program:
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f0000000180)=ANY=[], 0xe00f, 0x0)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
setsockopt$sock_int(r0, 0x1, 0x2b, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x8, 0x3, 0x220, 0x0, 0xffffffff, 0xffffffff, 0xd8, 0xffffffff, 0x188, 0xffffffff, 0xffffffff, 0x188, 0xffffffff, 0x3, 0x0, {[{{@ip={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0xffffff00, 'veth0_to_hsr\x00', 'macsec0\x00', {0xff}, {}, 0x6, 0x0, 0x20}, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x12, 0x3, 0x8, 0x2, 'netbios-ns\x00', 'syz1\x00', {0x3}}}}, {{@ip={@initdev={0xac, 0x1e, 0x1, 0x0}, @remote, 0xffffffff, 0xff000000, 'geneve1\x00', 'pimreg1\x00', {}, {}, 0x6, 0x1}, 0x0, 0x70, 0xb0}, @common=@inet=@LOG={0x40, 'LOG\x00', 0x0, {0x9, 0x14, "02faea85e630c91d8aa58f67263587935c17ee73e3e6000789f0ebec8e9e"}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', <r4=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000b00)=@getchain={0x2c, 0x66, 0x100, 0x70bd2b, 0x25dfdbff, {0x0, 0x0, 0x0, r4, {0xfff1, 0xfff1}, {0x0, 0x10}, {0x3, 0x4}}, [{0x8, 0xb, 0xfffffffb}]}, 0x2c}, 0x1, 0x0, 0x0, 0x48884}, 0x4080)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001080)=@newnexthop={0x44, 0x68, 0x1, 0x70bd2a, 0x80000000, {0x0, 0x0, 0x2, 0x0, 0x1c}, [@NHA_GROUP={0x4}, @NHA_RES_GROUP={0xc, 0xc, 0x0, 0x1, [@NHA_RES_GROUP_BUCKETS={0x6}]}, @NHA_GROUP={0x1c, 0x2, [{0x2, 0x6}, {0x0, 0xc}, {0x1, 0x2}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000)
sendmsg$IEEE802154_LLSEC_ADD_KEY(0xffffffffffffffff, &(0x7f0000001040)={&(0x7f0000000f40)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000001000)={&(0x7f0000000fc0)={0x24, 0x0, 0x300, 0x70bd26, 0x25dfdbfc, {}, [@IEEE802154_ATTR_LLSEC_KEY_ID={0x5, 0x2e, 0x7}, @IEEE802154_ATTR_LLSEC_KEY_ID={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0xc044}, 0x84)
r6 = syz_open_dev$tty20(0xc, 0x4, 0x0)
ioctl$TIOCSLCKTRMIOS(r6, 0x5434, 0x0)
sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000f80)=@newqdisc={0x2c, 0x24, 0x200, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r4, {0x3}, {0xffe0, 0xa}, {0x1, 0x10}}, [@TCA_EGRESS_BLOCK={0x8, 0xe, 0x1ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x55}, 0xc001)
r7 = socket$inet6(0xa, 0x2, 0x0)
connect$inet6(r7, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r7, &(0x7f0000000480), 0x2e9, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f00000001c0), &(0x7f0000000940)={0x0, 0xfb, 0x5ed, 0x2, 0x7, "d0daf8c34ecd164c9e01ec8926978ebd", "bcbf52e9f7c005a8114743b7d98f0a8e4bdc702ac1564291c12d992f242090928bd0564ac092ca00daa7c62afbc907b3028d291d5fc640e1b33c09b01067ff0a184fb4d376ce04e03808e6b6f57c1d51e5538d44037df17e939a3f9c26f7dc3712e5d6195640d7859da253fd3620eb6cadd72014b4a04efe01b08afaacba4f3281aa0949b37fb9bc5215e415eacfd7a334145d8c39eb8fcd321b27b8f375d7312ee32997b168bf780da68340cfca3ced28d3fad37ed71b60cabcdc9e349ff9b6d9a59c4f0c5fac9aa565271845ead2fd4c06cf12ba6d3f103d483b20e4eba59419589d264b97e0b44df8cd4291bfae2d3291e19137a5bc97ccc3960ced7288a14758576db5a324effa58b13e6824f80905947eba7b5c15ec5499b55ce9b4fd5b5d210574bdee46235b756189f58587d66550c2d5cb2b0ac169630c578f34cd935716f73f18f714cdd8d35524369ba6fa6a9df479a12a5eb1ce1665274d9b98aa2634d00d4973ec706a394798e77d348416f8d2912c15dbef251d3626f78956139345f24298a775444ec538397c1841eb769eb3ae285a6423057ded5f5ce2cc4f0603563228b8849a3a63e3bfea07907125c485f09e72133a506fad003f2529851802abfb93132ca43549f31d81d6b04b058c2b11344c1ca36d88f033cbd6c7f9dac9a7fdb6f0b7145ed27ab5354b2d1bee88c090de003e969063a330e323be422574c3fbeb56f29b4cef1fc7136134c446fd34605833b1598ab4c9746e922a11964b185012550d7dbb3a68c7fe16755ae942cb94582e3c202f3c591adc23f1b38a6693cdff69fb6517170a8907600fc657a5e40e8cb7f80056fe6ae3e2fd1763babc86eb39a6d36ff911ce3fb65729e386975e91648b04ad9e03696bb97710bf556c429223f615b597ec4732f0fe3c59a1bd625108d8892880587549a17b235a3b2a722a7c2d3a9c2cec34e2dc7a34b2a394485aaf1a36183479ff0ab7c63ea356fbdddc3075f7b0dda36de4212b92d65c38175f9ce2122e55c0449fd8d00832f50ed5df91ed086fb9519eda02a37afc0d3755e0e845bdea2f868a6e2a0c7d5cfe171f72f99e784c3d13a373fb1f11e6151f4841d206b7bc58298d53660d180d6ae24c40bf04cd56beb1cc0f5f418f7617665ed2be51664ac5f75b4cb3a4ab8fb28668162c38e28918fc7fead98b5024456bf8cb73bb00c828ad23f8fb9001571fae1399b2b0a6f259083cd308da071cf7387702484e932809ae6eb8f3b3b387058c0c1c80aaaf6022008d5ef1404e750f18420ebe2db87f19a343d767bd92947098fc7b491da661fcd67dace448758df730a31355dadf08b39213817d74245ae674a191cd9c8ba0527b12e787eb4b549b298d0af10c651dce14ca646d773f251c4f7aaf07112661f38efac0b819bc7ed0a9bdfe39f5110eeca6b1fabdcef280ff63697e996ddff84d13467575bb7da2208408bde40cd9c9bbea13e39924a529e9c11bdc55feabec064c470f2a17581e9a95f3818ddca83bdfafe598e6273a6940be6314c27566c51d40ac9098e1bf9917731747176acf73ecbb2d620e98cd75990867e32265574db7487537592f554754530f6bcd630a31a7237dab6533eb9d680f89895855cb4f6371766cce690d9cc9d020644abccadf9d7c1b6981e3f4d9dba3e54178ba92cf96232d4b377684e93a54a78932411dfc5f67ba5faafcab304a7e1bddb9284ad81981d1c9d9a758abf24406051dd1492aa4bbe6cb5f98aaa1c0debcb00007c1fc091647bb62a9d0e0e27fa08388903aa6b969d79c3cdc73f8a942d43a2c74923dfa20888e75f180961447bd1998cf8613714d1dfd3cb45ed39efe613833dbbdb66d28ce340f2bfa01620021b7be672d00ad4beb1fdf33494d2d7075846f964b618d7e8ae73b602347a0959f4c59805f954ca8afd79d153dbeb136e510e58fb60c86902e28811f7fe395e24939ead922af77459cdb44723dbf2aa094cf6f9abac9e37332dcedf4aa0303c6e247dbbfa09146bebe291179f9c02332e74c9c2d46e2db1c67f5f5d2073945d36f59fd7882bb7dba1b28dc39cda3984ded5939d93477049c3ac23ab119a268c181642b4d5053"}, 0x5ed, 0x0)
r8 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x2)
mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, r8, 0xcc7e8000)
r9 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
clock_gettime(0x4, &(0x7f0000000200)={<r10=>0x0, <r11=>0x0})
utimensat(r9, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000240)={{r10, r11/1000+60000}}, 0x100)
setxattr$trusted_overlay_upper(&(0x7f0000000040)='./file1\x00', &(0x7f0000000180), &(0x7f0000000340)=ANY=[@ANYBLOB="00fbed036890f037dea8f3d2b610e26a8b9ad6fd5aed370cd98e10dafacdc7478a617a9a574c48215c30065858672462301b8166ae2faf7a11bc4349aec27521ae3b8de5c2e65514183e6d5104420e3fdf5919577c68a44d2baaa1c2f47fb85e431599dccd3f54d7cd3978df2b3ec64743081f48fd35e888f189b71a50ecb32253163177847c176ad9ef51da9cce02eb7936a1f8503b11c6e3612c7cda464686d46d366d201b522c3d78c5b4f95b38c2ef60bb8cc80a8c9bc87c36856724276d47fcb9723812f686760b24be36cd8fea5a9719a0c0ecbf586e92d4ef5fd6051f1f4e4907d3abb3bbe6172e7eae6ad0b36a2b530795eef0c6cd895e4a4c0bdf9bf378427500e3cbb80d7d73d7ff9081428448d51c918e4236496ca2f6f15dad4b347d9dbb96291d462fe7624fd9399cdc1ab7f768f80a218ac6661305781eea1cf660882e2c5d2daa0bbf681eaa0007fb88b4233082797eadc8e525cc8cbd3685554a7a21427499eac81c4b05b77eead69a5cfc0e4b7ab6b28db6d8bf8969e1a67fcc2f3ca28c43df5e0808f9451ca68bea805bf6430c059fbc6c605a13e2ac46ffb1235abd6922ff9fad7ec03cf2389221a18cfdbc163827e10f8e27bf0483264273d82e8c00aab7c31eb6a95890f6322836a6c451f24b32f7c078a577d25449fd8d31f7310f45e255c6a80bb2bc4ec32013d27c8c8f5699ae42fcc8ea9e47a06907c9e1638ddc4412f139e1bb6349d88909903e71211b9851ffc87c0fd7ac636954f2c0b112cc51879dc1e68b9873857cd57b8f147d0e202a27c5700a18c8f0bfb9e7bca9952208575fa3f5df02ed1670be38d4cc9110a68adcd58c9a7e75854301451368602272807ef5073618570c83af56610e7a817379d9f645d37fc6753814f6535b939b12e2930f3126aecc12c20033dd6c5207559ca251b6bbba3e54c677661ddd98211edd29be649d22218ba019089fc362b64daa40707240f5507ba8ba7d593c10ee066159efba66854cc72e61bbd66374889c407b3907950bb3494859ae2a41685c2521489a147379becd7f9f85813342d6284381428251f94322305781f397dfbc941273f7f62322613600249491ecef29a5c14976a006e2d090d5437bc95167a891a476bdfe4a9ec206fb82f4b3ad706a3ae35c8d21bc91b793d3c5dd4f3bc738f53858a674dbdacc321b12c17daa995cef92b6a9ef01bf9de08eb23338b8974a1e24feb4d41c1bc0f9cd191dd6a2aa976cde2274e665e3638c89206bec8a2cc1b05bdb28d07e705be02c2f7def5d7c1e6278f699875010cac2724a2f603a99fd121404c1fcb6c2b5c609eaa8e8975b45e90302f64b21d3a877d61a3a4b145d4d7f6af54627f12bcbebd8a4c9c8d4f3c37bbd39187824472bcb945e9e5e62a753e7a448747f243b979dcaa450f1364708189281a3aef720c0be7fa3fa43ea564275d5c1427f758a8c64c3bd543d09d0069fa3a09bb6faa748a3aad953209297a7edc477f3cf31fc14f9c77b08cdbb9d999f521c1b34d19ee8c0932d7925c3f253bf018b6740de0b54d8a7a6426adf9161e73735209012237a353ae5f4240b87dd6ee0cb9865534a9827ea1ff1a45ad3309b1ded7bc3acc87f294ec0d9cee86efc1f09a008007fd969e06104b07f6a994cebd8214c33e946601b9a14eb2685808576c21cec78893d263a81ab1ffbf14b4087efea905b7a2b48f9c84efd1049bacdc568f80a2d6379e02b272c7c49c695d1c658613b19a6b7a004ffcff8245c6f05a60fcc6b3e26f05aeeccc73b0ab06afcef8af5ff303962905e1530c22d895765e54250e641d019ac60d78742bda5a1a4edb646348274c505351f4117914ef7d767f7925a023b476e770566afb7941b33e768fb1c88dbe4455d5375a5493518c3bbe8ed318fae906c675f18aead68991b9741440eb939212e842f2999da499b26735b2f2b44b373597b5ace77e014342c9eb8576c9f4824db6d6a66e8420c0265d412daecc5626ece7aac4273863f53a9df7b96c1c591366c3da63f54eb47a28e84437e95280db5797c2d5c9196bfe16f172c6c0ced38271eb5edb4e4d7933c696485a3bfac773b251612e524a0bbe126ace8dcdf6f11c706694b9219077587462ca28131ba89"], 0x5ed, 0x0)
r12 = syz_open_procfs(0x0, &(0x7f0000000040)='schedstat\x00')
syz_emit_vhci(&(0x7f0000000300)=@HCI_EVENT_PKT={0x4, @hci_ev_clock_offset={{0x1c, 0x5}, {0x0, 0xc9, 0x3}}}, 0x8)
pread64(r12, &(0x7f0000001240)=""/102400, 0x19000, 0x1000000000)

[   68.345216][ T4684] Bluetooth: hci0: command tx timeout
[   68.496952][ T5337] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   68.500651][ T5337] #PF: supervisor instruction fetch in kernel mode
[   68.503826][ T5337] #PF: error_code(0x0010) - not-present page
[   68.506595][ T5337] PGD 0 P4D 0 
[   68.508318][ T5337] Oops: Oops: 0010 [#1] SMP KASAN NOPTI
[   68.511112][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00123-g4c06e63b9203 #0 PREEMPT(full) 
[   68.517904][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.523373][ T5337] RIP: 0010:0x0
[   68.524860][ T5337] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   68.528065][ T5337] RSP: 0018:ffffc9000d57f998 EFLAGS: 00010283
[   68.530900][ T5337] RAX: ffffffff81f85ac4 RBX: 1ffffd40002684e0 RCX: 0000000000100000
[   68.534426][ T5337] RDX: ffffc9000ecc3000 RSI: ffffea0001342700 RDI: ffff888000adc700
[   68.537842][ T5337] RBP: ffffc9000d57fa50 R08: ffffea0001342707 R09: 1ffffd40002684e0
[   68.541562][ T5337] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   68.544941][ T5337] R13: ffffea0001342708 R14: ffffea0001342700 R15: 1ffffd40002684e1
[   68.548319][ T5337] FS:  00007f2e95ddf6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   68.552190][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.555624][ T5337] CR2: ffffffffffffffd6 CR3: 0000000043454000 CR4: 0000000000352ef0
[   68.559609][ T5337] Call Trace:
[   68.561362][ T5337]  <TASK>
[   68.562820][ T5337]  filemap_read_folio+0x117/0x380
[   68.565050][ T5337]  ? __pfx_filemap_read_folio+0x10/0x10
[   68.567362][ T5337]  ? filemap_add_folio+0x1af/0x270
[   68.569506][ T5337]  do_read_cache_folio+0x350/0x590
[   68.571679][ T5337]  freader_get_folio+0x3c4/0x830
[   68.573811][ T5337]  freader_fetch+0xa3/0x5d0
[   68.575824][ T5337]  __build_id_parse+0x133/0x7d0
[   68.577815][ T5337]  ? __pfx___build_id_parse+0x10/0x10
[   68.580619][ T5337]  ? find_vma+0xe7/0x160
[   68.583668][ T5337]  ? __pfx_find_vma+0x10/0x10
[   68.586484][ T5337]  ? query_matching_vma+0x1b2/0x1d0
[   68.588716][ T5337]  procfs_procmap_ioctl+0x7f0/0xce0
[   68.590993][ T5337]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   68.593514][ T5337]  ? __fget_files+0x2a/0x420
[   68.595773][ T5337]  ? __fget_files+0x2a/0x420
[   68.597870][ T5337]  ? __fget_files+0x3a0/0x420
[   68.600210][ T5337]  ? __fget_files+0x2a/0x420
[   68.603089][ T5337]  ? bpf_lsm_file_ioctl+0x9/0x20
[   68.606411][ T5337]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   68.609443][ T5337]  __se_sys_ioctl+0xf9/0x170
[   68.611578][ T5337]  do_syscall_64+0xfa/0x3b0
[   68.613607][ T5337]  ? lockdep_hardirqs_on+0x9c/0x150
[   68.616019][ T5337]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.618444][ T5337]  ? clear_bhb_loop+0x60/0xb0
[   68.620354][ T5337]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.622747][ T5337] RIP: 0033:0x7f2e94f8e929
[   68.624631][ T5337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.633468][ T5337] RSP: 002b:00007f2e95ddf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.637135][ T5337] RAX: ffffffffffffffda RBX: 00007f2e951b6080 RCX: 00007f2e94f8e929
[   68.640631][ T5337] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 000000000000000c
[   68.644196][ T5337] RBP: 00007f2e95010b39 R08: 0000000000000000 R09: 0000000000000000
[   68.648690][ T5337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.653656][ T5337] R13: 0000000000000000 R14: 00007f2e951b6080 R15: 00007ffc396cafa8
[   68.657309][ T5337]  </TASK>
[   68.658639][ T5337] Modules linked in:
[   68.660541][ T5337] CR2: 0000000000000000
[   68.662385][ T5337] ---[ end trace 0000000000000000 ]---
[   68.664504][ T5337] RIP: 0010:0x0
[   68.665964][ T5337] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   68.669288][ T5337] RSP: 0018:ffffc9000d57f998 EFLAGS: 00010283
[   68.672785][ T5337] RAX: ffffffff81f85ac4 RBX: 1ffffd40002684e0 RCX: 0000000000100000
[   68.677931][ T5337] RDX: ffffc9000ecc3000 RSI: ffffea0001342700 RDI: ffff888000adc700
[   68.681415][ T5337] RBP: ffffc9000d57fa50 R08: ffffea0001342707 R09: 1ffffd40002684e0
[   68.684656][ T5337] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   68.688008][ T5337] R13: ffffea0001342708 R14: ffffea0001342700 R15: 1ffffd40002684e1
[   68.691060][ T5337] FS:  00007f2e95ddf6c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   68.695167][ T5337] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.698528][ T5337] CR2: ffffffffffffffd6 CR3: 0000000043454000 CR4: 0000000000352ef0
[   68.702809][ T5337] Kernel panic - not syncing: Fatal exception
[   68.705765][ T5337] Kernel Offset: disabled
[   68.707667][ T5337] Rebooting in 86400 seconds..