __die_body+0x5f/0xb0 [ 59.262523][ T5325] ? page_fault_oops+0x8e4/0xcc0 [ 59.264453][ T5325] ? __pfx_page_fault_oops+0x10/0x10 [ 59.266425][ T5325] ? __pfx_lock_acquire+0x10/0x10 [ 59.268305][ T5325] ? __folio_batch_add_and_move+0x81a/0xf00 [ 59.270554][ T5325] ? __pfx_lock_release+0x10/0x10 [ 59.272429][ T5325] ? rcu_is_watching+0x15/0xb0 [ 59.274224][ T5325] ? rcu_is_watching+0x15/0xb0 [ 59.276029][ T5325] ? is_errata93+0xbe/0x260 [ 59.277676][ T5325] ? exc_page_fault+0x5ed/0x8c0 [ 59.279592][ T5325] ? asm_exc_page_fault+0x26/0x30 [ 59.281380][ T5325] ? filemap_read_folio+0x106/0x630 [ 59.283601][ T5325] ? filemap_read_folio+0x13c/0x630 [ 59.285610][ T5325] filemap_read_folio+0x14b/0x630 [ 59.287529][ T5325] ? __pfx_filemap_read_folio+0x10/0x10 [ 59.289565][ T5325] ? __filemap_get_folio+0x949/0xbd0 [ 59.291588][ T5325] do_read_cache_folio+0x3f5/0x850 [ 59.293602][ T5325] freader_get_folio+0x57a/0xb50 [ 59.295469][ T5325] freader_fetch+0x9d/0x650 [ 59.297284][ T5325] ? mt_find+0x2a9/0x920 [ 59.298695][ T5325] __build_id_parse+0x188/0x8a0 [ 59.300377][ T5325] ? __pfx___build_id_parse+0x10/0x10 [ 59.302228][ T5325] ? __might_fault+0xc6/0x120 [ 59.303950][ T5325] procfs_procmap_ioctl+0xcf5/0x1600 [ 59.305867][ T5325] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 59.308266][ T5325] ? __fget_files+0x29/0x470 [ 59.309682][ T5325] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 59.311599][ T5325] __se_sys_ioctl+0xf9/0x170 [ 59.313141][ T5325] do_syscall_64+0xf3/0x230 [ 59.314879][ T5325] ? clear_bhb_loop+0x35/0x90 [ 59.316706][ T5325] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.318917][ T5325] RIP: 0033:0x7fad20d7e719 [ 59.320603][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.327489][ T5325] RSP: 002b:00007fad21b66038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.330468][ T5325] RAX: ffffffffffffffda RBX: 00007fad20f35f80 RCX: 00007fad20d7e719 [ 59.333364][ T5325] RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 59.336356][ T5325] RBP: 00007fad20df139e R08: 0000000000000000 R09: 0000000000000000 [ 59.339318][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.342074][ T5325] R13: 0000000000000000 R14: 00007fad20f35f80 R15: 00007ffeb8ff3ca8 [ 59.344706][ T5325] [ 59.345810][ T5325] Modules linked in: [ 59.347188][ T5325] CR2: 0000000000000000 [ 59.348654][ T5325] ---[ end trace 0000000000000000 ]--- [ 59.350648][ T5325] RIP: 0010:0x0 [ 59.351883][ T5325] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 59.354600][ T5325] RSP: 0018:ffffc9000d1df8d8 EFLAGS: 00010287 [ 59.356798][ T5325] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: 0000000000040000 [ 59.359617][ T5325] RDX: ffffc9000d679000 RSI: ffffea0001325d40 RDI: ffff888000e448c0 [ 59.362465][ T5325] RBP: ffffc9000d1df990 R08: ffffffff81cdced6 R09: 1ffffd4000264ba8 [ 59.365333][ T5325] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000264ba8 [ 59.368131][ T5325] R13: ffffea0001325d40 R14: ffffc9000d1df920 R15: 1ffffd4000264ba9 [ 59.371037][ T5325] FS: 00007fad21b666c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.374262][ T5325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.376685][ T5325] CR2: ffffffffffffffd6 CR3: 0000000042ddc000 CR4: 0000000000352ef0 [ 59.379805][ T5325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.382732][ T5325] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.385706][ T5325] Kernel panic - not syncing: Fatal exception [ 59.388262][ T5325] Kernel Offset: disabled [ 59.389789][ T5325] Rebooting in 86400 seconds..