program: syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000a40)='./bus/file0\x00', 0x200000, &(0x7f0000000a00), 0xfe, 0x563, &(0x7f0000000440)="$eJzs3c9rHFUcAPDvbH70R6pNoRT1IIEerNRumsQfFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+If4N1j8R/w6F9Q0EKREvTgJTKb2XTT7CabdNtsu58PTPvezCTvvbz5vn2zb5YNoG+NZf8UIl6NiG+TiMNNxwYjPzi2dt7Kw+vT2ZbE6upnfyeR5Psa5yf5/yN55pWI+O3riJOFzeVWl5bnSuVyupDnx2vzV8arS8unLs2XZtPZ9PLk1NSZd6Ym33/v3a619c3z//7w6d2PznxzfOX7X+4fuZ3E2TiUH2tuxxO40ZwZi7H8bzIUZx87caILhfWSZK8rwK4M5HE+FNkYcDgG8qgHXnxfRcQq0KcS8Q99qjEPaNzbd+k++Lnx4MO1G6DN7R9ce28k9tfvjQ6uJBvujLL73dEulJ+V8etfd25nW3TvfQiAbd24GRGnBwc3j39JPv7t3ukOznm8jB2Of6s7rBLQ5G42/3mr1fynsD7/iRbzn5EWsbsb28d/4X4Ximkrm/990HL+u75oNTqQ516qz/mGkouXymk2tr0cESdiaF+W32o958zKvbbjVPP8L9uy8htzwbwe9wf3bfyZmVKt9CRtbvbgZsRrLee/yXr/Jy36f+NK19aOpXdeb3ds+/Y/Xas/R7zRsv8frWglW69Pjtevh/HGVbHZP7eO/d6u/L1uf9b/B7du/2jSvF5b3XkZP+3/L213bLfX/3DyeT09nO+7VqrVFiYihpNPNu+ffPSzjXzj/Kz9J45vPf61uv4PRMQXHbb/1tFbbU/thf6f2VH/7zxx7+Mvf2xXfmf9/3Y9dSLf08n412kFn+RvBwAAAAAAAL2mEBGHIikU19OFQrG49nzH0ThYKFeqtZMXK4uXZ6L+WdnRGCo0VrpHmp6HmMifh23kJx/LT0XEkYj4buBAPV+crpRn9rrxAAAAAAAAAAAAAAAAAAAA0CNG2nz+P/PnwF7XDnjqfOU39K9t478b3/QE9CSv/9C/xD/0L/EP/Wur+B9+hvUAnj2v/9C/Oor/PzwNAC8ir//Qv8Q/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNX5c+eybXXl4fXpLD9zdWlxrnL11ExanSvOL04XpysLV4qzlcpsOS1OV+a3+33lSuXKxGQsXhuvpdXaeHVp+cJ8ZfFy7cKl+dJseiEdeiatAgAAAAAAAAAAAAAAAAAAgOdLdWl5rlQupwsSErtKDPZGNSTWEvWoTroQ3Xs6LAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADABv8HAAD//zupNTE=") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=@newlink={0x3c, 0x10, 0x40d, 0x70bd29, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x462}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_STATS_ENABLED={0x5, 0x29, 0x40}]}}}]}, 0x3c}}, 0x0) r1 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r3 = accept4(r2, 0x0, 0x0, 0x0) sendmsg$alg(r3, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@assoc={0x18, 0x117, 0x4, 0x4}], 0x18}, 0x0) landlock_create_ruleset(&(0x7f00000009c0)={0x6071, 0x0, 0x1}, 0x18, 0x2) sendmsg$nl_route_sched_retired(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000012100), 0xe078}}, 0x0) recvmmsg(r3, &(0x7f0000000e40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000fc0)=""/160, 0xa0}, {&(0x7f0000000240)=""/32, 0x20}, {&(0x7f0000000340)=""/88, 0x58}, {&(0x7f00000004c0)=""/230, 0xe6}], 0x4}}], 0x2, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_mount_image$ext4(&(0x7f0000000040)='ext2\x00', &(0x7f0000000140)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x3, &(0x7f0000000000), 0xbc, 0x553, &(0x7f0000000180)="$eJzs3V1rZGcdAPD/mcxkk91oovaiCq2LLewW3cyma9sg0l1BvCso1es1ZGdD2ElmyUzaTSiSxQ8giGjBG73yRvADCLIfQYSCvRcryqJbBXuhPeW8zL5MZ5rJNjOzTH4/eOY85/X/f2Ym531yAjixzkbElYiYiYgXImKxHF4pSxwUJZvu/XtvrWcliTR9/Z9JJOWwbLKkLJkz5WxzRaev9t7+jbVms7FT9tc7Wzfr7b39C5tbaxuNjcb2pUsrL6++svrS6sVjaWfWrle//bef/+Q333n1D1978y9X/3H+R1m+C+X4bjuOW/Ge1LL34r5qROyMItgEzJTtqUX3BQCAJ1m2j//5iPhKvv+/GDP53txgsw/Vk5FnBwAAAByH9PJC/C+JSAEAAICpVcnvgU0qy+W9AAtRqSwvF/fwPhWnK81Wu/PV663d7WvFvbJLUatc32w2Lpb31C5FLcn6V+6fUSj6X8zHZSV55B7gny3O5+OX11vNa5M44QEAAAAn0Jme4///LBbH/wAAAMCUWZp0AgAAAMDIOf4HAACA6fcYx/+zo8gDAAAAGInvvvZaVtLu86+vvbG3e6P1xoVrjfaN5a3d9eX11s7N5Y1Wa6OZnorYOmx5zVbr5tdje/dWvdNod+rtvf2rW63d7c7VzUcegQ0AAACM0ee+fOfdJCIOvjGfl+he258ZMIPfCsDUqAw5XZq9vDfaXIDxGrSZB6Zf9ZNHu80Xplit6CSTzgOYnMNWAHODpvjjKLIBAABG4dwX77ybJh+//l99cG4AmFLDXv8Hps+A6//p4rgTAcbukOv/wBSruQMQTrzDr/8PUFz/v3J4hDQ9dFkAAMBILeQlqSyX1wIXovJBWoilqCXXN5uNixHx2Yj482LtVNa/ks+Z+NEAAAAAAAAAAAAAAAAAAAAAAAAAAAwpTZNIH0P1seYCAAAAJiGi8vekfP7XucXnF3rPD8wmH+SPAv4wTdM3f/n6L26tdTo7K9nwf+XDZyOi83Y5/MVJnMEAAAAAurpP+S+O02sTzgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAafX+vbfWu2Wcce9+KyKW+sWvxlzenYtaRJz+dxLVh+ZLImLmGOIf3I6Ip/vFT7K0YqnMojd+JSLm8yxGHv+ZNE37xj/zqaPDyXYnW/9c6ff3V4mzebf/33+1KJc/bfzB67/K/fXfTG/8arH++8yQMb70zu/qD/X+4EH1VDG+2n/9042fDFj/PtcvWPXjg374/f39Qbmlv44413f7kzwSq97Zullv7+1f2Nxa22hsNLYvXVp5efWV1ZdWL9avbzYb5WvfGD995vcfDop/92zE6TL+bDencsOyVHS+WbZ/rbf9z2eV2qAlP/D/d27d+0JRrfUsIu7ejjj/XP/P/+m82/f9/9V/01y+HcjGnyu3CclBUY8ov74R8exv//TswPbfnitrR//8zx/e9NwL3/vxX4ecFAAYg/be/o21ZrOxM/LK22maDjdxtlc6/JKTiIPeUdkO3DG3Yj4iBozqHyuGXfJTA1N9bz5iTJ/OUSuXjzJxeupIX7bk4Alo4AmuzOZfyEmvmQAAgOP2YO9/0pkAAAAAAAAAAAAAAAAAAADAyTWO/yvWG/NgMk0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPhEHwUAAP//ABHVZA==") ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(r1, 0xc01064c2, &(0x7f0000000a80)={0x0, 0x1, r1}) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f0000000280)=ANY=[@ANYBLOB="d0187f0008021100000108021100000050505050505020"], 0x2f) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r1, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 107.378834][ T5314] Bluetooth: hci0: command tx timeout [ 107.417709][ T5340] loop0: detected capacity change from 0 to 1024 [ 107.455733][ T5340] overlayfs: failed to resolve './file0': -2 [ 107.515832][ T5341] trusted_key: syz.0.0 sent an empty control message without MSG_MORE. [ 107.536009][ T5341] loop0: detected capacity change from 0 to 512 [ 107.548002][ T5341] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 107.569903][ T5341] EXT4-fs (loop0): orphan cleanup on readonly fs [ 107.573818][ T5341] EXT4-fs error (device loop0): ext4_orphan_get:1419: comm syz.0.0: bad orphan inode 15 [ 107.579791][ T5341] ext4_test_bit(bit=14, block=18) = 1 [ 107.581844][ T5341] is_bad_inode(inode)=0 [ 107.583500][ T5341] NEXT_ORPHAN(inode)=1023 [ 107.585165][ T5341] max_ino=32 [ 107.586412][ T5341] i_nlink=0 [ 107.591748][ T5341] EXT4-fs error (device loop0): ext4_xattr_delete_inode:2962: inode #15: comm syz.0.0: corrupted xattr block 19: e_value size too large [ 107.598075][ T5341] EXT4-fs warning (device loop0): ext4_evict_inode:274: xattr delete (err -117) [ 107.603866][ T5341] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 107.611673][ T5340] warning: `syz.0.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 107.627320][ T5340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 107.641366][ T5340] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 107.644426][ T5340] #PF: supervisor instruction fetch in kernel mode [ 107.647028][ T5340] #PF: error_code(0x0010) - not-present page [ 107.649457][ T5340] PGD 0 P4D 0 [ 107.651055][ T5340] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 107.653290][ T5340] CPU: 0 UID: 0 PID: 5340 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00057-g92ca6c498a5e #0 PREEMPT(full) [ 107.657973][ T5340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 107.662374][ T5340] RIP: 0010:0x0 [ 107.663689][ T5340] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 107.666722][ T5340] RSP: 0018:ffffc9000d627998 EFLAGS: 00010283 [ 107.669155][ T5340] RAX: ffffffff81f848f4 RBX: 1ffffd4000266440 RCX: 0000000000100000 [ 107.672443][ T5340] RDX: ffffc9000e09a000 RSI: ffffea0001332200 RDI: ffff888043347380 [ 107.675989][ T5340] RBP: ffffc9000d627a50 R08: ffffea0001332207 R09: 1ffffd4000266440 [ 107.678799][ T5340] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 107.681842][ T5340] R13: ffffea0001332208 R14: ffffea0001332200 R15: 1ffffd4000266441 [ 107.685084][ T5340] FS: 00007f06a18676c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 107.688880][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.691881][ T5340] CR2: ffffffffffffffd6 CR3: 00000000442d0000 CR4: 0000000000352ef0 [ 107.695354][ T5340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.698496][ T5340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.701859][ T5340] Call Trace: [ 107.703360][ T5340] [ 107.704674][ T5340] filemap_read_folio+0x117/0x380 [ 107.707028][ T5340] ? __pfx_filemap_read_folio+0x10/0x10 [ 107.709328][ T5340] ? filemap_add_folio+0x1af/0x270 [ 107.711159][ T5340] do_read_cache_folio+0x350/0x590 [ 107.713291][ T5340] freader_get_folio+0x3c4/0x830 [ 107.715502][ T5340] freader_fetch+0xa3/0x5d0 [ 107.717088][ T5340] __build_id_parse+0x133/0x7d0 [ 107.718831][ T5340] ? __pfx___build_id_parse+0x10/0x10 [ 107.720938][ T5340] ? find_vma+0xe7/0x160 [ 107.722856][ T5340] ? __pfx_find_vma+0x10/0x10 [ 107.724880][ T5340] ? query_matching_vma+0x1b2/0x1d0 [ 107.727255][ T5340] procfs_procmap_ioctl+0x7f0/0xce0 [ 107.729568][ T5340] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 107.732188][ T5340] ? __fget_files+0x2a/0x420 [ 107.734185][ T5340] ? __fget_files+0x2a/0x420 [ 107.736190][ T5340] ? __fget_files+0x3a0/0x420 [ 107.738299][ T5340] ? __fget_files+0x2a/0x420 [ 107.740365][ T5340] ? bpf_lsm_file_ioctl+0x9/0x20 [ 107.742578][ T5340] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 107.745040][ T5340] __se_sys_ioctl+0xf9/0x170 [ 107.747084][ T5340] do_syscall_64+0xfa/0x3b0 [ 107.749101][ T5340] ? lockdep_hardirqs_on+0x9c/0x150 [ 107.751443][ T5340] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.754119][ T5340] ? clear_bhb_loop+0x60/0xb0 [ 107.756240][ T5340] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 107.758867][ T5340] RIP: 0033:0x7f06a098e929 [ 107.760845][ T5340] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 107.769056][ T5340] RSP: 002b:00007f06a1867038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 107.772508][ T5340] RAX: ffffffffffffffda RBX: 00007f06a0bb5fa0 RCX: 00007f06a098e929 [ 107.775966][ T5340] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000009 [ 107.779074][ T5340] RBP: 00007f06a0a10b39 R08: 0000000000000000 R09: 0000000000000000 [ 107.782458][ T5340] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 107.785543][ T5340] R13: 0000000000000000 R14: 00007f06a0bb5fa0 R15: 00007ffce3ca7968 [ 107.788691][ T5340] [ 107.790167][ T5340] Modules linked in: [ 107.791628][ T5340] CR2: 0000000000000000 [ 107.793280][ T5340] ---[ end trace 0000000000000000 ]--- [ 107.795432][ T5340] RIP: 0010:0x0 [ 107.796848][ T5340] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 107.799647][ T5340] RSP: 0018:ffffc9000d627998 EFLAGS: 00010283 [ 107.801910][ T5340] RAX: ffffffff81f848f4 RBX: 1ffffd4000266440 RCX: 0000000000100000 [ 107.805118][ T5340] RDX: ffffc9000e09a000 RSI: ffffea0001332200 RDI: ffff888043347380 [ 107.808274][ T5340] RBP: ffffc9000d627a50 R08: ffffea0001332207 R09: 1ffffd4000266440 [ 107.811532][ T5340] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 107.814903][ T5340] R13: ffffea0001332208 R14: ffffea0001332200 R15: 1ffffd4000266441 [ 107.818336][ T5340] FS: 00007f06a18676c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000 [ 107.822179][ T5340] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.824868][ T5340] CR2: ffffffffffffffd6 CR3: 00000000442d0000 CR4: 0000000000352ef0 [ 107.828356][ T5340] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.831666][ T5340] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.834969][ T5340] Kernel panic - not syncing: Fatal exception [ 107.837709][ T5340] Kernel Offset: disabled [ 107.839498][ T5340] Rebooting in 86400 seconds..