program: syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) (async) r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) r1 = socket$netlink(0x10, 0x3, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@loopback}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000080)=0xe8) (async) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000002c0)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in=@initdev}}, &(0x7f0000000080)=0xe8) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)={0x14, 0x5e, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}, {&(0x7f00000004c0)={0x180, 0x22, 0x200, 0x70bd29, 0x25dfdbfc, "", [@nested={0x103, 0xc4, 0x0, 0x1, [@generic="b7f73e24de2b27379bef0221a91030cf42a82212e09e82ec3977cd5513d66fb538ad10543c05449fd5328721c2015891a949d5b7311179bc68bb33cadf5ee0104b1be7027eea53690d062bb720e478ab2ed57c74bd27c92488aebf14819ac8a117e2960e5c7145153dd5786c48b61f8ca3cc0a9ceebdad8847d2d151dc03d4913a777419d602432a866039d57ef5cb8afd13ab76a3cb08c80e82527ec4c53f5f9b627824ea5bc25867540c61ebe19f45ada04617a86eb60a669dbccfb504add82705f8233309038ebaaf1492e12b1d45f4c3cf82a80eca6475007ccce1ccae419d4df27d0a33955d37331312252507433b119dbae470de", @typed={0x8, 0x51, 0x0, 0x0, @u32}]}, @generic, @typed={0x8, 0x13, 0x0, 0x0, @uid=r2}, @generic="a3d6f73dea4eae3dcb375cade255329d9732a34bc0035468462e8dcb0f06c72695d93bcea06fcb3aa1cedd0ce83ec02ff701e1282ae6a879a162df79095a0e67c99b967acd992bd1105b8346ad36c948af84293d0e7a77891edf7f6319791d2e9c699970"]}, 0x180}], 0x2}, 0x0) (async) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000480)={0x14, 0x5e, 0x1, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}, {&(0x7f00000004c0)={0x180, 0x22, 0x200, 0x70bd29, 0x25dfdbfc, "", [@nested={0x103, 0xc4, 0x0, 0x1, [@generic="b7f73e24de2b27379bef0221a91030cf42a82212e09e82ec3977cd5513d66fb538ad10543c05449fd5328721c2015891a949d5b7311179bc68bb33cadf5ee0104b1be7027eea53690d062bb720e478ab2ed57c74bd27c92488aebf14819ac8a117e2960e5c7145153dd5786c48b61f8ca3cc0a9ceebdad8847d2d151dc03d4913a777419d602432a866039d57ef5cb8afd13ab76a3cb08c80e82527ec4c53f5f9b627824ea5bc25867540c61ebe19f45ada04617a86eb60a669dbccfb504add82705f8233309038ebaaf1492e12b1d45f4c3cf82a80eca6475007ccce1ccae419d4df27d0a33955d37331312252507433b119dbae470de", @typed={0x8, 0x51, 0x0, 0x0, @u32}]}, @generic, @typed={0x8, 0x13, 0x0, 0x0, @uid=r2}, @generic="a3d6f73dea4eae3dcb375cade255329d9732a34bc0035468462e8dcb0f06c72695d93bcea06fcb3aa1cedd0ce83ec02ff701e1282ae6a879a162df79095a0e67c99b967acd992bd1105b8346ad36c948af84293d0e7a77891edf7f6319791d2e9c699970"]}, 0x180}], 0x2}, 0x0) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f00000000c0)=0x1) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) readv(r3, &(0x7f0000000280)=[{&(0x7f00000001c0)=""/182, 0xb6}], 0x1) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) (async) prctl$PR_SET_IO_FLUSHER(0x39, 0x0) r4 = syz_mount_image$ext4(&(0x7f0000000740)='ext4\x00', &(0x7f0000000780)='./file0\x00', 0x0, &(0x7f0000000000)={[{@nouid32}, {@mblk_io_submit}, {@i_version}]}, 0x1, 0x755, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbPPSt98vKXiwIhjowULpxqa1VBCp6EGKlaLePLTbZBtKNt2S3ZQmVLSiCJ5EimdfTt78B0QR9OZR8OxJCkVKvQjCymxn4za7m2zS3Wx1Px+Y8jwzs32e787MM8/meZgJYGhNpf/kIg5GxMdJxES2PomI0XpqJOL0/f3u3b0xmy5J1Gpv/J7U90nz0fSZ1L4s83hEfP9BxJFca7mVldWFQqlUXMry09XFq9OVldWjlxcL88X54pWZk88dnzk18+ypmZ7F+uf7r1088/XLX95676dfX3/7zFNJnI792bbmOHplKqay72Q0/Qof8FKvCxuwZNAVYFvSS3PX/as8DsZE7KqnAID/snciogYADJnE/R8Ahkzj7wCNsb1+jIM9yu68GBG728U/ko3Z7a6Pg+69lzwwMpJExGQPyp+KiOtvffhNukSfxiEB2nn3ZkRcmJxqbf+SljkLW/VMF/tMrctr/2DnfJf2f0616//k1vo/sb7/k0SMt7l2t2Pz6z93uwfFdJT2/55v2/9dm7Q2uSvL/a/e5xtNLl0uFdO27f8RcThGx9P8sQ3KOPHJCz922tbc/0uXtPxGXzCrx+2R8Qc/M1eoFh4m5mZ3bkY8MdIu/mTt+Ccd+r/nuiyj+sOTX3Tatnn8/VX7POLptsf/nxltSdP8xPFomZ84XT8fphtnRav8RxMHOpU/6PjT47934/gnk+b5mpWtl/Hzp3+90mnbds//seTNenosW3e9UK0uHYsYS15tXd80hbSRb+yfxn/40MbtX7vzP/1NeKHL+Bc+++ri9uPvrzT+uS0d/60nDv3ybft4atls402P/4l66nC2ppv2r9sKPsx3BwAAAAAAAAAAAAAAAAAAAAAAAADdykXE/khy+bV0LpfP33+H92OxN1cqV6pHLpWXr8xF/V3ZkzGaazzpcqLpeah7sufhN/Iz6/LHI+JARNwa31PP52fLpblBBw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmX0d3v+f+m180LUDAPpm96ArAADsOPd/ABg+27v/j/W8HgDAzvH7HwCGj/s/AAwf938AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD67NzZs+lS++Pujdk0P3dtZXmhfO3oXLGykF9cns3Plpeu5ufL5flSMT9bXtzs/yuVy1dnTsby9elqsVKdrqysnl8sL1+pnr+8WJgvni+O7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALA1lZXVhUKpVFySkJDYMNG4Zh6V+vQ3Mdh2CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODf4u8AAAD///zMG18=") ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) (async) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) close_range(r4, 0xffffffffffffffff, 0x0) [ 69.619181][ T4672] Bluetooth: hci0: command tx timeout [ 69.721036][ T5326] loop0: detected capacity change from 0 to 2048 [ 69.735601][ T5326] EXT4-fs: Ignoring removed mblk_io_submit option [ 69.748396][ T5326] EXT4-fs: Ignoring removed i_version option [ 69.783656][ T5326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 69.799260][ T5327] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 69.802093][ T5327] #PF: supervisor instruction fetch in kernel mode [ 69.804539][ T5327] #PF: error_code(0x0010) - not-present page [ 69.806611][ T5327] PGD 42e30067 P4D 42e30067 PUD 42cca067 PMD 0 [ 69.808900][ T5327] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 69.810985][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.12.0-rc7-syzkaller #0 [ 69.813814][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 69.817148][ T5327] RIP: 0010:0x0 [ 69.818378][ T5327] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.821061][ T5327] RSP: 0018:ffffc9000d21f8d8 EFLAGS: 00010293 [ 69.823156][ T5327] RAX: ffffffff81cdcebc RBX: 0000000000000000 RCX: ffff888000602440 [ 69.825885][ T5327] RDX: 0000000000000000 RSI: ffffea00004bd180 RDI: ffff88801cecce00 [ 69.828699][ T5327] RBP: ffffc9000d21f990 R08: ffffffff81cdce86 R09: 1ffffd4000097a30 [ 69.831398][ T5327] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000097a30 [ 69.834352][ T5327] R13: ffffea00004bd180 R14: ffffc9000d21f920 R15: 1ffffd4000097a31 [ 69.837453][ T5327] FS: 00007f820a54b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.840892][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.843303][ T5327] CR2: ffffffffffffffd6 CR3: 000000004407e000 CR4: 0000000000352ef0 [ 69.846054][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.848982][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.851790][ T5327] Call Trace: [ 69.853063][ T5327] [ 69.854228][ T5327] ? __die_body+0x5f/0xb0 [ 69.856011][ T5327] ? page_fault_oops+0x8e4/0xcc0 [ 69.857915][ T5327] ? __pfx_page_fault_oops+0x10/0x10 [ 69.859875][ T5327] ? __pfx_lock_acquire+0x10/0x10 [ 69.861739][ T5327] ? __folio_batch_add_and_move+0x81a/0xf00 [ 69.863892][ T5327] ? __pfx_lock_release+0x10/0x10 [ 69.865854][ T5327] ? rcu_is_watching+0x15/0xb0 [ 69.867558][ T5327] ? rcu_is_watching+0x15/0xb0 [ 69.869277][ T5327] ? is_errata93+0xbe/0x260 [ 69.870797][ T5327] ? exc_page_fault+0x5ed/0x8c0 [ 69.872796][ T5327] ? asm_exc_page_fault+0x26/0x30 [ 69.874683][ T5327] ? filemap_read_folio+0x106/0x630 [ 69.876753][ T5327] ? filemap_read_folio+0x13c/0x630 [ 69.878681][ T5327] filemap_read_folio+0x14b/0x630 [ 69.880663][ T5327] ? __pfx_filemap_read_folio+0x10/0x10 [ 69.882765][ T5327] ? __filemap_get_folio+0x949/0xbd0 [ 69.884808][ T5327] do_read_cache_folio+0x3f5/0x850 [ 69.886839][ T5327] freader_get_folio+0x57a/0xb50 [ 69.888726][ T5327] freader_fetch+0x9d/0x650 [ 69.890411][ T5327] ? mt_find+0x2a9/0x920 [ 69.892016][ T5327] __build_id_parse+0x188/0x8a0 [ 69.893896][ T5327] ? __pfx___build_id_parse+0x10/0x10 [ 69.895925][ T5327] ? __might_fault+0xc6/0x120 [ 69.897756][ T5327] procfs_procmap_ioctl+0xcf5/0x1600 [ 69.899848][ T5327] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 69.902025][ T5327] ? __fget_files+0x29/0x470 [ 69.903775][ T5327] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 69.905972][ T5327] __se_sys_ioctl+0xf9/0x170 [ 69.907786][ T5327] do_syscall_64+0xf3/0x230 [ 69.909516][ T5327] ? clear_bhb_loop+0x35/0x90 [ 69.911306][ T5327] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.913508][ T5327] RIP: 0033:0x7f820977e719 [ 69.915181][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 69.922349][ T5327] RSP: 002b:00007f820a54b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 69.925486][ T5327] RAX: ffffffffffffffda RBX: 00007f8209936058 RCX: 00007f820977e719 [ 69.928228][ T5327] RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000009 [ 69.930857][ T5327] RBP: 00007f82097f1616 R08: 0000000000000000 R09: 0000000000000000 [ 69.933728][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 69.936541][ T5327] R13: 0000000000000000 R14: 00007f8209936058 R15: 00007ffd695e1df8 [ 69.939372][ T5327] [ 69.940541][ T5327] Modules linked in: [ 69.941993][ T5327] CR2: 0000000000000000 [ 69.943513][ T5327] ---[ end trace 0000000000000000 ]--- [ 69.945499][ T5327] RIP: 0010:0x0 [ 69.946840][ T5327] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 69.949550][ T5327] RSP: 0018:ffffc9000d21f8d8 EFLAGS: 00010293 [ 69.951829][ T5327] RAX: ffffffff81cdcebc RBX: 0000000000000000 RCX: ffff888000602440 [ 69.954824][ T5327] RDX: 0000000000000000 RSI: ffffea00004bd180 RDI: ffff88801cecce00 [ 69.957854][ T5327] RBP: ffffc9000d21f990 R08: ffffffff81cdce86 R09: 1ffffd4000097a30 [ 69.960889][ T5327] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd4000097a30 [ 69.963636][ T5327] R13: ffffea00004bd180 R14: ffffc9000d21f920 R15: 1ffffd4000097a31 [ 69.966489][ T5327] FS: 00007f820a54b6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 69.969784][ T5327] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.972116][ T5327] CR2: ffffffffffffffd6 CR3: 000000004407e000 CR4: 0000000000352ef0 [ 69.975055][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 69.978036][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 69.981230][ T5327] Kernel panic - not syncing: Fatal exception [ 69.984054][ T5327] Kernel Offset: disabled [ 69.985952][ T5327] Rebooting in 86400 seconds..