program:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000002c00)={'ip6gretap0\x00', <r1=>0x0})
r2 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x48, 0x10, 0x403, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r1}, @IFLA_BROADCAST={0xa, 0x2, @link_local}]}, 0x48}}, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x4c, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x4c}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
r6 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x74, &(0x7f0000000100)=[{&(0x7f00000001c0)="5c00000012006bab9a3fe3d86e17aa0a046b876c1d0048007ea60864160af36504001a0038001d001931a0e69ee517d34460bc06000000a705251e6182949a3651f60a84c9f4d4938037e70e4509c5bb", 0x33fe0}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)
recvmsg$kcm(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000e00)=[{&(0x7f0000000740)=""/185, 0xb9}, {&(0x7f0000000f00)=""/259, 0x103}, {&(0x7f0000000a40)=""/229, 0xe5}, {&(0x7f0000000d00)=""/252, 0xfc}, {&(0x7f00000033c0)=""/4065, 0xfe1}, {&(0x7f0000000c00)=""/217, 0xd9}, {&(0x7f0000000440)=""/187, 0xbb}, {&(0x7f0000001140)=""/4084, 0xff4}, {&(0x7f0000000800)=""/242, 0xf2}, {&(0x7f0000000940)=""/248, 0xf8}, {&(0x7f00000043c0)=""/4096, 0x1000}], 0xb}, 0x14000)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000400)={0x58, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_MARKMASK={0x8, 0xb, 0x1, 0x0, 0x2bb}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x58}}, 0x0)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f022})
syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000200)='./file0\x00', 0x810410, &(0x7f0000001a00)=ANY=[], 0x1, 0x1e1, &(0x7f0000000240)="$eJzsmb/P0kAYx7937Quvb4yJi4OLgxgxSmmLGhYGTNxN8OcmkUrQAgZqAiQOxMXF0cHE1X/AwYHJwc3NVQc1MXGQ0UmTmrse7aW1GkQG8z6fhIfvPffruWv4kgAIgti3fPr47cPjC/XLZwAcRAlFlf9iJGO4Nv790/unnzQuPnvx7vnrwaEHi/R6xTX3F9u8ahoI8D0MQ5GJ4oqSjMwUVZRU7go4Til9DQwnlL4JjqtKe2C4ofQdTQ8PKOF71q2h37nd8z1bBEcEV4Savr8JYDln6ADYldWFIdP6x9PZ3bbve6O02AlX+2S61hW/uz9ZX5OjodqiPvG8rj96OBdtS+Vt7f4ccDhK18DQUrqOIizLSq5EO/9RM1nfyD0//wenTQvj76cfrmyhHhL/u2DpjPhAx5kjy8Wb7KzPm+/O/mQZ2xLSuABkut7ubbZyQZ3ol2MSfxLufVLzJxNm7B/VoH+vOp7OKr1+u+t1vYHr1s7bZ237nFuVRhTFjO/9iP1vV/rTnrb+To5XFlgBk3YQjJwJEIycuO1GUXPc1svhVzmHS//jKB+P1hAPUR4754uOqReX70KVjZxyCIIgCIIgCIIgCIIgCIIg1uQYmPwVVP1RFebgXpKjfwYAAP//OlZlsQ==")
r7 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r8, 0x0)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
ioctl$EXT4_IOC_GET_ES_CACHE(r7, 0xc020660b, &(0x7f0000000040)={0x0, 0x10000002000003, 0x0, 0x0, 0x300})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f00000004c0)={0x2, @sliced={0xf8ec, [0x4, 0x7, 0x3, 0x9, 0x80, 0x5, 0x0, 0x8, 0x1, 0x3ff, 0x893, 0x81, 0x5, 0x3, 0xaf, 0x69, 0x1, 0x4, 0x3, 0xfffd, 0x1, 0x400, 0x92d, 0x10, 0xf, 0x7f, 0x1, 0x81, 0x8f38, 0x1, 0x7, 0x3, 0x35, 0xa, 0x2, 0x8, 0x8409, 0x2, 0x1, 0x5, 0x9, 0x5, 0x100, 0x5, 0x80, 0xa, 0x1, 0x7], 0x6}})

[   80.385998][ T1317] ieee802154 phy0 wpan0: encryption failed: -22
[   80.388798][ T1317] ieee802154 phy1 wpan1: encryption failed: -22
[   80.392401][ T4675] Bluetooth: hci0: command tx timeout
[   80.588171][ T5327] netlink: 'syz.0.0': attribute type 29 has an invalid length.
[   80.605261][ T5327] netlink: 'syz.0.0': attribute type 29 has an invalid length.
[   80.616268][ T5327] loop0: detected capacity change from 0 to 16
[   80.637650][ T5327] erofs (device loop0): mounted with root inode @ nid 36.
[   80.657427][ T5327] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   80.660880][ T5327] #PF: supervisor instruction fetch in kernel mode
[   80.663638][ T5327] #PF: error_code(0x0010) - not-present page
[   80.666228][ T5327] PGD 0 P4D 0 
[   80.667766][ T5327] Oops: Oops: 0010 [#1] SMP KASAN NOPTI
[   80.670264][ T5327] CPU: 0 UID: 0 PID: 5327 Comm: syz.0.0 Not tainted 6.16.0-rc2-syzkaller-00269-g11313e2f7812 #0 PREEMPT(full) 
[   80.675119][ T5327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   80.679593][ T5327] RIP: 0010:0x0
[   80.681267][ T5327] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   80.684482][ T5327] RSP: 0018:ffffc9000f517998 EFLAGS: 00010283
[   80.686989][ T5327] RAX: ffffffff81f853f4 RBX: 1ffffd4000216998 RCX: 0000000000100000
[   80.690180][ T5327] RDX: ffffc9000dcda000 RSI: ffffea00010b4cc0 RDI: ffff88800024d380
[   80.693325][ T5327] RBP: ffffc9000f517a50 R08: ffffea00010b4cc7 R09: 1ffffd4000216998
[   80.696532][ T5327] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   80.699531][ T5327] R13: ffffea00010b4cc8 R14: ffffea00010b4cc0 R15: 1ffffd4000216999
[   80.702893][ T5327] FS:  00007f51c533f6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   80.706729][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.709631][ T5327] CR2: ffffffffffffffd6 CR3: 00000000433a6000 CR4: 0000000000352ef0
[   80.713084][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.716512][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   80.719957][ T5327] Call Trace:
[   80.721451][ T5327]  <TASK>
[   80.722775][ T5327]  filemap_read_folio+0x117/0x380
[   80.725011][ T5327]  ? __pfx_filemap_read_folio+0x10/0x10
[   80.727451][ T5327]  ? filemap_add_folio+0x1af/0x270
[   80.729721][ T5327]  do_read_cache_folio+0x350/0x590
[   80.732020][ T5327]  freader_get_folio+0x3c4/0x830
[   80.734280][ T5327]  freader_fetch+0xa3/0x5d0
[   80.736284][ T5327]  __build_id_parse+0x133/0x7d0
[   80.738373][ T5327]  ? __pfx___build_id_parse+0x10/0x10
[   80.740821][ T5327]  ? find_vma+0xe7/0x160
[   80.742802][ T5327]  ? __pfx_find_vma+0x10/0x10
[   80.744810][ T5327]  ? query_matching_vma+0x1b2/0x1d0
[   80.747108][ T5327]  procfs_procmap_ioctl+0x7f0/0xce0
[   80.749504][ T5327]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   80.751929][ T5327]  ? __fget_files+0x2a/0x420
[   80.754078][ T5327]  ? __fget_files+0x2a/0x420
[   80.756044][ T5327]  ? __fget_files+0x3a0/0x420
[   80.758066][ T5327]  ? __fget_files+0x2a/0x420
[   80.759959][ T5327]  ? bpf_lsm_file_ioctl+0x9/0x20
[   80.762092][ T5327]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   80.764585][ T5327]  __se_sys_ioctl+0xfc/0x170
[   80.766585][ T5327]  do_syscall_64+0xfa/0x3b0
[   80.768437][ T5327]  ? lockdep_hardirqs_on+0x9c/0x150
[   80.770620][ T5327]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.773324][ T5327]  ? clear_bhb_loop+0x60/0xb0
[   80.775237][ T5327]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   80.777738][ T5327] RIP: 0033:0x7f51c458e929
[   80.779852][ T5327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   80.788090][ T5327] RSP: 002b:00007f51c533f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   80.791603][ T5327] RAX: ffffffffffffffda RBX: 00007f51c47b5fa0 RCX: 00007f51c458e929
[   80.794902][ T5327] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000c
[   80.798324][ T5327] RBP: 00007f51c4610b39 R08: 0000000000000000 R09: 0000000000000000
[   80.801522][ T5327] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   80.804960][ T5327] R13: 0000000000000000 R14: 00007f51c47b5fa0 R15: 00007ffd1953d438
[   80.808262][ T5327]  </TASK>
[   80.809606][ T5327] Modules linked in:
[   80.811357][ T5327] CR2: 0000000000000000
[   80.813231][ T5327] ---[ end trace 0000000000000000 ]---
[   80.815625][ T5327] RIP: 0010:0x0
[   80.817263][ T5327] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   80.820465][ T5327] RSP: 0018:ffffc9000f517998 EFLAGS: 00010283
[   80.823093][ T5327] RAX: ffffffff81f853f4 RBX: 1ffffd4000216998 RCX: 0000000000100000
[   80.826318][ T5327] RDX: ffffc9000dcda000 RSI: ffffea00010b4cc0 RDI: ffff88800024d380
[   80.829511][ T5327] RBP: ffffc9000f517a50 R08: ffffea00010b4cc7 R09: 1ffffd4000216998
[   80.832937][ T5327] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   80.836348][ T5327] R13: ffffea00010b4cc8 R14: ffffea00010b4cc0 R15: 1ffffd4000216999
[   80.839769][ T5327] FS:  00007f51c533f6c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   80.843510][ T5327] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   80.846311][ T5327] CR2: ffffffffffffffd6 CR3: 00000000433a6000 CR4: 0000000000352ef0
[   80.849669][ T5327] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   80.853136][ T5327] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   80.856491][ T5327] Kernel panic - not syncing: Fatal exception
[   80.859497][ T5327] Kernel Offset: disabled
[   80.861380][ T5327] Rebooting in 86400 seconds..