program: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='./file0\x00', 0x0, &(0x7f0000001ec0)=ANY=[@ANYRES8, @ANYRESOCT, @ANYRESOCT, @ANYRES16=0x0], 0x1, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") r2 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00'}) r4 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@bpq0, 0xfffffffffffffe1d) ioctl$sock_netdev_private(r4, 0x8914, &(0x7f0000000000)) bind$ax25(r2, &(0x7f0000000540)={{0x3, @bcast, 0x1}, [@default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @null, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) connect$ax25(r2, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000180)) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) socket(0x400000000010, 0x3, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001ac0)={0x6c, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x28, 0xe, {{{}, {}, @device_b}, 0x0, @random=0x6, 0x1, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void, @void}}, @NL80211_ATTR_FTM_RESPONDER={0x10, 0x10e, 0x0, 0x1, [@NL80211_FTM_RESP_ATTR_ENABLED={0x4}, @NL80211_FTM_RESP_ATTR_LCI={0x5, 0x2, "9f"}]}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_DTIM_PERIOD={0x8}]}, 0x6c}}, 0x0) creat(&(0x7f00000002c0)='./file0\x00', 0x0) r7 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r7, 0x10e, 0xc, &(0x7f0000000000)={0x8}, 0x10) write(r7, &(0x7f0000000500)="240000001e005f02141f00fffffffff801000000000000000000b78908000902009ea5b1", 0x24) mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000180)='./file0\x00', &(0x7f0000002240)='ntfs3\x00', 0x0, 0x0) [ 69.813191][ T5297] Bluetooth: hci0: command tx timeout [ 69.886979][ T5317] loop0: detected capacity change from 0 to 1024 [ 69.898324][ T5317] hfsplus: Unknown parameter 'ÿ0177777777777777777777701777777777777777777777' [ 69.920132][ T5317] capability: warning: `syz.0.0' uses 32-bit capabilities (legacy support in use) [ 69.934625][ T5317] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 69.937772][ T5317] #PF: supervisor instruction fetch in kernel mode [ 69.940272][ T5317] #PF: error_code(0x0010) - not-present page [ 69.942662][ T5317] PGD 0 P4D 0 [ 69.944158][ T5317] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 69.946522][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 69.950404][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.955011][ T5317] RIP: 0010:0x0 [ 69.956628][ T5317] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.959829][ T5317] RSP: 0018:ffffc9000d457958 EFLAGS: 00010283 [ 69.962210][ T5317] RAX: ffffffff81fa8bb4 RBX: 1ffffd4000283140 RCX: 0000000000100000 [ 69.965437][ T5317] RDX: ffffc9000e022000 RSI: ffffea0001418a00 RDI: ffff888042e7fc40 [ 69.968594][ T5317] RBP: ffffc9000d457a10 R08: ffffea0001418a07 R09: 1ffffd4000283140 [ 69.971832][ T5317] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 69.974949][ T5317] R13: ffffea0001418a08 R14: ffffea0001418a00 R15: 1ffffd4000283141 [ 69.978430][ T5317] FS: 00007f943aff56c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000 [ 69.982330][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.985199][ T5317] CR2: ffffffffffffffd6 CR3: 0000000019e86000 CR4: 0000000000352ef0 [ 69.988754][ T5317] Call Trace: [ 69.990365][ T5317] [ 69.991761][ T5317] filemap_read_folio+0x117/0x380 [ 69.993895][ T5317] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.996271][ T5317] ? filemap_add_folio+0x35f/0x540 [ 69.998366][ T5317] do_read_cache_folio+0x350/0x590 [ 70.000401][ T5317] freader_get_folio+0x3c4/0x830 [ 70.002311][ T5317] freader_fetch+0xa3/0x5d0 [ 70.004145][ T5317] __build_id_parse+0x133/0x7d0 [ 70.006357][ T5317] ? __pfx___build_id_parse+0x10/0x10 [ 70.008513][ T5317] procfs_procmap_ioctl+0x76f/0xce0 [ 70.010519][ T5317] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 70.013108][ T5317] ? __fget_files+0x3a0/0x420 [ 70.015114][ T5317] ? __fget_files+0x2a/0x420 [ 70.017110][ T5317] ? bpf_lsm_file_ioctl+0x9/0x20 [ 70.019281][ T5317] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 70.022631][ T5317] __se_sys_ioctl+0xfc/0x170 [ 70.024718][ T5317] do_syscall_64+0xfa/0xfa0 [ 70.026661][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 70.028882][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.031439][ T5317] ? clear_bhb_loop+0x60/0xb0 [ 70.033412][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 70.035853][ T5317] RIP: 0033:0x7f943eb8f749 [ 70.037881][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 70.046366][ T5317] RSP: 002b:00007f943aff5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 70.049776][ T5317] RAX: ffffffffffffffda RBX: 00007f943ede5fa0 RCX: 00007f943eb8f749 [ 70.053056][ T5317] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000007 [ 70.056378][ T5317] RBP: 00007f943ec13f91 R08: 0000000000000000 R09: 0000000000000000 [ 70.059663][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 70.063144][ T5317] R13: 00007f943ede6038 R14: 00007f943ede5fa0 R15: 00007fff2591d0f8 [ 70.066412][ T5317] [ 70.067652][ T5317] Modules linked in: [ 70.069290][ T5317] CR2: 0000000000000000 [ 70.071131][ T5317] ---[ end trace 0000000000000000 ]--- [ 70.073368][ T5317] RIP: 0010:0x0 [ 70.074925][ T5317] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 70.078128][ T5317] RSP: 0018:ffffc9000d457958 EFLAGS: 00010283 [ 70.080894][ T5317] RAX: ffffffff81fa8bb4 RBX: 1ffffd4000283140 RCX: 0000000000100000 [ 70.084335][ T5317] RDX: ffffc9000e022000 RSI: ffffea0001418a00 RDI: ffff888042e7fc40 [ 70.087703][ T5317] RBP: ffffc9000d457a10 R08: ffffea0001418a07 R09: 1ffffd4000283140 [ 70.091231][ T5317] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 70.094684][ T5317] R13: ffffea0001418a08 R14: ffffea0001418a00 R15: 1ffffd4000283141 [ 70.098007][ T5317] FS: 00007f943aff56c0(0000) GS:ffff88808d72f000(0000) knlGS:0000000000000000 [ 70.101777][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 70.104943][ T5317] CR2: ffffffffffffffd6 CR3: 0000000019e86000 CR4: 0000000000352ef0 [ 70.109121][ T5317] Kernel panic - not syncing: Fatal exception [ 70.112554][ T5317] Kernel Offset: disabled [ 70.114394][ T5317] Rebooting in 86400 seconds..