program: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r2, 0x1000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r3) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x18, r4, 0x5, 0x0, 0x0, {{}, {@void, @void}}, [@mon_options=[@NL80211_ATTR_MNTR_FLAGS={0x4}]]}, 0x18}}, 0x20048000) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c000280080001"], 0x44}}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a00170000000004003700090003", 0x27}], 0x1) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="4800000002060500000000000000000000000000120003006269746d61703a69702c6d61630000000500040000000000100007800c00018008000140001b0000050005"], 0x48}}, 0x0) sendmsg$NL802154_CMD_DEL_SEC_LEVEL(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x3, &(0x7f0000000580)={&(0x7f0000000200)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000002100000008000300", @ANYRES32, @ANYBLOB="24002d80080002000300000005000100000000000500040000000000080003"], 0x40}}, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="580000000002000000000000000000000000000010000180f7000280050001000000000030"], 0x58}}, 0x0) sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000000000000000000000aa63d9ae50003800800"], 0x28}}, 0x0) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="d824000028000100020000080000000004"], 0x24d8}], 0x1}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200), 0x2, 0x6}}, 0x20) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010426bd70000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800a00010069706f69620000000c0007af3b"], 0x3c}}, 0x0) r6 = socket$kcm(0x10, 0x2, 0x10) getsockopt$inet6_mreq(r1, 0x29, 0x14, &(0x7f0000000300)={@rand_addr, 0x0}, &(0x7f0000000340)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000380)=@delqdisc={0x40, 0x25, 0x100, 0x70bd27, 0x25dfdbfe, {0x0, 0x0, 0x0, r7, {0xfff8}, {0xd, 0x1}, {0x2, 0x4}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x4}, @TCA_RATE={0x6, 0x5, {0x80, 0x4}}, @qdisc_kind_options=@q_clsact={0xb}]}, 0x40}}, 0x0) sendmsg$kcm(r6, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018088a8170086dd", 0x33fe0}], 0x1}, 0x0) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000440)={0x0, 0x18, 0xfa00, {0x4, &(0x7f00000003c0), 0xc722c16ddc61faac, 0x5}}, 0x20) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=@ipv4_newroute={0x38, 0x18, 0x1, 0x70bd2a, 0x25dfdbfc, {0x2, 0x14, 0x0, 0x0, 0xfd, 0x1, 0xfd, 0x5, 0x500}, [@RTA_NH_ID={0x8, 0x1e, 0x8}, @RTA_ENCAP={0x14, 0x16, 0x0, 0x1, @LWTUNNEL_IP6_OPTS={0x10, 0x8, @LWTUNNEL_IP_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, @LWTUNNEL_IP_OPT_ERSPAN_INDEX={0x8, 0x2, 0x39afde41}}}}]}, 0x38}}, 0x0) [ 69.530309][ T5313] Bluetooth: hci0: command tx timeout [ 69.632998][ T5328] netlink: 'syz.0.0': attribute type 1 has an invalid length. [ 69.636189][ T5328] netlink: 9116 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.639541][ T5328] netlink: 'syz.0.0': attribute type 2 has an invalid length. [ 69.643580][ T5328] netlink: 177 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.647768][ T5328] netlink: 134744 bytes leftover after parsing attributes in process `syz.0.0'. [ 69.654600][ T5328] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 69.657561][ T5328] #PF: supervisor instruction fetch in kernel mode [ 69.660027][ T5328] #PF: error_code(0x0010) - not-present page [ 69.662075][ T5328] PGD 42d3d067 P4D 42d3d067 PUD 40961067 PMD 0 [ 69.664377][ T5328] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 69.666654][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00077-g2e1b3cc9d7f7 #0 [ 69.670569][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.674463][ T5328] RIP: 0010:0x0 [ 69.676888][ T5328] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.679634][ T5328] RSP: 0018:ffffc9000d32f8d8 EFLAGS: 00010283 [ 69.681932][ T5328] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: 0000000000040000 [ 69.685061][ T5328] RDX: ffffc9000d6a9000 RSI: ffffea00010a1c80 RDI: ffff88801de18e00 [ 69.688092][ T5328] RBP: ffffc9000d32f990 R08: ffffffff81cdced6 R09: 1ffffd4000214390 [ 69.691135][ T5328] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000214390 [ 69.694226][ T5328] R13: ffffea00010a1c80 R14: ffffc9000d32f920 R15: 1ffffd4000214391 [ 69.697397][ T5328] FS: 00007ffb118206c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.700967][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.703455][ T5328] CR2: ffffffffffffffd6 CR3: 0000000043c4e000 CR4: 0000000000352ef0 [ 69.706572][ T5328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.709531][ T5328] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.712579][ T5328] Call Trace: [ 69.714065][ T5328] [ 69.715223][ T5328] ? __die_body+0x5f/0xb0 [ 69.717019][ T5328] ? page_fault_oops+0x8e4/0xcc0 [ 69.718953][ T5328] ? __pfx_page_fault_oops+0x10/0x10 [ 69.721053][ T5328] ? __pfx_lock_acquire+0x10/0x10 [ 69.722945][ T5328] ? __folio_batch_add_and_move+0x81a/0xf00 [ 69.725288][ T5328] ? __pfx_lock_release+0x10/0x10 [ 69.727235][ T5328] ? rcu_is_watching+0x15/0xb0 [ 69.729081][ T5328] ? rcu_is_watching+0x15/0xb0 [ 69.730822][ T5328] ? is_errata93+0xbe/0x260 [ 69.732559][ T5328] ? exc_page_fault+0x5ed/0x8c0 [ 69.734508][ T5328] ? asm_exc_page_fault+0x26/0x30 [ 69.736563][ T5328] ? filemap_read_folio+0x106/0x630 [ 69.738584][ T5328] ? filemap_read_folio+0x13c/0x630 [ 69.740607][ T5328] filemap_read_folio+0x14b/0x630 [ 69.742504][ T5328] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.744690][ T5328] ? __filemap_get_folio+0x949/0xbd0 [ 69.746778][ T5328] do_read_cache_folio+0x3f5/0x850 [ 69.748714][ T5328] freader_get_folio+0x57a/0xb50 [ 69.750729][ T5328] freader_fetch+0x9d/0x650 [ 69.752503][ T5328] ? mt_find+0x2a9/0x920 [ 69.754139][ T5328] __build_id_parse+0x188/0x8a0 [ 69.755949][ T5328] ? __pfx___build_id_parse+0x10/0x10 [ 69.757919][ T5328] ? __might_fault+0xc6/0x120 [ 69.759789][ T5328] procfs_procmap_ioctl+0xcf5/0x1600 [ 69.761913][ T5328] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 69.764068][ T5328] ? __fget_files+0x29/0x470 [ 69.765863][ T5328] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 69.768024][ T5328] __se_sys_ioctl+0xf9/0x170 [ 69.769950][ T5328] do_syscall_64+0xf3/0x230 [ 69.771595][ T5328] ? clear_bhb_loop+0x35/0x90 [ 69.773334][ T5328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.775615][ T5328] RIP: 0033:0x7ffb1097e719 [ 69.777403][ T5328] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.784659][ T5328] RSP: 002b:00007ffb11820038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.787823][ T5328] RAX: ffffffffffffffda RBX: 00007ffb10b35f80 RCX: 00007ffb1097e719 [ 69.790667][ T5328] RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000008 [ 69.793762][ T5328] RBP: 00007ffb109f139e R08: 0000000000000000 R09: 0000000000000000 [ 69.796750][ T5328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.799655][ T5328] R13: 0000000000000000 R14: 00007ffb10b35f80 R15: 00007ffd7832ac58 [ 69.802704][ T5328] [ 69.803855][ T5328] Modules linked in: [ 69.805376][ T5328] CR2: 0000000000000000 [ 69.806953][ T5328] ---[ end trace 0000000000000000 ]--- [ 69.809055][ T5328] RIP: 0010:0x0 [ 69.810410][ T5328] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.813172][ T5328] RSP: 0018:ffffc9000d32f8d8 EFLAGS: 00010283 [ 69.815531][ T5328] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: 0000000000040000 [ 69.818531][ T5328] RDX: ffffc9000d6a9000 RSI: ffffea00010a1c80 RDI: ffff88801de18e00 [ 69.821528][ T5328] RBP: ffffc9000d32f990 R08: ffffffff81cdced6 R09: 1ffffd4000214390 [ 69.824760][ T5328] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000214390 [ 69.827952][ T5328] R13: ffffea00010a1c80 R14: ffffc9000d32f920 R15: 1ffffd4000214391 [ 69.830993][ T5328] FS: 00007ffb118206c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.834198][ T5328] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.836599][ T5328] CR2: ffffffffffffffd6 CR3: 0000000043c4e000 CR4: 0000000000352ef0 [ 69.839784][ T5328] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.843046][ T5328] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.846078][ T5328] Kernel panic - not syncing: Fatal exception [ 69.848896][ T5328] Kernel Offset: disabled [ 69.850628][ T5328] Rebooting in 86400 seconds..