program:
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1, <r0=>0xffffffffffffffff}, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x7ff, <r1=>0x0}, 0x8)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x21}]}}}]}]}], {0x14}}, 0xd8}}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0)
r4 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e24, @private=0xa010102}}, 0x80000000, 0x6, 0x6, 0x0, 0xe}, &(0x7f00000000c0)=0x98)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="050000000000000071116700020000b8523c0000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000185a000003000000000000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r1}, 0x94)
r5 = openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x501802, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'dummy0\x00', <r6=>0x0})
r7 = syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00')
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x8031, 0xffffffffffffffff, 0x78133000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7f, 0x2)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
bpf$ENABLE_STATS(0x20, &(0x7f0000000640), 0x4)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0xe, &(0x7f00000001c0)=@raw=[@generic={0x7, 0x1, 0xc, 0x101, 0x800}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}], &(0x7f0000000240)='GPL\x00', 0x1000, 0x6a, &(0x7f0000000280)=""/106, 0x41000, 0x25, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000340)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x800, 0x7, 0x1, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r0, r0, r0], &(0x7f0000000500)=[{0x2, 0x2, 0x5, 0xa}, {0x4, 0x7, 0x0, 0x6}, {0x1, 0x2, 0xe, 0x9}, {0x0, 0x2, 0x0, 0xb}, {0x2, 0x3, 0xd, 0xa}, {0x2, 0x2, 0x8, 0x1}, {0x2, 0x1, 0x3}], 0x10, 0x40}, 0x94)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{0x1}, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20) (async)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000000400)={0x7ff}, 0x8) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x801, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x12}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x21}]}}}]}]}], {0x14}}, 0xd8}}, 0x0) (async)
socket$nl_netfilter(0x10, 0x3, 0xc) (async)
sendmsg$NFT_BATCH(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x28, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x9c}}, 0x0) (async)
socket$inet_sctp(0x2, 0x5, 0x84) (async)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000180)={0x0, @in={{0x2, 0x4e24, @private=0xa010102}}, 0x80000000, 0x6, 0x6, 0x0, 0xe}, &(0x7f00000000c0)=0x98) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xa, 0xb, &(0x7f0000000140)=ANY=[@ANYBLOB="050000000000000071116700020000b8523c0000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000000c000000b700000000000000185a000003000000000000000000000095000000000000009500a50500000000"], &(0x7f0000000080)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x10, 0x0, 0x0, r1}, 0x94) (async)
openat$sw_sync_info(0xffffffffffffff9c, &(0x7f0000000040), 0x501802, 0x0) (async)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'dummy0\x00'}) (async)
syz_open_procfs(0x0, &(0x7f00000001c0)='maps\x00') (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0xc0686611, &(0x7f0000000180)={0x67, 0x0, 0x18, 0x2000, &(0x7f0000ffd000/0x2000)=nil}) (async)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x5, 0x8031, 0xffffffffffffffff, 0x78133000) (async)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x1, 0x0, 0x7f, 0x2) (async)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) (async)
bpf$ENABLE_STATS(0x20, &(0x7f0000000640), 0x4) (async)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x11, 0xe, &(0x7f00000001c0)=@raw=[@generic={0x7, 0x1, 0xc, 0x101, 0x800}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}], &(0x7f0000000240)='GPL\x00', 0x1000, 0x6a, &(0x7f0000000280)=""/106, 0x41000, 0x25, '\x00', r6, 0x0, r7, 0x8, &(0x7f0000000340)={0x3, 0x5}, 0x8, 0x10, &(0x7f0000000380)={0x800, 0x7, 0x1, 0x3}, 0x10, 0x0, 0x0, 0x7, &(0x7f00000003c0)=[r0, r0, r0], &(0x7f0000000500)=[{0x2, 0x2, 0x5, 0xa}, {0x4, 0x7, 0x0, 0x6}, {0x1, 0x2, 0xe, 0x9}, {0x0, 0x2, 0x0, 0xb}, {0x2, 0x3, 0xd, 0xa}, {0x2, 0x2, 0x8, 0x1}, {0x2, 0x1, 0x3}], 0x10, 0x40}, 0x94) (async)

[   67.988353][ T5336] Bluetooth: hci0: command tx timeout
[   68.015409][ T5356] BUG: kernel NULL pointer dereference, address: 0000000000000000
[   68.019129][ T5356] #PF: supervisor instruction fetch in kernel mode
[   68.022053][ T5356] #PF: error_code(0x0010) - not-present page
[   68.024464][ T5356] PGD 0 P4D 0 
[   68.025813][ T5356] Oops: Oops: 0010 [#1] SMP KASAN NOPTI
[   68.027972][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted 6.17.0-rc2-syzkaller #0 PREEMPT(full) 
[   68.032951][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   68.037905][ T5356] RIP: 0010:0x0
[   68.039438][ T5356] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   68.048171][ T5356] RSP: 0018:ffffc9000d4f7998 EFLAGS: 00010293
[   68.053061][ T5356] RAX: ffffffff81f8e584 RBX: 1ffffd4000265de0 RCX: ffff888000e94880
[   68.056549][ T5356] RDX: 0000000000000000 RSI: ffffea000132ef00 RDI: ffff88803ffd2000
[   68.060237][ T5356] RBP: ffffc9000d4f7a50 R08: ffffea000132ef07 R09: 1ffffd4000265de0
[   68.064145][ T5356] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   68.067670][ T5356] R13: ffffea000132ef08 R14: ffffea000132ef00 R15: 1ffffd4000265de1
[   68.071655][ T5356] FS:  00007f126786a6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   68.075609][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.078314][ T5356] CR2: ffffffffffffffd6 CR3: 000000004284d000 CR4: 0000000000352ef0
[   68.081860][ T5356] Call Trace:
[   68.083383][ T5356]  <TASK>
[   68.084866][ T5356]  filemap_read_folio+0x117/0x380
[   68.087511][ T5356]  ? __pfx_filemap_read_folio+0x10/0x10
[   68.090142][ T5356]  ? filemap_add_folio+0x1af/0x270
[   68.092445][ T5356]  do_read_cache_folio+0x350/0x590
[   68.094718][ T5356]  freader_get_folio+0x3c4/0x830
[   68.097400][ T5356]  freader_fetch+0xa3/0x5d0
[   68.099520][ T5356]  __build_id_parse+0x133/0x7d0
[   68.101681][ T5356]  ? __pfx___build_id_parse+0x10/0x10
[   68.104065][ T5356]  ? rcu_is_watching+0x15/0xb0
[   68.106199][ T5356]  ? find_vma+0xe7/0x160
[   68.108173][ T5356]  ? __pfx_find_vma+0x10/0x10
[   68.110462][ T5356]  ? query_matching_vma+0x1b2/0x1d0
[   68.112708][ T5356]  procfs_procmap_ioctl+0x7f0/0xce0
[   68.114978][ T5356]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   68.117297][ T5356]  ? __fget_files+0x2a/0x420
[   68.119163][ T5356]  ? __fget_files+0x3a0/0x420
[   68.121204][ T5356]  ? __fget_files+0x2a/0x420
[   68.123161][ T5356]  ? bpf_lsm_file_ioctl+0x9/0x20
[   68.125635][ T5356]  ? __pfx_procfs_procmap_ioctl+0x10/0x10
[   68.128022][ T5356]  __se_sys_ioctl+0xf9/0x170
[   68.130012][ T5356]  do_syscall_64+0xfa/0x3b0
[   68.131935][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.134560][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   68.136581][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   68.139517][ T5356] RIP: 0033:0x7f126698ebe9
[   68.141442][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   68.149484][ T5356] RSP: 002b:00007f126786a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   68.152948][ T5356] RAX: ffffffffffffffda RBX: 00007f1266bb5fa0 RCX: 00007f126698ebe9
[   68.156307][ T5356] RDX: 0000200000000180 RSI: 00000000c0686611 RDI: 0000000000000006
[   68.160722][ T5356] RBP: 00007f1266a11e19 R08: 0000000000000000 R09: 0000000000000000
[   68.164683][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   68.167873][ T5356] R13: 00007f1266bb6038 R14: 00007f1266bb5fa0 R15: 00007ffd67901b08
[   68.171264][ T5356]  </TASK>
[   68.172584][ T5356] Modules linked in:
[   68.174308][ T5356] CR2: 0000000000000000
[   68.176003][ T5356] ---[ end trace 0000000000000000 ]---
[   68.178431][ T5356] RIP: 0010:0x0
[   68.180211][ T5356] Code: Unable to access opcode bytes at 0xffffffffffffffd6.
[   68.183578][ T5356] RSP: 0018:ffffc9000d4f7998 EFLAGS: 00010293
[   68.186516][ T5356] RAX: ffffffff81f8e584 RBX: 1ffffd4000265de0 RCX: ffff888000e94880
[   68.190600][ T5356] RDX: 0000000000000000 RSI: ffffea000132ef00 RDI: ffff88803ffd2000
[   68.193885][ T5356] RBP: ffffc9000d4f7a50 R08: ffffea000132ef07 R09: 1ffffd4000265de0
[   68.197247][ T5356] R10: dffffc0000000000 R11: 0000000000000000 R12: 0000000000000000
[   68.200624][ T5356] R13: ffffea000132ef08 R14: ffffea000132ef00 R15: 1ffffd4000265de1
[   68.203913][ T5356] FS:  00007f126786a6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000
[   68.207711][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   68.210571][ T5356] CR2: ffffffffffffffd6 CR3: 000000004284d000 CR4: 0000000000352ef0
[   68.213942][ T5356] Kernel panic - not syncing: Fatal exception
[   68.216915][ T5356] Kernel Offset: disabled
[   68.218790][ T5356] Rebooting in 86400 seconds..