BUG: kernel NULL pointer dereference, address: 0000000000000018
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 800000010b3b6067 P4D 800000010b3b6067 PUD 105724067 PMD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 0 UID: 0 PID: 3464 Comm: syz.3.15 Not tainted 6.12.0-rc4-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:io_uring_show_fdinfo+0x462/0x6b0 io_uring/fdinfo.c:181
Code: c6 06 8e ec 82 e8 2e 70 ea fe 45 85 ff 0f 84 4c 01 00 00 41 83 bd 20 01 00 00 00 74 38 31 ed 49 8b 85 28 01 00 00 48 8b 04 e8 <48> 8b 40 18 48 8b 08 44 8b 40 08 4c 89 e7 48 c7 c6 14 8e ec 82 89
RSP: 0018:ffffc900022ebb90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000001000
RDX: 0000000000000000 RSI: ffffffff82ec8e12 RDI: ffff888105bbe0f8
RBP: 0000000000000000 R08: ffff0a00ffffff00 R09: 00000000ffff0a00
R10: 0000001000000000 R11: 0000000400000001 R12: ffff888105b081d0
R13: ffff888104330000 R14: 0000000000000d89 R15: 0000000000000001
FS:  00007fd4a78406c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000105b66000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 seq_show+0x1b4/0x1f0 fs/proc/fd.c:68
 seq_read_iter+0x146/0x410 fs/seq_file.c:230
 seq_read+0x134/0x160 fs/seq_file.c:162
 do_loop_readv_writev fs/read_write.c:854 [inline]
 vfs_readv+0x22e/0x330 fs/read_write.c:1027
 do_preadv fs/read_write.c:1142 [inline]
 __do_sys_preadv fs/read_write.c:1192 [inline]
 __se_sys_preadv fs/read_write.c:1187 [inline]
 __x64_sys_preadv+0x8c/0xf0 fs/read_write.c:1187
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0x8d/0x170 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fd4a697e719
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fd4a7840038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
RAX: ffffffffffffffda RBX: 00007fd4a6b35f80 RCX: 00007fd4a697e719
RDX: 0000000000000001 RSI: 0000000020000640 RDI: 0000000000000004
RBP: 00007fd4a69f132e R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007fd4a6b35f80 R15: 00007ffc380335e8
 </TASK>
Modules linked in:
CR2: 0000000000000018
---[ end trace 0000000000000000 ]---
RIP: 0010:io_uring_show_fdinfo+0x462/0x6b0 io_uring/fdinfo.c:181
Code: c6 06 8e ec 82 e8 2e 70 ea fe 45 85 ff 0f 84 4c 01 00 00 41 83 bd 20 01 00 00 00 74 38 31 ed 49 8b 85 28 01 00 00 48 8b 04 e8 <48> 8b 40 18 48 8b 08 44 8b 40 08 4c 89 e7 48 c7 c6 14 8e ec 82 89
RSP: 0018:ffffc900022ebb90 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000001000
RDX: 0000000000000000 RSI: ffffffff82ec8e12 RDI: ffff888105bbe0f8
RBP: 0000000000000000 R08: ffff0a00ffffff00 R09: 00000000ffff0a00
R10: 0000001000000000 R11: 0000000400000001 R12: ffff888105b081d0
R13: ffff888104330000 R14: 0000000000000d89 R15: 0000000000000001
FS:  00007fd4a78406c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000018 CR3: 0000000105b66000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 5 bytes skipped:
   0:	e8 2e 70 ea fe       	call   0xfeea7033
   5:	45 85 ff             	test   %r15d,%r15d
   8:	0f 84 4c 01 00 00    	je     0x15a
   e:	41 83 bd 20 01 00 00 	cmpl   $0x0,0x120(%r13)
  15:	00
  16:	74 38                	je     0x50
  18:	31 ed                	xor    %ebp,%ebp
  1a:	49 8b 85 28 01 00 00 	mov    0x128(%r13),%rax
  21:	48 8b 04 e8          	mov    (%rax,%rbp,8),%rax
* 25:	48 8b 40 18          	mov    0x18(%rax),%rax <-- trapping instruction
  29:	48 8b 08             	mov    (%rax),%rcx
  2c:	44 8b 40 08          	mov    0x8(%rax),%r8d
  30:	4c 89 e7             	mov    %r12,%rdi
  33:	48 c7 c6 14 8e ec 82 	mov    $0xffffffff82ec8e14,%rsi
  3a:	89                   	.byte 0x89