program: r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r1 = syz_mount_image$fuse(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f00000001c0)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0xfe, 0x0, 0x0) r2 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r2, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000600), 0x82811, 0x0) ioctl$SNAPSHOT_AVAIL_SWAP_SIZE(r4, 0x80083313, &(0x7f0000000140)) r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) r7 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000400), 0xffffffffffffffff) r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$ieee802154(&(0x7f00000001c0), r8) r11 = socket$nl_route(0x10, 0x3, 0x0) r12 = socket(0x10, 0x3, 0x0) r13 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r13, 0x8933, &(0x7f0000000040)={'vxcan0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f0000000140)={'vcan0\x00', 0x0}) sendmsg$nl_route(r12, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=ANY=[@ANYBLOB="240000001800010000000000fedbdf251d01000008000a00", @ANYRES32=r14, @ANYRES32=r1, @ANYRES32=r15, @ANYBLOB="47726714afaf7486bbc53e10795b92c1b4d843883138241be6c88c795c5338402a48ff02291e13fb1d2797d8df7dc62cef2bfbc65e486503c29044d01ba4aa5587d0b885e6458185ed2dc71b4897a7ef40dfa088c11b8755c99e8fd0238bd4e112626e649509e233a508b71522f0ab993bc89d88d64819319c4bcd"], 0x24}, 0x1, 0x0, 0x0, 0x4004000}, 0x0) getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f0000000440), &(0x7f0000000480)=0x31) sendmsg$nl_route(r11, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@can_newroute={0x14, 0x18, 0x1, 0x70bd28, 0x25dfdbfe, {0x1d, 0x1, 0x7}}, 0x14}, 0x1, 0x0, 0x0, 0xde50a9659187563d}, 0x40000c0) ioctl$sock_SIOCGIFINDEX_802154(r9, 0x8933, &(0x7f0000000340)={'wpan1\x00', 0x0}) sendmsg$IEEE802154_LLSEC_ADD_DEV(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="4d7e00000000000000002a00000008c3e0c9a90000000a0001007770616e3100000008002f0005000000050037000000000008000200", @ANYRES32=r16, @ANYBLOB], 0x40}, 0x4, 0x700000000000000, 0x0, 0x40}, 0x0) sendmsg$IEEE802154_ASSOCIATE_RESP(r5, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r10, @ANYBLOB="08002dbd7000fcdbdf2513000000002b4a1e5f1b0f000000000005000300330000000c0009000200"], 0x34}, 0x1, 0x0, 0x0, 0x2000000}, 0x8050) ioctl$FS_IOC_GETFSUUID(r0, 0x80111500, &(0x7f0000000000)) sendmsg$NL802154_CMD_GET_SEC_LEVEL(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000640)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r7, @ANYBLOB="010300000000000000002b00000008000300", @ANYRES32=r6, @ANYBLOB="fc41b6adb0c2d10bca8b3a22ac29f63c147c3304bdb91b386b1884977f9766f7da6eb19c4ba3bd099313add8d5048925cae8279fd146308c9728ae3bffca4824f61da408abe47b5c0e3149c694e2075049923b567dc8f8dfc12f0c637132c143e52f981be9550ee304f29b1c77dffca228a89588d2f8e551a1c7572a2bda8ea1051874968aebecf22628ccdf9f593bcd5ddd03841c4551e88aa05573d94d4d4bdfb301f663afc3799161687ace35c9607fc5193a722ee7eea9a3f7118021559897ecaf655d3d62dbf2b9f068a256055732dc4d048b"], 0x1c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r17 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r17, 0x8933, &(0x7f0000000080)={'syz_tun\x00'}) [ 75.472001][ T5315] Bluetooth: hci0: command tx timeout [ 75.625313][ T5338] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 75.628667][ T5338] #PF: supervisor instruction fetch in kernel mode [ 75.631605][ T5338] #PF: error_code(0x0010) - not-present page [ 75.634236][ T5338] PGD 0 P4D 0 [ 75.635835][ T5338] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 75.638241][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.641761][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.646483][ T5338] RIP: 0010:0x0 [ 75.648537][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.652454][ T5338] RSP: 0018:ffffc9000ae3f958 EFLAGS: 00010287 [ 75.655428][ T5338] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000fec30 RCX: 0000000000100000 [ 75.659055][ T5338] RDX: ffffc90021223000 RSI: ffffea00007f6180 RDI: ffff88803328f1c0 [ 75.662452][ T5338] RBP: ffffc9000ae3fa18 R08: ffffea00007f6187 R09: 1ffffd40000fec30 [ 75.665931][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.669579][ T5338] R13: ffffea00007f6188 R14: ffffea00007f6180 R15: 1ffffd40000fec31 [ 75.673090][ T5338] FS: 00007f8e5c1f56c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.677166][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.680103][ T5338] CR2: ffffffffffffffd6 CR3: 0000000043e21000 CR4: 0000000000352ef0 [ 75.683721][ T5338] Call Trace: [ 75.685256][ T5338] [ 75.686586][ T5338] filemap_read_folio+0x117/0x380 [ 75.689471][ T5338] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.692201][ T5338] do_read_cache_folio+0x358/0x590 [ 75.694469][ T5338] freader_get_folio+0x3c7/0x830 [ 75.696736][ T5338] freader_fetch+0xa3/0x750 [ 75.698641][ T5338] __build_id_parse+0x133/0x7d0 [ 75.700891][ T5338] ? __pfx___build_id_parse+0x10/0x10 [ 75.703282][ T5338] procfs_procmap_ioctl+0x76f/0xce0 [ 75.705502][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.707999][ T5338] ? __fget_files+0x2a/0x420 [ 75.710007][ T5338] ? __fget_files+0x2a/0x420 [ 75.711967][ T5338] ? __fget_files+0x3a0/0x420 [ 75.714071][ T5338] ? __fget_files+0x2a/0x420 [ 75.716051][ T5338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.718429][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.720983][ T5338] __se_sys_ioctl+0xfc/0x170 [ 75.723023][ T5338] do_syscall_64+0xec/0xf80 [ 75.725028][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.727857][ T5338] ? trace_irq_disable+0x37/0x100 [ 75.730118][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 75.732360][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.735133][ T5338] RIP: 0033:0x7f8e5fd8f7c9 [ 75.737087][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.745244][ T5338] RSP: 002b:00007f8e5c1f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.748812][ T5338] RAX: ffffffffffffffda RBX: 00007f8e5ffe6090 RCX: 00007f8e5fd8f7c9 [ 75.751925][ T5338] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 75.755131][ T5338] RBP: 00007f8e5fe13f91 R08: 0000000000000000 R09: 0000000000000000 [ 75.758227][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.761283][ T5338] R13: 00007f8e5ffe6128 R14: 00007f8e5ffe6090 R15: 00007ffe9f75d318 [ 75.764782][ T5338] [ 75.766150][ T5338] Modules linked in: [ 75.767744][ T5338] CR2: 0000000000000000 [ 75.769529][ T5338] ---[ end trace 0000000000000000 ]--- [ 75.771857][ T5338] RIP: 0010:0x0 [ 75.773430][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.776667][ T5338] RSP: 0018:ffffc9000ae3f958 EFLAGS: 00010287 [ 75.779322][ T5338] RAX: ffffffff81fbd4f4 RBX: 1ffffd40000fec30 RCX: 0000000000100000 [ 75.782599][ T5338] RDX: ffffc90021223000 RSI: ffffea00007f6180 RDI: ffff88803328f1c0 [ 75.786119][ T5338] RBP: ffffc9000ae3fa18 R08: ffffea00007f6187 R09: 1ffffd40000fec30 [ 75.789617][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.793024][ T5338] R13: ffffea00007f6188 R14: ffffea00007f6180 R15: 1ffffd40000fec31 [ 75.796531][ T5338] FS: 00007f8e5c1f56c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 75.800490][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.803975][ T5338] CR2: ffffffffffffffd6 CR3: 0000000043e21000 CR4: 0000000000352ef0 [ 75.807486][ T5338] Kernel panic - not syncing: Fatal exception [ 75.810383][ T5338] Kernel Offset: disabled [ 75.812233][ T5338] Rebooting in 86400 seconds..