program: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'veth1_to_batadv\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=@gettfilter={0x24, 0x2e, 0x301, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0x7}, {}, {0x0, 0x11}}}, 0x24}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x3, 0x6, &(0x7f0000000140)=ANY=[@ANYBLOB="05000000000000006b113e00000000008510000002000000850000000500000095003300000000009500a50500000000b70f5f4634359954208bc6b0df5e6c93cbb2a40e681b8c2033a924bff78ffab6b0c18969adac6c87be94b97794be7b8e6f500744b296c7d51b20dceb216d8e4f8f50275d7a584e9ba42f4a0e7eb91997a45c380e4b2639a9f5b093f25b1b47365e375e1002d2a797cb2ccca9d5096a4a27994cf6ead52a61e0a70b2cd2e39eba33dfcf5f1a3de0d8741ad2525c226dff0c8097a2e4bc80b9104da21acc087b7eac23dbd44e077499e5f2106ce44939ee307df02a93bf8460254226f7a8b41b95a98a60"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xb8000000}, 0x70) r3 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0xaa) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x13, r3, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) openat$vimc1(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) [ 128.585902][ T5326] Bluetooth: hci0: command tx timeout [ 128.712626][ T5345] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 128.716085][ T5345] #PF: supervisor instruction fetch in kernel mode [ 128.718957][ T5345] #PF: error_code(0x0010) - not-present page [ 128.721640][ T5345] PGD 0 P4D 0 [ 128.723224][ T5345] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 128.725666][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 128.729573][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 128.734206][ T5345] RIP: 0010:0x0 [ 128.735817][ T5345] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 128.739312][ T5345] RSP: 0018:ffffc900084ef958 EFLAGS: 00010287 [ 128.741957][ T5345] RAX: ffffffff81fbd274 RBX: 1ffffd40002a6390 RCX: 0000000000100000 [ 128.745373][ T5345] RDX: ffffc90021342000 RSI: ffffea0001531c80 RDI: ffff888000be8a80 [ 128.748814][ T5345] RBP: ffffc900084efa18 R08: ffffea0001531c87 R09: 1ffffd40002a6390 [ 128.752261][ T5345] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 128.755735][ T5345] R13: ffffea0001531c88 R14: ffffea0001531c80 R15: 1ffffd40002a6391 [ 128.759244][ T5345] FS: 00007f1a5364c6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 128.763298][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.766419][ T5345] CR2: ffffffffffffffd6 CR3: 0000000012680000 CR4: 0000000000352ef0 [ 128.769967][ T5345] Call Trace: [ 128.771555][ T5345] [ 128.772992][ T5345] filemap_read_folio+0x117/0x380 [ 128.775512][ T5345] ? __pfx_filemap_read_folio+0x10/0x10 [ 128.778150][ T5345] do_read_cache_folio+0x358/0x590 [ 128.780432][ T5345] freader_get_folio+0x3c7/0x830 [ 128.782795][ T5345] freader_fetch+0xa3/0x750 [ 128.784917][ T5345] __build_id_parse+0x133/0x7d0 [ 128.787158][ T5345] ? __pfx___build_id_parse+0x10/0x10 [ 128.789562][ T5345] procfs_procmap_ioctl+0x76f/0xce0 [ 128.791872][ T5345] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 128.794484][ T5345] ? __fget_files+0x2a/0x420 [ 128.796503][ T5345] ? __fget_files+0x2a/0x420 [ 128.798525][ T5345] ? __fget_files+0x3a0/0x420 [ 128.800630][ T5345] ? __fget_files+0x2a/0x420 [ 128.802762][ T5345] ? bpf_lsm_file_ioctl+0x9/0x20 [ 128.805020][ T5345] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 128.807532][ T5345] __se_sys_ioctl+0xfc/0x170 [ 128.809787][ T5345] do_syscall_64+0xec/0xf80 [ 128.811921][ T5345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.814687][ T5345] ? trace_irq_disable+0x37/0x100 [ 128.816968][ T5345] ? clear_bhb_loop+0x60/0xb0 [ 128.819317][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.822249][ T5345] RIP: 0033:0x7f1a5278f7c9 [ 128.824709][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 128.833551][ T5345] RSP: 002b:00007f1a5364c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 128.837261][ T5345] RAX: ffffffffffffffda RBX: 00007f1a529e5fa0 RCX: 00007f1a5278f7c9 [ 128.840874][ T5345] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000007 [ 128.844451][ T5345] RBP: 00007f1a52813f91 R08: 0000000000000000 R09: 0000000000000000 [ 128.848278][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 128.851968][ T5345] R13: 00007f1a529e6038 R14: 00007f1a529e5fa0 R15: 00007ffcee03a7e8 [ 128.855819][ T5345] [ 128.857217][ T5345] Modules linked in: [ 128.858979][ T5345] CR2: 0000000000000000 [ 128.860827][ T5345] ---[ end trace 0000000000000000 ]--- [ 128.862679][ T5345] RIP: 0010:0x0 [ 128.864232][ T5345] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 128.866953][ T5345] RSP: 0018:ffffc900084ef958 EFLAGS: 00010287 [ 128.869506][ T5345] RAX: ffffffff81fbd274 RBX: 1ffffd40002a6390 RCX: 0000000000100000 [ 128.873049][ T5345] RDX: ffffc90021342000 RSI: ffffea0001531c80 RDI: ffff888000be8a80 [ 128.876672][ T5345] RBP: ffffc900084efa18 R08: ffffea0001531c87 R09: 1ffffd40002a6390 [ 128.880281][ T5345] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 128.883800][ T5345] R13: ffffea0001531c88 R14: ffffea0001531c80 R15: 1ffffd40002a6391 [ 128.887187][ T5345] FS: 00007f1a5364c6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 128.891452][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 128.894556][ T5345] CR2: ffffffffffffffd6 CR3: 0000000012680000 CR4: 0000000000352ef0 [ 128.898185][ T5345] Kernel panic - not syncing: Fatal exception [ 128.901272][ T5345] Kernel Offset: disabled [ 128.903224][ T5345] Rebooting in 86400 seconds..