program: syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x40, &(0x7f0000000100), 0x1, 0x576, &(0x7f0000000140)="$eJzs3T1sG2UfAPD/neO3X3nf9JXeVwLUoQKkIlV1kn5AYWpXRKVKHZBYIHLcqIoTV7EDTZQh3StEBwSoS9lgYAQxMCAWRlYWEDNSRSOQmg5g5K80TZzglDouud9POvuee87+P8+d/499pzs5gMw62nhII56OiItJxMi6uqFoVx5trbe6slS8v7JUTKJev/RLEklE3FtZKnbWT9rPhyJiOSKeiohv8hHH081xqwuL0xPlcmmuXR6tzVwdrS4snrgyMzFVmirNnnrp5TNnT58ZPzm+/mX36+tL+Z319caPN9+98d2rt29++tmR5eL7E0mci+F23fp+PE6tbZKPcxuWn+5HsAFKBt0AHkmuneeNVPp/jESunfXd1Ed2tWlAn9X3RdSBjErkP2RU53dA4/i3M+3m748751sHII24q+2pVTPUOjcR+5vHJgd/TR46Mmkcbx7ezYayJy1fj4ixoaHNn/+k/fl7dGOPo4H01dfnWztq8/5P18af6DL+DHfOnf5NnfFvddP49yB+bovx72KPMX5/46ePtox/PeKZrvGTtfhJl/hpRLzVY/xbr395dqu6+scRx6J7/I5k+/PDo5evlEtjrceuMb46duSV7fp/cIv4rXO2+5tfM922f5fT2l198e3nzy5vE/+F57bf/922/4GIeK/H+P+998lrW9XduZ7cbfwK2On+TyIft3uM/+K5oz/0uCoAAAAAAAAAALADafNatiQtrM2naaHQuof3f3EwLVeqteOXK/Ozk61r3g5HPu1caTXSKieN8nj7etxO+eSG8qlcO2DuQLNcKFbKkwPuOwAAAAAAAAAAAAAAAAAAADwpDm24//+3XPP+/41/Vw3sVVv/5Tew18l/yK6H8z8ZWDuA3ef7HzKrLv8hu+Q/ZJf8h+yS/5Bd8h+yS/5Ddsl/AAAAAAAAAAAAAAAAAAAAAAAAAADoi4sXLjSm+v2VpWKjPDm0MD9defvEZKk6XZiZLxaKlbmrhalKZapcKhQrM3/1fkmlcnUsZuevjdZK1dpodWHxzZnK/GznP0VL+b73CAAAAAAAAAAAAAAAAAAAAP55hptTkhYiIm3Op2mhEPHviDicRHL5Srk0FhH/iYjvc/l9jfL4oBsNAAAAAAAAAAAAAAAAAAAAe0x1YXF6olwuzWVkZmgnK0fE8uNtRuMdd/yqfHtfPSnb0EwWZgY8MAEAAAAAAAAAAAAAAAAAQAY9uOm311f80d8GAQAAAAAAAAAAAAAAAAAAQCalPycR0ZiOjTw/vLH2X8lqrvkcEe/cuvTBtYlabW68sfzu2vLah+3lJwfRfqBXnTzt5DEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQHVhcXqiXC7N9XFm0H0EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeBR/BgAA///eANcP") r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000b40), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_GET_LIMITS(r1, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)={&(0x7f0000000b80)={0x1c, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0xc}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4}, 0x10) fallocate(r0, 0x20, 0x0, 0x8000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x9) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000240)={[{@resuid}, {@abort}, {@noinit_itable}, {@norecovery}, {@discard}, {@lazytime}, {@nogrpid}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x563, &(0x7f0000000440)="$eJzs3c9rHFUcAPDvbH70R6pNoRT1IIEerNRumsQfFTzUo2ixoPe6JNNQsumW7KY0sWB7sBcvUgQRC+If4N1j8R/w6F9Q0EKREvTgJTKb2XTT7CabdNtsu58PTPvezCTvvbz5vn2zb5YNoG+NZf8UIl6NiG+TiMNNxwYjPzi2dt7Kw+vT2ZbE6upnfyeR5Psa5yf5/yN55pWI+O3riJOFzeVWl5bnSuVyupDnx2vzV8arS8unLs2XZtPZ9PLk1NSZd6Ym33/v3a619c3z//7w6d2PznxzfOX7X+4fuZ3E2TiUH2tuxxO40ZwZi7H8bzIUZx87caILhfWSZK8rwK4M5HE+FNkYcDgG8qgHXnxfRcQq0KcS8Q99qjEPaNzbd+k++Lnx4MO1G6DN7R9ce28k9tfvjQ6uJBvujLL73dEulJ+V8etfd25nW3TvfQiAbd24GRGnBwc3j39JPv7t3ukOznm8jB2Of6s7rBLQ5G42/3mr1fynsD7/iRbzn5EWsbsb28d/4X4Ximkrm/990HL+u75oNTqQ516qz/mGkouXymk2tr0cESdiaF+W32o958zKvbbjVPP8L9uy8htzwbwe9wf3bfyZmVKt9CRtbvbgZsRrLee/yXr/Jy36f+NK19aOpXdeb3ds+/Y/Xas/R7zRsv8frWglW69Pjtevh/HGVbHZP7eO/d6u/L1uf9b/B7du/2jSvF5b3XkZP+3/L213bLfX/3DyeT09nO+7VqrVFiYihpNPNu+ffPSzjXzj/Kz9J45vPf61uv4PRMQXHbb/1tFbbU/thf6f2VH/7zxx7+Mvf2xXfmf9/3Y9dSLf08n412kFn+RvBwAAAAAAAL2mEBGHIikU19OFQrG49nzH0ThYKFeqtZMXK4uXZ6L+WdnRGCo0VrpHmp6HmMifh23kJx/LT0XEkYj4buBAPV+crpRn9rrxAAAAAAAAAAAAAAAAAAAA0CNG2nz+P/PnwF7XDnjqfOU39K9t478b3/QE9CSv/9C/xD/0L/EP/Wur+B9+hvUAnj2v/9C/Oor/PzwNAC8ir//Qv8Q/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNX5c+eybXXl4fXpLD9zdWlxrnL11ExanSvOL04XpysLV4qzlcpsOS1OV+a3+33lSuXKxGQsXhuvpdXaeHVp+cJ8ZfFy7cKl+dJseiEdeiatAgAAAAAAAAAAAAAAAAAAgOdLdWl5rlQupwsSErtKDPZGNSTWEvWoTroQ3Xs6LAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADABv8HAAD//zupNTE=") mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000003c0)='./bus\x00') r4 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r4, 0x0) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) sendfile(r3, r3, 0x0, 0xe0000000) perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x9b, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext={0x0, 0x9a}, 0x102480, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x9) r6 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendfile(r6, r7, 0x0, 0xfffe82) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) r9 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r9, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x1d, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSETELEM={0x0, 0xc, 0xa, 0x401, 0x0, 0x0, {0x3, 0x0, 0x5}, [@NFTA_SET_ELEM_LIST_SET={0x0, 0x2, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x0, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x0, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x0, 0x1, 'syz0\x00'}, @NFTA_SET_ELEM_LIST_SET={0x0, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x0, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0xffffffffffffff6b, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x5}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x4c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x10}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x14, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xe8}}, 0x0) [ 84.816135][ T4685] Bluetooth: hci0: command tx timeout [ 84.860032][ T5346] loop0: detected capacity change from 0 to 1024 [ 84.887583][ T5346] ======================================================= [ 84.887583][ T5346] WARNING: The mand mount option has been deprecated and [ 84.887583][ T5346] and is ignored by this kernel. Remove the mand [ 84.887583][ T5346] option from the mount to silence this warning. [ 84.887583][ T5346] ======================================================= [ 84.984820][ T5346] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.990158][ T5346] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.029570][ T5346] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 85.033097][ T5346] #PF: supervisor instruction fetch in kernel mode [ 85.035876][ T5346] #PF: error_code(0x0010) - not-present page [ 85.038428][ T5346] PGD 0 P4D 0 [ 85.039981][ T5346] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 85.042326][ T5346] CPU: 0 UID: 0 PID: 5346 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00286-gc435a4f487e8 #0 PREEMPT(full) [ 85.048417][ T5346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.053701][ T5346] RIP: 0010:0x0 [ 85.055729][ T5346] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.059557][ T5346] RSP: 0018:ffffc9000fddf998 EFLAGS: 00010283 [ 85.062200][ T5346] RAX: ffffffff81f85ac4 RBX: 1ffffd4000269400 RCX: 0000000000100000 [ 85.065644][ T5346] RDX: ffffc9000ddc2000 RSI: ffffea000134a000 RDI: ffff88803f9f0540 [ 85.069206][ T5346] RBP: ffffc9000fddfa50 R08: ffffea000134a007 R09: 1ffffd4000269400 [ 85.072795][ T5346] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.076215][ T5346] R13: ffffea000134a008 R14: ffffea000134a000 R15: 1ffffd4000269401 [ 85.079599][ T5346] FS: 00007fa553cb96c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000 [ 85.083376][ T5346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.086190][ T5346] CR2: ffffffffffffffd6 CR3: 00000000442c3000 CR4: 0000000000352ef0 [ 85.089548][ T5346] Call Trace: [ 85.091065][ T5346] [ 85.092284][ T5346] filemap_read_folio+0x117/0x380 [ 85.094539][ T5346] ? __pfx_filemap_read_folio+0x10/0x10 [ 85.096845][ T5346] ? filemap_add_folio+0x1af/0x270 [ 85.099152][ T5346] do_read_cache_folio+0x350/0x590 [ 85.101459][ T5346] freader_get_folio+0x3c4/0x830 [ 85.103719][ T5346] freader_fetch+0xa3/0x5d0 [ 85.105772][ T5346] __build_id_parse+0x133/0x7d0 [ 85.107933][ T5346] ? __pfx___build_id_parse+0x10/0x10 [ 85.110265][ T5346] ? find_vma+0xe7/0x160 [ 85.112119][ T5346] ? __pfx_find_vma+0x10/0x10 [ 85.114311][ T5346] ? query_matching_vma+0x1b2/0x1d0 [ 85.116452][ T5346] procfs_procmap_ioctl+0x7f0/0xce0 [ 85.118730][ T5346] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.121183][ T5346] ? __fget_files+0x2a/0x420 [ 85.123256][ T5346] ? __fget_files+0x2a/0x420 [ 85.125291][ T5346] ? __fget_files+0x3a0/0x420 [ 85.127702][ T5346] ? __fget_files+0x2a/0x420 [ 85.129902][ T5346] ? bpf_lsm_file_ioctl+0x9/0x20 [ 85.132099][ T5346] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 85.134748][ T5346] __se_sys_ioctl+0xf9/0x170 [ 85.136770][ T5346] do_syscall_64+0xfa/0x3b0 [ 85.138812][ T5346] ? lockdep_hardirqs_on+0x9c/0x150 [ 85.141164][ T5346] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.143927][ T5346] ? clear_bhb_loop+0x60/0xb0 [ 85.145985][ T5346] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.148535][ T5346] RIP: 0033:0x7fa552d8e929 [ 85.150407][ T5346] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 85.158666][ T5346] RSP: 002b:00007fa553cb9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 85.162156][ T5346] RAX: ffffffffffffffda RBX: 00007fa552fb5fa0 RCX: 00007fa552d8e929 [ 85.165682][ T5346] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000007 [ 85.169082][ T5346] RBP: 00007fa552e10b39 R08: 0000000000000000 R09: 0000000000000000 [ 85.172347][ T5346] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 85.175677][ T5346] R13: 0000000000000000 R14: 00007fa552fb5fa0 R15: 00007ffe6a4c8b88 [ 85.179172][ T5346] [ 85.180577][ T5346] Modules linked in: [ 85.182325][ T5346] CR2: 0000000000000000 [ 85.184167][ T5346] ---[ end trace 0000000000000000 ]--- [ 85.186625][ T5346] RIP: 0010:0x0 [ 85.188226][ T5346] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 85.191475][ T5346] RSP: 0018:ffffc9000fddf998 EFLAGS: 00010283 [ 85.194029][ T5346] RAX: ffffffff81f85ac4 RBX: 1ffffd4000269400 RCX: 0000000000100000 [ 85.197503][ T5346] RDX: ffffc9000ddc2000 RSI: ffffea000134a000 RDI: ffff88803f9f0540 [ 85.200873][ T5346] RBP: ffffc9000fddfa50 R08: ffffea000134a007 R09: 1ffffd4000269400 [ 85.204307][ T5346] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 85.207656][ T5346] R13: ffffea000134a008 R14: ffffea000134a000 R15: 1ffffd4000269401 [ 85.211230][ T5346] FS: 00007fa553cb96c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000 [ 85.215529][ T5346] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.218389][ T5346] CR2: ffffffffffffffd6 CR3: 00000000442c3000 CR4: 0000000000352ef0 [ 85.221844][ T5346] Kernel panic - not syncing: Fatal exception [ 85.224903][ T5346] Kernel Offset: disabled [ 85.226792][ T5346] Rebooting in 86400 seconds..