program: syz_emit_ethernet(0x56, &(0x7f00000001c0)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x20, 0x2b, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @local, {[@fragment={0x0, 0x0, 0x3}], {0x0, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) (async) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f00000001c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x3}}, './file0\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r2, 0x1000) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) (async) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) (async) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) sendmmsg(r4, &(0x7f0000002840)=[{{0x0, 0x0, 0x0}}], 0x1, 0x20044000) (async) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)={0x28, r6, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1d}]}]}, 0x28}}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) (async) r8 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r7, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r8, @ANYBLOB="010000000000fbdbdf250100000008000200000000000500050000000000080003000100000048000180050002002000000006000100020000000800060003000000080003"], 0x84}}, 0x20000000) accept(r1, 0x0, 0x0) [ 59.070106][ T5321] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 59.073133][ T5321] #PF: supervisor instruction fetch in kernel mode [ 59.075457][ T5321] #PF: error_code(0x0010) - not-present page [ 59.077721][ T5321] PGD 36251067 P4D 36251067 PUD 3f0a0067 PMD 0 [ 59.080048][ T5321] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 59.082456][ T5321] CPU: 0 UID: 0 PID: 5321 Comm: syz.0.0 Not tainted 6.12.0-rc6-syzkaller-00099-g7758b206117d #0 [ 59.086359][ T5321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 59.090314][ T5321] RIP: 0010:0x0 [ 59.091607][ T5321] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 59.094256][ T5321] RSP: 0018:ffffc9000d4378d8 EFLAGS: 00010293 [ 59.096405][ T5321] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: ffff88801f9d4880 [ 59.099264][ T5321] RDX: 0000000000000000 RSI: ffffea0001220e00 RDI: ffff88804024c380 [ 59.102226][ T5321] RBP: ffffc9000d437990 R08: ffffffff81cdced6 R09: 1ffffd40002441c0 [ 59.105199][ T5321] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd40002441c0 [ 59.108404][ T5321] R13: ffffea0001220e00 R14: ffffc9000d437920 R15: 1ffffd40002441c1 [ 59.111354][ T5321] FS: 00007fa6e3cfc6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.114642][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.117140][ T5321] CR2: ffffffffffffffd6 CR3: 000000004460a000 CR4: 0000000000352ef0 [ 59.120059][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.123032][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.126033][ T5321] Call Trace: [ 59.127292][ T5321] [ 59.128433][ T5321] ? __die_body+0x5f/0xb0 [ 59.130224][ T5321] ? page_fault_oops+0x8e4/0xcc0 [ 59.132136][ T5321] ? __pfx_page_fault_oops+0x10/0x10 [ 59.134177][ T5321] ? __pfx_lock_acquire+0x10/0x10 [ 59.136014][ T5321] ? __folio_batch_add_and_move+0x81a/0xf00 [ 59.138166][ T5321] ? __pfx_lock_release+0x10/0x10 [ 59.140050][ T5321] ? rcu_is_watching+0x15/0xb0 [ 59.141806][ T5321] ? rcu_is_watching+0x15/0xb0 [ 59.143590][ T5321] ? is_errata93+0xbe/0x260 [ 59.145258][ T5321] ? exc_page_fault+0x5ed/0x8c0 [ 59.147112][ T5321] ? asm_exc_page_fault+0x26/0x30 [ 59.149016][ T5321] ? filemap_read_folio+0x106/0x630 [ 59.151006][ T5321] ? filemap_read_folio+0x13c/0x630 [ 59.152940][ T5321] filemap_read_folio+0x14b/0x630 [ 59.154795][ T5321] ? __pfx_filemap_read_folio+0x10/0x10 [ 59.156939][ T5321] ? __filemap_get_folio+0x949/0xbd0 [ 59.158930][ T5321] do_read_cache_folio+0x3f5/0x850 [ 59.160786][ T5321] freader_get_folio+0x57a/0xb50 [ 59.162643][ T5321] freader_fetch+0x9d/0x650 [ 59.164495][ T5321] ? mt_find+0x2a9/0x920 [ 59.166343][ T5321] __build_id_parse+0x188/0x8a0 [ 59.168205][ T5321] ? __pfx___build_id_parse+0x10/0x10 [ 59.170173][ T5321] ? __might_fault+0xc6/0x120 [ 59.172061][ T5321] procfs_procmap_ioctl+0xcf5/0x1600 [ 59.173965][ T5321] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 59.176108][ T5321] ? __fget_files+0x29/0x470 [ 59.177910][ T5321] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 59.180027][ T5321] __se_sys_ioctl+0xf9/0x170 [ 59.181827][ T5321] do_syscall_64+0xf3/0x230 [ 59.183576][ T5321] ? clear_bhb_loop+0x35/0x90 [ 59.185421][ T5321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 59.187612][ T5321] RIP: 0033:0x7fa6e2f7e719 [ 59.189351][ T5321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 59.196362][ T5321] RSP: 002b:00007fa6e3cfc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 59.199643][ T5321] RAX: ffffffffffffffda RBX: 00007fa6e3135f80 RCX: 00007fa6e2f7e719 [ 59.202492][ T5321] RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 59.205356][ T5321] RBP: 00007fa6e2ff139e R08: 0000000000000000 R09: 0000000000000000 [ 59.208206][ T5321] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 59.210903][ T5321] R13: 0000000000000000 R14: 00007fa6e3135f80 R15: 00007ffc77270ae8 [ 59.213453][ T5321] [ 59.214527][ T5321] Modules linked in: [ 59.215859][ T5321] CR2: 0000000000000000 [ 59.217347][ T5321] ---[ end trace 0000000000000000 ]--- [ 59.219159][ T5321] RIP: 0010:0x0 [ 59.220408][ T5321] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 59.223012][ T5321] RSP: 0018:ffffc9000d4378d8 EFLAGS: 00010293 [ 59.224858][ T5321] RAX: ffffffff81cdcf0c RBX: 0000000000000000 RCX: ffff88801f9d4880 [ 59.227571][ T5321] RDX: 0000000000000000 RSI: ffffea0001220e00 RDI: ffff88804024c380 [ 59.230689][ T5321] RBP: ffffc9000d437990 R08: ffffffff81cdced6 R09: 1ffffd40002441c0 [ 59.233701][ T5321] R10: dffffc0000000000 R11: 0000000000000000 R12: 1ffffd40002441c0 [ 59.236542][ T5321] R13: ffffea0001220e00 R14: ffffc9000d437920 R15: 1ffffd40002441c1 [ 59.239466][ T5321] FS: 00007fa6e3cfc6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 59.242682][ T5321] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 59.245066][ T5321] CR2: ffffffffffffffd6 CR3: 000000004460a000 CR4: 0000000000352ef0 [ 59.247967][ T5321] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 59.251001][ T5321] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 59.253888][ T5321] Kernel panic - not syncing: Fatal exception [ 59.256419][ T5321] Kernel Offset: disabled [ 59.257985][ T5321] Rebooting in 86400 seconds..