program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = fsmount(0xffffffffffffffff, 0x1, 0x2) ioctl$KDSKBSENT(r1, 0x4b49, &(0x7f0000000540)={0x8, "918934c2bf5e5f912fd000d2f41f51beff1d5e282756ed359c52dd68dd07c82cbf755dc747fd0b2b97aea96bbcae0b53e7e3ee3941f8dd808b8caacd3be1776d154d18fb9db0eba740dcdd559b4d45ace4f3c0c86b9f6c0dffe2167e22a12ce61845925d6a179ea1bbfe0e6fbe877993ae7323b22b17ed93f62b68ca4f86bb856d9b7e69ce303b711dabf486a60bae8a70018d7f050b23b5b2ee60b37fea402bedc4e2e70f46138991722fbc3dd9514a84c96186887bb0df67dffd7898b9b95b5ec86ebe0b187c9670bfb81e1e97bfe0a18b63bd8f9f97927933bc120a77dfefde6ca56deddf5acea3fd98c5885fb5206a5f8d0c849caf265f2b715822f2aa7ead11a1660367e555f296fd895401ad6d530abd33ac4c645fbafddee5aa9997553e44f88e50c85bb3e5f5d581476aaae76b396f62f31ce3bc9179b0a59427c996b5e86575913b7fc3adedeb000f0332d70ade69d540e35659f2d30520420d671cf92b6f6f574c35c83478254b9929170fe7550dbfa14dab4219fe3d0d189f21684eadda0d2f6881fe3484d6acdb4778af7e2886bb8918bdafb36c2974e394b96f083daa06d78b13bf10c7b83f97474332dbda5531601a6518e94eb8af37212b84fb95544d10f3b0be7dab0b5c22fc02d0810bed63d14ce569f20a75dda6394a7edebf220fe53f9b9d597707a9cd82e1cf418ba1dad165d8389eea46920b33bac5"}) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000020000000900010073797a300000000040000000030a09020000000000000000020000000900010073797a30000000000900030073797a3200000000140004800800014000000000080002400000000014000000110001"], 0x88}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x58, 0x1, 0x0, 0x1, @inner={{0xa}, @val={0x48, 0x2, 0x0, 0x1, [@NFTA_INNER_TYPE={0x8, 0x2, 0x1, 0x0, 0x84}, @NFTA_INNER_FLAGS={0x8, 0x3, 0x1, 0x0, 0xa}, @NFTA_INNER_HDRSIZE={0x8, 0x4, 0x1, 0x0, 0xf}, @NFTA_INNER_NUM={0x8}, @NFTA_INNER_EXPR={0x24, 0x5, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0xe}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x1}]}}}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb0}}, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000100)={@local, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @dev, @local}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "f4cb985d86dd6266b5efb88a2c87eda081bac8b2f9a49d564054f1c9218f47b3", "cf8743eb4d9e776f94a6a58d36e006ac614f6f7bce9217cbfea31675d4a860cf6003977b1e4dbb16dc31cc76522bf19d", "5043edd2a8cc8c41345f8feb1a7a8e23043b8a465b1ed5bf8bc91307", {"c7193f7edd1efc4742dc481e6f57f901", "948177bcc5dea4029ba4683a6bdcd7a1"}}}}}}}, 0x0) perf_event_open(&(0x7f0000001480)={0x2, 0x80, 0xbb, 0x1, 0x0, 0x0, 0x0, 0xe4b8, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x20000000}, 0x2980, 0x2, 0xe, 0x0, 0x1, 0xd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') pipe(&(0x7f0000000080)={0xffffffffffffffff}) sendmsg$NFNL_MSG_CTHELPER_NEW(r4, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, 0x0, 0x9, 0x401, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFCTH_PRIV_DATA_LEN={0x8, 0x5, 0x1, 0x0, 0x4}]}, 0x1c}, 0x1, 0x0, 0x0, 0x800}, 0x8800) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) [ 74.927745][ T5331] Bluetooth: hci0: command tx timeout [ 75.022213][ T5352] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 75.025566][ T5352] #PF: supervisor instruction fetch in kernel mode [ 75.028383][ T5352] #PF: error_code(0x0010) - not-present page [ 75.030951][ T5352] PGD 0 P4D 0 [ 75.032152][ T5352] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 75.033999][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00150-g8d084337a32f #0 PREEMPT(full) [ 75.038154][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.042248][ T5352] RIP: 0010:0x0 [ 75.043499][ T5352] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.045973][ T5352] RSP: 0018:ffffc9000d487998 EFLAGS: 00010287 [ 75.047973][ T5352] RAX: ffffffff81f8e694 RBX: 1ffffd4000267058 RCX: 0000000000100000 [ 75.050651][ T5352] RDX: ffffc9000dff2000 RSI: ffffea00013382c0 RDI: ffff888042e26000 [ 75.053328][ T5352] RBP: ffffc9000d487a50 R08: ffffea00013382c7 R09: 1ffffd4000267058 [ 75.056282][ T5352] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.059621][ T5352] R13: ffffea00013382c8 R14: ffffea00013382c0 R15: 1ffffd4000267059 [ 75.062389][ T5352] FS: 00007f4b979e66c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 75.065719][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.068160][ T5352] CR2: ffffffffffffffd6 CR3: 0000000043fab000 CR4: 0000000000352ef0 [ 75.071185][ T5352] Call Trace: [ 75.072623][ T5352] [ 75.073925][ T5352] filemap_read_folio+0x114/0x380 [ 75.076215][ T5352] ? __pfx_filemap_read_folio+0x10/0x10 [ 75.078665][ T5352] ? filemap_add_folio+0x1af/0x270 [ 75.081201][ T5352] do_read_cache_folio+0x350/0x590 [ 75.083520][ T5352] freader_get_folio+0x3c4/0x830 [ 75.085657][ T5352] freader_fetch+0xa3/0x5d0 [ 75.087466][ T5352] __build_id_parse+0x133/0x7d0 [ 75.089244][ T5352] ? __pfx___build_id_parse+0x10/0x10 [ 75.091329][ T5352] ? find_vma+0xe7/0x160 [ 75.093069][ T5352] ? __pfx_find_vma+0x10/0x10 [ 75.094877][ T5352] ? query_matching_vma+0x1b2/0x1d0 [ 75.097117][ T5352] procfs_procmap_ioctl+0x7f0/0xce0 [ 75.099382][ T5352] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.101746][ T5352] ? __fget_files+0x2a/0x420 [ 75.103705][ T5352] ? __fget_files+0x2a/0x420 [ 75.105946][ T5352] ? __fget_files+0x3a0/0x420 [ 75.108427][ T5352] ? __fget_files+0x2a/0x420 [ 75.110434][ T5352] ? bpf_lsm_file_ioctl+0x9/0x20 [ 75.112742][ T5352] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 75.115577][ T5352] __se_sys_ioctl+0xf9/0x170 [ 75.118048][ T5352] do_syscall_64+0xfa/0x3b0 [ 75.120551][ T5352] ? lockdep_hardirqs_on+0x9c/0x150 [ 75.122832][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.125374][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 75.127425][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 75.130068][ T5352] RIP: 0033:0x7f4b96b8ebe9 [ 75.132189][ T5352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 75.140000][ T5352] RSP: 002b:00007f4b979e6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 75.143504][ T5352] RAX: ffffffffffffffda RBX: 00007f4b96db5fa0 RCX: 00007f4b96b8ebe9 [ 75.146439][ T5352] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000006 [ 75.149512][ T5352] RBP: 00007f4b96c11e19 R08: 0000000000000000 R09: 0000000000000000 [ 75.152661][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 75.156001][ T5352] R13: 00007f4b96db6038 R14: 00007f4b96db5fa0 R15: 00007ffe8acc9e68 [ 75.159273][ T5352] [ 75.160588][ T5352] Modules linked in: [ 75.162302][ T5352] CR2: 0000000000000000 [ 75.164014][ T5352] ---[ end trace 0000000000000000 ]--- [ 75.166245][ T5352] RIP: 0010:0x0 [ 75.167712][ T5352] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 75.170898][ T5352] RSP: 0018:ffffc9000d487998 EFLAGS: 00010287 [ 75.173380][ T5352] RAX: ffffffff81f8e694 RBX: 1ffffd4000267058 RCX: 0000000000100000 [ 75.176759][ T5352] RDX: ffffc9000dff2000 RSI: ffffea00013382c0 RDI: ffff888042e26000 [ 75.180077][ T5352] RBP: ffffc9000d487a50 R08: ffffea00013382c7 R09: 1ffffd4000267058 [ 75.183411][ T5352] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 75.186763][ T5352] R13: ffffea00013382c8 R14: ffffea00013382c0 R15: 1ffffd4000267059 [ 75.190158][ T5352] FS: 00007f4b979e66c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 75.194153][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.197088][ T5352] CR2: ffffffffffffffd6 CR3: 0000000043fab000 CR4: 0000000000352ef0 [ 75.200742][ T5352] Kernel panic - not syncing: Fatal exception [ 75.203627][ T5352] Kernel Offset: disabled [ 75.205523][ T5352] Rebooting in 86400 seconds..