program: r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = socket$rds(0x15, 0x5, 0x0) unshare(0x62040200) r2 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi0\x00', 0x2180, 0x0) ioctl$COMEDI_DEVCONFIG(r2, 0x40946400, &(0x7f0000000300)={'pcl816\x00', [0x2f00, 0x5, 0xd097, 0xffffffff, 0x3, 0xfffffffe, 0x20000004, 0x6, 0xffe, 0x9, 0xc, 0x1, 0x7fff, 0x4, 0xfffe, 0x8, 0x5, 0x7, 0x830, 0x30000, 0x10000, 0x9, 0x800, 0x100101, 0x2, 0xffffffff, 0x7, 0x3, 0x4, 0x4, 0x70f]}) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) ioctl$COMEDI_INSN(r2, 0x8028640c, &(0x7f0000000000)={0x4000000, 0xf, &(0x7f0000000080)=[0x3, 0xfff, 0x4, 0xb, 0x660, 0xfffffff9, 0xe0, 0xfffffff7, 0x8, 0xf5, 0xffffffff, 0x2, 0x200, 0x4, 0x6], 0x0, 0x7}) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000001c0)="d8000000140081044e81f782db44b9040a1d080206000000040000a118000200fe05000000000e1208000f0100810401a80016ea1f00010000005f54c92011148ed08734843cb12b00000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef075c0100000000000000cb090000001fb791643a5e835913b06218a07445d6d930dfe1d9d322fe7c9fd68775730d16a4683f52eb4edbb57a5025ccca9e00360d8bcc00400040fad95667e00600000000d5e1cace81b341139fe3cd4032e8edb12d1d2eb0c0ed0bfffdccf85df947e5e0", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) r4 = dup2(r1, r0) bind$inet6(r4, &(0x7f0000000300)={0xa, 0x0, 0x5, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, 0x1c) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="b400000000000000631123e8ffffffff150000000000000095007400000000006a7b478f8e272ef240c1636b4932d9a5acff9dc3bc6fab501f747afd79fd"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x41000, 0x0, '\x00', 0x0, @sched_cls=0x2e}, 0x94) [ 85.187462][ T4706] Bluetooth: hci0: command tx timeout [ 85.382222][ T5365] netlink: 132 bytes leftover after parsing attributes in process `syz.0.0'. [ 85.388512][ T5365] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 85.391991][ T5365] #PF: supervisor instruction fetch in kernel mode [ 85.394802][ T5365] #PF: error_code(0x0010) - not-present page [ 85.397408][ T5365] PGD 0 P4D 0 [ 85.398978][ T5365] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 85.401461][ T5365] CPU: 0 UID: 0 PID: 5365 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.405036][ T5365] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.409274][ T5365] RIP: 0010:0x0 [ 85.410834][ T5365] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.414052][ T5365] RSP: 0018:ffffc9000d0f7998 EFLAGS: 00010287 [ 85.416450][ T5365] RAX: ffffffff81f8f8b4 RBX: 1ffffd4000264ee0 RCX: 0000000000100000 [ 85.419701][ T5365] RDX: ffffc9000e43a000 RSI: ffffea0001327700 RDI: ffff888011ef08c0 [ 85.423125][ T5365] RBP: ffffc9000d0f7a50 R08: ffffea0001327707 R09: 1ffffd4000264ee0 [ 85.426490][ T5365] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.429878][ T5365] R13: ffffea0001327708 R14: ffffea0001327700 R15: 1ffffd4000264ee1 [ 85.433219][ T5365] FS: 00007fd99bc9a6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.436642][ T5365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.439200][ T5365] CR2: ffffffffffffffd6 CR3: 00000000432bd000 CR4: 0000000000352ef0 [ 85.442290][ T5365] Call Trace: [ 85.443566][ T5365] [ 85.444698][ T5365] filemap_read_folio+0x117/0x380 [ 85.446647][ T5365] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.448636][ T5365] ? filemap_add_folio+0x1af/0x270 [ 85.450459][ T5365] do_read_cache_folio+0x350/0x590 [ 85.452218][ T5365] freader_get_folio+0x3c4/0x830 [ 85.453953][ T5365] freader_fetch+0xa3/0x5d0 [ 85.455602][ T5365] __build_id_parse+0x133/0x7d0 [ 85.457577][ T5365] ? __pfx___build_id_parse+0x10/0x10 [ 85.459622][ T5365] ? find_vma+0xe7/0x160 [ 85.461251][ T5365] ? __pfx_find_vma+0x10/0x10 [ 85.463262][ T5365] ? query_matching_vma+0x1b2/0x1d0 [ 85.465378][ T5365] procfs_procmap_ioctl+0x7f0/0xce0 [ 85.467424][ T5365] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.469874][ T5365] ? __fget_files+0x2a/0x420 [ 85.471996][ T5365] ? __fget_files+0x2a/0x420 [ 85.473819][ T5365] ? __fget_files+0x3a0/0x420 [ 85.475819][ T5365] ? __fget_files+0x2a/0x420 [ 85.477739][ T5365] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.479902][ T5365] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.482365][ T5365] __se_sys_ioctl+0xfc/0x170 [ 85.484361][ T5365] do_syscall_64+0xfa/0x3b0 [ 85.486338][ T5365] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.488504][ T5365] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.490938][ T5365] ? clear_bhb_loop+0x60/0xb0 [ 85.493034][ T5365] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.495615][ T5365] RIP: 0033:0x7fd99ad8eec9 [ 85.497443][ T5365] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.505567][ T5365] RSP: 002b:00007fd99bc9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.509108][ T5365] RAX: ffffffffffffffda RBX: 00007fd99afe5fa0 RCX: 00007fd99ad8eec9 [ 85.512312][ T5365] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000007 [ 85.515596][ T5365] RBP: 00007fd99ae11f91 R08: 0000000000000000 R09: 0000000000000000 [ 85.518873][ T5365] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.522013][ T5365] R13: 00007fd99afe6038 R14: 00007fd99afe5fa0 R15: 00007fff12b19168 [ 85.524996][ T5365] [ 85.526200][ T5365] Modules linked in: [ 85.527859][ T5365] CR2: 0000000000000000 [ 85.529638][ T5365] ---[ end trace 0000000000000000 ]--- [ 85.531993][ T5365] RIP: 0010:0x0 [ 85.533467][ T5365] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.536602][ T5365] RSP: 0018:ffffc9000d0f7998 EFLAGS: 00010287 [ 85.539258][ T5365] RAX: ffffffff81f8f8b4 RBX: 1ffffd4000264ee0 RCX: 0000000000100000 [ 85.542595][ T5365] RDX: ffffc9000e43a000 RSI: ffffea0001327700 RDI: ffff888011ef08c0 [ 85.545913][ T5365] RBP: ffffc9000d0f7a50 R08: ffffea0001327707 R09: 1ffffd4000264ee0 [ 85.549452][ T5365] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.552721][ T5365] R13: ffffea0001327708 R14: ffffea0001327700 R15: 1ffffd4000264ee1 [ 85.556084][ T5365] FS: 00007fd99bc9a6c0(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 85.559859][ T5365] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.562661][ T5365] CR2: ffffffffffffffd6 CR3: 00000000432bd000 CR4: 0000000000352ef0 [ 85.565873][ T5365] Kernel panic - not syncing: Fatal exception [ 85.568610][ T5365] Kernel Offset: disabled [ 85.570350][ T5365] Rebooting in 86400 seconds..