program: mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0xfa, 0x700) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r0, 0xc1205531, &(0x7f0000000240)={0x7, 0x8940, 0x1, 0x81, '\x00', '\x00', '\x00', 0x9, 0x790, 0xe, 0x8, "d63460515347c64770f9df22f667a354"}) mkdir(&(0x7f0000000180)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]}) r1 = open$dir(&(0x7f0000000240)='./file1\x00', 0x420000, 0x18) renameat2(0xffffffffffffffff, &(0x7f0000000140)='./bus\x00', r1, &(0x7f0000000280)='./file0\x00', 0x5) chdir(&(0x7f00000000c0)='./bus\x00') mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) faccessat2(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x2, 0x0) r2 = creat(&(0x7f0000000440)='./file0\x00', 0x0) open_by_handle_at(r2, &(0x7f0000000200)=@OVL_FILEID_V1={0x18, 0xf8, {'\x00', {0x0, 0xfb, 0x15, 0x2, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x10002) syz_emit_ethernet(0x7a, &(0x7f00000001c0)={@link_local, @empty, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x3, 0x6, "269fe0", 0x40, 0x3a, 0x1, @empty, @local, {[], @time_exceed={0x3, 0x0, 0x0, 0x2, '\x00', {0x3, 0x6, "39afb8", 0xf647, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @private2={0xfc, 0x2, '\x00', 0x1}, [@srh={0x2c, 0x0, 0x4, 0x0, 0x2, 0xd8, 0x9}], "cb78b2e77777e850"}}}}}}}, 0x0) r3 = fsopen(&(0x7f00000003c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_SET_FD(r3, 0x5, &(0x7f0000000040)='cgroup2\x00', 0x0, r3) r4 = syz_open_dev$usbfs(&(0x7f0000000080), 0xf, 0x8041) ioctl$USBDEVFS_DISCONNECT_CLAIM(r4, 0x8108551b, &(0x7f00000001c0)={0x0, 0x2, "4cf90fba85c830e42a3ca4b10f01bbcb15f3806c4853e7c44a6974759d9f643905a56baa4195fb396d9bfa306999f1586e5d1ca49add100a36b751a7d9fe0b182ebf2c8a0e66f72c1c08260030752f07cd4089473e52885a3c85bacf3ccfac5bb9435fe036dcfccd7254bbd8bce90e2284d29e1f17d6652270fd0abcb8729f16ff602b438bd122a9e09984e2799d0dbfef7533d1a930ea4f4b57605ace45f5815450693650ae122d34aa0c5ca5e793516d156e5a5b34d6c17c40d753426a3d8e15e726d0f2622e873e0cbe63751bb62c68594d4cb0a21b92ad2e80f24a9b290a87ee6779022a0b7f5223e4e8c9f53f501ec8c439724078fdc076a51d50760566"}) ioctl$USBDEVFS_ALLOC_STREAMS(r4, 0x8008551c, &(0x7f0000000000)={0x184a, 0x1, [{0x1, 0x1}]}) r5 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) getpeername(r5, &(0x7f0000000480)=@xdp, &(0x7f0000000400)=0x80) r6 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080), 0x6, 0x454, &(0x7f0000000ac0)="$eJzs3MtvG8UfAPDv2kna9PGLf1V5NC0QKIiIR9KkpfTABQQSB5CQ4FCOwUmrULdBTZBoFUFAqBxRJe6IIxJ/ASe4IOCExBUkjqhShXJp6clo7XXiuHYeblM79ecjbTuzO6uZr2cnmd3JOoCeNZL+k0Tsi4g/ImKoml1bYKT6383lxeK/y4vFJMrlt/9JKuVuLC8Wa0Vr5+2tZQoRuc+TONyk3vlLl89NlUozF7P8+ML5D8bnL11+fvb81NmZszMXJk+dOnF84sWTky/clTjTuG4Mfzx35NDr7159s3j66nu/fJfU4m+IY0tyLY+MrHfaU+VyW9V1q/116aRvNbnBaeXWHx/3Qj4i0u7qr4z/ocjHaucNxWufdbRxwLYaWP/wUhm4j6WzeaAX1X7Rp/e/te0eTDu6xvWXqzdAadw3s616pG/l1j69NxrcpvpHIuL00q2v0y3u5DkEAMAm/ZDOf55rNv/LxYN15f6XraEUIuL/EXEgIk5GxMGIeCCiUvahiHi4ZU27m+5tXCS5ff6Tu9Z2cJuQzv9eyta21s7/VlYmCvkst78Sf39yZrY0cyz7TEajf1ean1injh9f/f3LVsfq53/pltZfmwtm7bjWt2vtOdNTC1NZ8q9P2g08c/3TiOG+ZvEnKysBSUQciojhNuuYfebbI62ObRz/9ip/E/F0tf+XoiH+mmT99cnx3VGaOTZeuypu9+tvV95qVX+n40/7f0/T638l/kJSv147v/U6rvz5RbHVk+Z2r/+B5J01+z6aWli4OBExkLxRbXT9/smGcpOr5dP4R482H/8HYvWTOBwR6UX8SEQ8GhGPZW1/PCKeiIij68T/8ytPvt/qWDf0/3RE3MqeB2zc/6uJgWjc0zyRP/fT92sqLWwl/rT/T1RSo9meup9/LW2mXe1dzQAAALDz5CJiXyS5sZV0Ljc2Vv0b/oOxJ1eam1949szchxemq+8IFKI/V3vSNVT3PHQiu62v5Scb8sez58Zf5Qcr+bHiXGm608FDj9vbYvyn/s53unXAtuvrdAOAjjH+oXcZ/9C7jH/oXU3G/3a97wZ0mcr4b/iqpjt9sQDYGRp+/1v2gx7i/h96l/EPvcv4h540PxgbvyQv0V6iv+nXJtwnich1RTO6ITEQscmvwthBiU7/ZAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALg7/gsAAP//HIDlBg==") ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'pim6reg1\x00'}) open$dir(&(0x7f0000000300)='./file3\x00', 0xc0040, 0x0) [ 144.887907][ T4679] Bluetooth: hci0: command tx timeout [ 145.097967][ T5338] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 145.100586][ T5338] #PF: supervisor instruction fetch in kernel mode [ 145.103070][ T5338] #PF: error_code(0x0010) - not-present page [ 145.105300][ T5338] PGD 0 P4D 0 [ 145.106685][ T5338] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 145.108892][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 145.112277][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 145.116123][ T5338] RIP: 0010:0x0 [ 145.117447][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 145.120536][ T5338] RSP: 0018:ffffc9000bbbf958 EFLAGS: 00010287 [ 145.123630][ T5338] RAX: ffffffff81fbd274 RBX: 1ffffd4000118e40 RCX: 0000000000100000 [ 145.127903][ T5338] RDX: ffffc900210d2000 RSI: ffffea00008c7200 RDI: ffff88801210a380 [ 145.131936][ T5338] RBP: ffffc9000bbbfa18 R08: ffffea00008c7207 R09: 1ffffd4000118e40 [ 145.135303][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 145.138757][ T5338] R13: ffffea00008c7208 R14: ffffea00008c7200 R15: 1ffffd4000118e41 [ 145.141922][ T5338] FS: 00007f8ac0dea6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 145.145318][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.147706][ T5338] CR2: ffffffffffffffd6 CR3: 0000000042386000 CR4: 0000000000352ef0 [ 145.150242][ T5338] Call Trace: [ 145.151636][ T5338] [ 145.152845][ T5338] filemap_read_folio+0x117/0x380 [ 145.155020][ T5338] ? __pfx_filemap_read_folio+0x10/0x10 [ 145.157315][ T5338] do_read_cache_folio+0x358/0x590 [ 145.159384][ T5338] freader_get_folio+0x3c7/0x830 [ 145.161518][ T5338] freader_fetch+0xa3/0x750 [ 145.163383][ T5338] __build_id_parse+0x133/0x7d0 [ 145.165437][ T5338] ? __pfx___build_id_parse+0x10/0x10 [ 145.167628][ T5338] procfs_procmap_ioctl+0x76f/0xce0 [ 145.169886][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 145.172408][ T5338] ? __fget_files+0x2a/0x420 [ 145.174457][ T5338] ? __fget_files+0x2a/0x420 [ 145.176423][ T5338] ? __fget_files+0x3a0/0x420 [ 145.178395][ T5338] ? __fget_files+0x2a/0x420 [ 145.180029][ T5338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 145.181954][ T5338] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 145.184234][ T5338] __se_sys_ioctl+0xfc/0x170 [ 145.186198][ T5338] do_syscall_64+0xec/0xf80 [ 145.188200][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.190565][ T5338] ? trace_irq_disable+0x37/0x100 [ 145.192759][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 145.194941][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 145.197638][ T5338] RIP: 0033:0x7f8abff8f7c9 [ 145.199474][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 145.207981][ T5338] RSP: 002b:00007f8ac0dea038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 145.211759][ T5338] RAX: ffffffffffffffda RBX: 00007f8ac01e5fa0 RCX: 00007f8abff8f7c9 [ 145.215450][ T5338] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 145.219204][ T5338] RBP: 00007f8ac0013f91 R08: 0000000000000000 R09: 0000000000000000 [ 145.222893][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 145.226278][ T5338] R13: 00007f8ac01e6038 R14: 00007f8ac01e5fa0 R15: 00007ffd59265448 [ 145.229473][ T5338] [ 145.230838][ T5338] Modules linked in: [ 145.232439][ T5338] CR2: 0000000000000000 [ 145.234014][ T5338] ---[ end trace 0000000000000000 ]--- [ 145.236082][ T5338] RIP: 0010:0x0 [ 145.237473][ T5338] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 145.240636][ T5338] RSP: 0018:ffffc9000bbbf958 EFLAGS: 00010287 [ 145.243474][ T5338] RAX: ffffffff81fbd274 RBX: 1ffffd4000118e40 RCX: 0000000000100000 [ 145.247224][ T5338] RDX: ffffc900210d2000 RSI: ffffea00008c7200 RDI: ffff88801210a380 [ 145.250706][ T5338] RBP: ffffc9000bbbfa18 R08: ffffea00008c7207 R09: 1ffffd4000118e40 [ 145.253725][ T5338] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 145.256938][ T5338] R13: ffffea00008c7208 R14: ffffea00008c7200 R15: 1ffffd4000118e41 [ 145.260567][ T5338] FS: 00007f8ac0dea6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 145.264478][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.267223][ T5338] CR2: ffffffffffffffd6 CR3: 0000000042386000 CR4: 0000000000352ef0 [ 145.270586][ T5338] Kernel panic - not syncing: Fatal exception [ 145.273258][ T5338] Kernel Offset: disabled [ 145.275017][ T5338] Rebooting in 86400 seconds..