program: ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0xeffffdff, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x8b, 0x0, '\x00', 0xff}, {}, {}, {}, {0x0, 0x2}, {}, {}, {0x0, 0x0, 0x0, '\x00', 0x7}]}}) r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x21}]}}}]}]}], {0x14}}, 0xd8}}, 0x0) syz_emit_ethernet(0x3a, &(0x7f0000000800)={@link_local, @random="1d5da714014b", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x11, 0x0, @rand_addr, @multicast1}, {0x0, 0x6e21, 0x18, 0x0, @wg=@data}}}}}, 0x0) connect$rxrpc(r0, &(0x7f0000000140)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21}}, 0x24) r2 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) sendmmsg(r0, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "e4"}], 0x18, 0xe000}, 0x5}, {{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[{0x18, 0x110, 0xd, 'c'}], 0x18, 0x500}}], 0x2, 0x0) [ 58.023790][ T5351] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 58.026981][ T5351] #PF: supervisor instruction fetch in kernel mode [ 58.029814][ T5351] #PF: error_code(0x0010) - not-present page [ 58.032434][ T5351] PGD 0 P4D 0 [ 58.033994][ T5351] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 58.036402][ T5351] CPU: 0 UID: 0 PID: 5351 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00224-g8d561baae505 #0 PREEMPT(full) [ 58.041159][ T5351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 58.046342][ T5351] RIP: 0010:0x0 [ 58.047677][ T5351] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 58.050712][ T5351] RSP: 0018:ffffc9000fe97998 EFLAGS: 00010287 [ 58.054207][ T5351] RAX: ffffffff81f8e584 RBX: 1ffffd4000269398 RCX: 0000000000100000 [ 58.065940][ T5351] RDX: ffffc9000de0a000 RSI: ffffea0001349cc0 RDI: ffff888042d1b540 [ 58.070596][ T5351] RBP: ffffc9000fe97a50 R08: ffffea0001349cc7 R09: 1ffffd4000269398 [ 58.073930][ T5351] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 58.077340][ T5351] R13: ffffea0001349cc8 R14: ffffea0001349cc0 R15: 1ffffd4000269399 [ 58.080529][ T5351] FS: 00007f2a83dfd6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 58.084517][ T5351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.087316][ T5351] CR2: ffffffffffffffd6 CR3: 0000000043a3d000 CR4: 0000000000352ef0 [ 58.090648][ T5351] Call Trace: [ 58.092062][ T5351] [ 58.093338][ T5351] filemap_read_folio+0x117/0x380 [ 58.095488][ T5351] ? __pfx_filemap_read_folio+0x10/0x10 [ 58.097866][ T5351] ? filemap_add_folio+0x1af/0x270 [ 58.099856][ T5351] do_read_cache_folio+0x350/0x590 [ 58.101939][ T5351] freader_get_folio+0x3c4/0x830 [ 58.104107][ T5351] freader_fetch+0xa3/0x5d0 [ 58.105862][ T5351] __build_id_parse+0x133/0x7d0 [ 58.107739][ T5351] ? __pfx___build_id_parse+0x10/0x10 [ 58.109804][ T5351] ? rcu_is_watching+0x15/0xb0 [ 58.111753][ T5351] ? find_vma+0xe7/0x160 [ 58.113463][ T5351] ? __pfx_find_vma+0x10/0x10 [ 58.115327][ T5351] ? query_matching_vma+0x1b2/0x1d0 [ 58.117453][ T5351] procfs_procmap_ioctl+0x7f0/0xce0 [ 58.119564][ T5351] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 58.121888][ T5351] ? __fget_files+0x2a/0x420 [ 58.123810][ T5351] ? __fget_files+0x3a0/0x420 [ 58.125857][ T5351] ? __fget_files+0x2a/0x420 [ 58.127990][ T5351] ? bpf_lsm_file_ioctl+0x9/0x20 [ 58.130112][ T5351] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 58.132543][ T5351] __se_sys_ioctl+0xf9/0x170 [ 58.134558][ T5351] do_syscall_64+0xfa/0x3b0 [ 58.136447][ T5351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.138994][ T5351] ? clear_bhb_loop+0x60/0xb0 [ 58.141057][ T5351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 58.143568][ T5351] RIP: 0033:0x7f2a82f8ebe9 [ 58.145522][ T5351] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 58.153555][ T5351] RSP: 002b:00007f2a83dfd038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 58.157532][ T5351] RAX: ffffffffffffffda RBX: 00007f2a831b5fa0 RCX: 00007f2a82f8ebe9 [ 58.161347][ T5351] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000005 [ 58.164816][ T5351] RBP: 00007f2a83011e19 R08: 0000000000000000 R09: 0000000000000000 [ 58.168260][ T5351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 58.171612][ T5351] R13: 00007f2a831b6038 R14: 00007f2a831b5fa0 R15: 00007ffcd0928c88 [ 58.174930][ T5351] [ 58.176235][ T5351] Modules linked in: [ 58.177963][ T5351] CR2: 0000000000000000 [ 58.179763][ T5351] ---[ end trace 0000000000000000 ]--- [ 58.182096][ T5351] RIP: 0010:0x0 [ 58.183605][ T5351] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 58.186690][ T5351] RSP: 0018:ffffc9000fe97998 EFLAGS: 00010287 [ 58.189325][ T5351] RAX: ffffffff81f8e584 RBX: 1ffffd4000269398 RCX: 0000000000100000 [ 58.192401][ T5351] RDX: ffffc9000de0a000 RSI: ffffea0001349cc0 RDI: ffff888042d1b540 [ 58.195613][ T5351] RBP: ffffc9000fe97a50 R08: ffffea0001349cc7 R09: 1ffffd4000269398 [ 58.198859][ T5351] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 58.202128][ T5351] R13: ffffea0001349cc8 R14: ffffea0001349cc0 R15: 1ffffd4000269399 [ 58.205413][ T5351] FS: 00007f2a83dfd6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 58.209163][ T5351] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 58.211929][ T5351] CR2: ffffffffffffffd6 CR3: 0000000043a3d000 CR4: 0000000000352ef0 [ 58.215282][ T5351] Kernel panic - not syncing: Fatal exception [ 58.218303][ T5351] Kernel Offset: disabled [ 58.220153][ T5351] Rebooting in 86400 seconds..