Extracting prog: 1m3.890258832s Minimizing prog: 22m31.670683919s Simplifying prog options: 0s Extracting C: 18.738354645s Simplifying C: 2m56.221915535s extracting reproducer from 31 programs first checking the prog from the crash report single: executing 1 programs separately with timeout 30s testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-shutdown-setsockopt$inet_sctp6_SCTP_DELAYED_SACK detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000140)=@sack_info={0x0, 0x2, 0xc76}, 0xc) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio single: successfully extracted reproducer found reproducer with 36 syscalls minimizing guilty program testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION-shutdown detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) shutdown(r0, 0x1) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-syz_open_procfs detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-bpf$MAP_CREATE-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r12 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-sendmsg$nl_route-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, 0xffffffffffffffff, 0x1000) r12 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r12, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r5, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r3) (async) r6 = dup(r3) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r6, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r6, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r6, @ANYBLOB=',privport,access=', @ANYRESDEC=r7]) r8 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r9 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r9, r8, 0x0, 0x80000000) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f00000002c0)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)=ANY=[@ANYBLOB="2400000070000100000000000000000007000000", @ANYRES32=r11, @ANYBLOB="0c000280060001"], 0x24}}, 0x0) (async) r12 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r12, 0x1000) r13 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r13, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) r7 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r8 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r8, r7, 0x0, 0x80000000) r9 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000002c0)={'bridge0\x00'}) r10 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r10, 0x1000) r11 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r11, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-socket$inet6_icmp_raw-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) r7 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r8 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r8, r7, 0x0, 0x80000000) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r9, 0x1000) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-sendfile-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) r7 = syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r8 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) sendfile(r8, r7, 0x0, 0x80000000) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r9, 0x1000) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-open-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r7, 0x1000) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-syz_open_procfs-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) syz_open_procfs(0x0, &(0x7f0000000380)='mountinfo\x00') r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r7, 0x1000) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-mount$9p_fd-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r4, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r2) (async) r5 = dup(r2) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r5, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r5, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)=0x0) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r5, @ANYBLOB=',privport,access=', @ANYRESDEC=r6]) r7 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r7, 0x1000) r8 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-getresuid-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0)) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-write$FUSE_DIRENTPLUS-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-write$FUSE_DIRENTPLUS-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r4, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-write$FUSE_BMAP-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) (async) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-write$FUSE_BMAP-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = dup(r1) write$FUSE_BMAP(r4, &(0x7f0000000100)={0x18}, 0x18) (async) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r5, 0x1000) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-dup-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) dup(r1) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r4, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-dup-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) dup(r1) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r4, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-write$P9_RVERSION-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r4, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-write$P9_RVERSION-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r3, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15) (async) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r4, 0x1000) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-sendmsg$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="6800000010000304000000000000000000007400", @ANYRES32=r2, @ANYBLOB="0000000000000400480012800b00010062726964676500003800028008001d"], 0x68}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r3, 0x1000) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-ioctl$sock_SIOCGIFINDEX-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r2, 0x1000) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-socket$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-pipe2$9p-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240), 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-mkdirat-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-mkdirat-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-socket$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-socket$nl_route-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) sendto$inet6(r0, &(0x7f0000000040)='=', 0x1, 0x0, &(0x7f0000000100)={0xa, 0x0, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r0, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r1, 0x1000) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-socket$inet6_sctp-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): socket$inet6_sctp-sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: socket$inet6_sctp(0xa, 0x801, 0x84) (async) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0), 0x0, 0x20048005, &(0x7f0000000180)={0xa, 0x4e21, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, &(0x7f0000000180)={0x68, 0x0, 0x3f, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) program did not crash testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION detailed listing: executing program 0: sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="5da1e6ae46b5a41829a4f38e47c7b4d466e537e8e283c346a456bcd2bd653a972955458f5d500aa60000b42544dfc9142bd02dbcece4101fa934f9ebacb033ce0322c5a645946d", 0x47, 0x20048005, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x100000f, 0x28011, r0, 0x1000) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0xc0686611, 0x0) program did not crash extracting C reproducer testing compiled C program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio simplifying C reproducer testing compiled C program (duration=30s, {Threaded:false Repeat:true RepeatTimes:0 Procs:4 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio testing compiled C program (duration=30s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): sendto$inet6-bpf$MAP_CREATE-mmap-syz_open_procfs-ioctl$KVM_SET_USER_MEMORY_REGION program crashed: BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio reproducing took 26m50.521234593s repro crashed as (corrupted=false): BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 32263067 P4D 32263067 PUD 32264067 PMD 0 Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI CPU: 3 UID: 0 PID: 5935 Comm: syz-executor262 Not tainted 6.12.0-rc7-syzkaller-00012-g3022e9d00ebe #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffc900036a79c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81c26c1f RDX: ffff8880289da440 RSI: ffffea0000e995c0 RDI: ffff888029a421c0 RBP: ffffea0000e995c0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff961d8908 R12: 1ffff920006d4f3a R13: ffff888029a421c0 R14: 0000000000000000 R15: dffffc0000000000 FS: 000055557e035380(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000031818000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 freader_get_folio+0x337/0x8e0 lib/buildid.c:77 freader_fetch+0xc2/0x5f0 lib/buildid.c:120 __build_id_parse.isra.0+0xed/0x7a0 lib/buildid.c:305 do_procmap_query+0xd62/0x1030 fs/proc/task_mmu.c:534 procfs_procmap_ioctl+0x7d/0xb0 fs/proc/task_mmu.c:613 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18f/0x220 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f4c4436e9 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffde11efd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffde11efd70 RCX: 00007f5f4c4436e9 RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000004 RBP: 00007f5f4c4b6610 R08: 0000000000000000 R09: 65732f636f72702f R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffde11effa8 R14: 0000000000000001 R15: 0000000000000001 Modules linked in: CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffc900036a79c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81c26c1f RDX: ffff8880289da440 RSI: ffffea0000e995c0 RDI: ffff888029a421c0 RBP: ffffea0000e995c0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff961d8908 R12: 1ffff920006d4f3a R13: ffff888029a421c0 R14: 0000000000000000 R15: dffffc0000000000 FS: 000055557e035380(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000031818000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 final repro crashed as (corrupted=false): BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor instruction fetch in kernel mode #PF: error_code(0x0010) - not-present page PGD 32263067 P4D 32263067 PUD 32264067 PMD 0 Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI CPU: 3 UID: 0 PID: 5935 Comm: syz-executor262 Not tainted 6.12.0-rc7-syzkaller-00012-g3022e9d00ebe #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffc900036a79c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81c26c1f RDX: ffff8880289da440 RSI: ffffea0000e995c0 RDI: ffff888029a421c0 RBP: ffffea0000e995c0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff961d8908 R12: 1ffff920006d4f3a R13: ffff888029a421c0 R14: 0000000000000000 R15: dffffc0000000000 FS: 000055557e035380(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000031818000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 freader_get_folio+0x337/0x8e0 lib/buildid.c:77 freader_fetch+0xc2/0x5f0 lib/buildid.c:120 __build_id_parse.isra.0+0xed/0x7a0 lib/buildid.c:305 do_procmap_query+0xd62/0x1030 fs/proc/task_mmu.c:534 procfs_procmap_ioctl+0x7d/0xb0 fs/proc/task_mmu.c:613 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __x64_sys_ioctl+0x18f/0x220 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f5f4c4436e9 Code: 48 83 c4 28 c3 e8 37 17 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffde11efd68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 00007ffde11efd70 RCX: 00007f5f4c4436e9 RDX: 0000000020000180 RSI: 00000000c0686611 RDI: 0000000000000004 RBP: 00007f5f4c4b6610 R08: 0000000000000000 R09: 65732f636f72702f R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 R13: 00007ffde11effa8 R14: 0000000000000001 R15: 0000000000000001 Modules linked in: CR2: 0000000000000000 ---[ end trace 0000000000000000 ]--- RIP: 0010:0x0 Code: Unable to access opcode bytes at 0xffffffffffffffd6. RSP: 0018:ffffc900036a79c8 EFLAGS: 00010293 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff81c26c1f RDX: ffff8880289da440 RSI: ffffea0000e995c0 RDI: ffff888029a421c0 RBP: ffffea0000e995c0 R08: 0000000000000007 R09: 0000000000000000 R10: 0000000000000000 R11: ffffffff961d8908 R12: 1ffff920006d4f3a R13: ffff888029a421c0 R14: 0000000000000000 R15: dffffc0000000000 FS: 000055557e035380(0000) GS:ffff88806a900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffffffffd6 CR3: 0000000031818000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400