program: r0 = socket(0x11, 0x2, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x4, 0x6, 0x20b, 0x0, 0x0, {0x2, 0x0, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x20000040) (async) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000640)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@mcast1, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x6e6bb0}}, 0xb8}}, 0x0) r3 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r3, 0x0, 0x29, &(0x7f0000000080)={@multicast2, @loopback, 0x0, 0xa4}, 0x10) (async) r4 = socket$inet_sctp(0x2, 0x1, 0x84) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="f80000003e000701feffffff00000000017c0000040042800c00018006000600800a0000d1000280cb00148008000d"], 0xf8}, 0x1, 0x0, 0x0, 0x4048011}, 0xc000) (async) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, &(0x7f00000027c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}}, {{@in6=@empty, 0x0, 0x2b}, 0x0, @in6=@dev}}, 0xe8) r6 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r6, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x92}}, 0x0) (async) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000000)=0x14) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000940)=@newqdisc={0x78, 0x24, 0xe0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x48, 0x2, {{0x3, 0x0, 0x0, 0x0, 0xfffffffb}, [@TCA_NETEM_SLOT={0x2c, 0xc, {0xfffffffffffffffd}}]}}}]}, 0x78}}, 0x0) (async) r8 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r8, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x5902}) ioctl$TUNSETTXFILTER(r8, 0x400454d1, 0x0) (async) r9 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r9, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="d8000000180081054e81f782db44b904021d005c06007c09e8fe55a10a0015400100142603600e120800060000000401a80016000500014003001100036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) r10 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') ioctl$KVM_SET_USER_MEMORY_REGION(r10, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async) setsockopt$inet6_IPV6_PKTINFO(r10, 0x29, 0x32, &(0x7f0000000140)={@loopback, r7}, 0x14) [ 67.502881][ T4674] Bluetooth: hci0: command tx timeout [ 67.545939][ T5324] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 67.574920][ T5324] netlink: 'syz.0.0': attribute type 21 has an invalid length. [ 67.584544][ T5323] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 67.587874][ T5323] #PF: supervisor instruction fetch in kernel mode [ 67.590547][ T5323] #PF: error_code(0x0010) - not-present page [ 67.593067][ T5323] PGD 0 P4D 0 [ 67.594526][ T5323] Oops: Oops: 0010 [#1] SMP KASAN NOPTI [ 67.596820][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 #0 PREEMPT(full) [ 67.601639][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 67.605814][ T5323] RIP: 0010:0x0 [ 67.607249][ T5323] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 67.610073][ T5323] RSP: 0018:ffffc9000d597998 EFLAGS: 00010293 [ 67.612375][ T5323] RAX: ffffffff81f84ac4 RBX: 1ffffd4000265f28 RCX: ffff88803cf7c880 [ 67.615433][ T5323] RDX: 0000000000000000 RSI: ffffea000132f940 RDI: ffff88804419f700 [ 67.618592][ T5323] RBP: ffffc9000d597a50 R08: ffffea000132f947 R09: 1ffffd4000265f28 [ 67.621797][ T5323] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 67.625024][ T5323] R13: ffffea000132f948 R14: ffffea000132f940 R15: 1ffffd4000265f29 [ 67.628207][ T5323] FS: 00007fea48a4f6c0(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 67.631805][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.634765][ T5323] CR2: ffffffffffffffd6 CR3: 0000000042f32000 CR4: 0000000000352ef0 [ 67.638612][ T5323] Call Trace: [ 67.640337][ T5323] [ 67.641763][ T5323] filemap_read_folio+0x117/0x380 [ 67.644068][ T5323] ? __pfx_filemap_read_folio+0x10/0x10 [ 67.646345][ T5323] ? filemap_add_folio+0x1af/0x270 [ 67.648434][ T5323] do_read_cache_folio+0x350/0x590 [ 67.650943][ T5323] freader_get_folio+0x3c4/0x830 [ 67.653389][ T5323] freader_fetch+0xa3/0x5d0 [ 67.655474][ T5323] __build_id_parse+0x133/0x7d0 [ 67.657940][ T5323] ? __pfx___build_id_parse+0x10/0x10 [ 67.660712][ T5323] ? find_vma+0xe7/0x160 [ 67.662541][ T5323] ? __pfx_find_vma+0x10/0x10 [ 67.664529][ T5323] ? query_matching_vma+0x1b2/0x1d0 [ 67.666739][ T5323] procfs_procmap_ioctl+0x7f0/0xce0 [ 67.668987][ T5323] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 67.671441][ T5323] ? __fget_files+0x2a/0x420 [ 67.673275][ T5323] ? __fget_files+0x2a/0x420 [ 67.675105][ T5323] ? __fget_files+0x3a0/0x420 [ 67.677103][ T5323] ? __fget_files+0x2a/0x420 [ 67.679115][ T5323] ? bpf_lsm_file_ioctl+0x9/0x20 [ 67.681038][ T5323] ? __pfx_procfs_procmap_ioctl+0x10/0x10 [ 67.683448][ T5323] __se_sys_ioctl+0xf9/0x170 [ 67.685238][ T5323] do_syscall_64+0xfa/0x3b0 [ 67.687257][ T5323] ? lockdep_hardirqs_on+0x9c/0x150 [ 67.689605][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.692083][ T5323] ? clear_bhb_loop+0x60/0xb0 [ 67.694220][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 67.696680][ T5323] RIP: 0033:0x7fea47b8e929 [ 67.698588][ T5323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 67.706571][ T5323] RSP: 002b:00007fea48a4f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 67.709817][ T5323] RAX: ffffffffffffffda RBX: 00007fea47db5fa0 RCX: 00007fea47b8e929 [ 67.713039][ T5323] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000c [ 67.716324][ T5323] RBP: 00007fea47c10b39 R08: 0000000000000000 R09: 0000000000000000 [ 67.720003][ T5323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 67.723524][ T5323] R13: 0000000000000000 R14: 00007fea47db5fa0 R15: 00007fff625afbf8 [ 67.726868][ T5323] [ 67.728272][ T5323] Modules linked in: [ 67.729958][ T5323] CR2: 0000000000000000 [ 67.731726][ T5323] ---[ end trace 0000000000000000 ]--- [ 67.733955][ T5323] RIP: 0010:0x0 [ 67.735623][ T5323] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 67.738548][ T5323] RSP: 0018:ffffc9000d597998 EFLAGS: 00010293 [ 67.741205][ T5323] RAX: ffffffff81f84ac4 RBX: 1ffffd4000265f28 RCX: ffff88803cf7c880 [ 67.744572][ T5323] RDX: 0000000000000000 RSI: ffffea000132f940 RDI: ffff88804419f700 [ 67.747903][ T5323] RBP: ffffc9000d597a50 R08: ffffea000132f947 R09: 1ffffd4000265f28 [ 67.751377][ T5323] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000 [ 67.754733][ T5323] R13: ffffea000132f948 R14: ffffea000132f940 R15: 1ffffd4000265f29 [ 67.758574][ T5323] FS: 00007fea48a4f6c0(0000) GS:ffff88808d250000(0000) knlGS:0000000000000000 [ 67.762535][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 67.765242][ T5323] CR2: ffffffffffffffd6 CR3: 0000000042f32000 CR4: 0000000000352ef0 [ 67.768580][ T5323] Kernel panic - not syncing: Fatal exception [ 67.771434][ T5323] Kernel Offset: disabled [ 67.773300][ T5323] Rebooting in 86400 seconds..