program: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_GET_NR_MMU_PAGES(r1, 0xae45, 0x5) ioctl$EVIOCGPROP(r0, 0x40047438, &(0x7f0000000180)=""/246) syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x2000001, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES8, @ANYRES16, @ANYRESOCT=r0], 0x0, 0xad, &(0x7f0000000140)="$eJzszr9JxVAYBfDz3sNomixg4QbZwVEkpXapIkImcgJ3cIRsYGFr80mMClaCIMrj94PLPffPB+fx5f48XVJzUlXVJGmz5rbG6fb66macHg7ZnOTDaTgK+/d1luSie8v1dLm+NJ9/lue7YdllWPftpv6sLwAA8HP79F/Ou/T9t0NzksMvlgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4R14DAAD//yhJGpw=") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) chdir(&(0x7f00000000c0)='./bus\x00') openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) [ 81.757482][ T5096] Bluetooth: hci0: command tx timeout [ 82.897387][ T5111] loop0: detected capacity change from 0 to 64 [ 82.944716][ T5111] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 82.970518][ T5111] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 82.973500][ T5111] #PF: supervisor instruction fetch in kernel mode [ 82.976764][ T5111] #PF: error_code(0x0010) - not-present page [ 82.980346][ T5111] PGD 3918e067 P4D 3918e067 PUD 3d907067 PMD 0 [ 82.982741][ T5111] Oops: Oops: 0010 [#1] PREEMPT SMP KASAN NOPTI [ 82.984842][ T5111] CPU: 0 UID: 0 PID: 5111 Comm: syz.0.0 Not tainted 6.12.0-rc2-syzkaller-00307-g36c254515dc6 #0 [ 82.988238][ T5111] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 82.992635][ T5111] RIP: 0010:0x0 [ 82.994185][ T5111] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 82.997821][ T5111] RSP: 0018:ffffc90002faf1b8 EFLAGS: 00010246 [ 82.999896][ T5111] RAX: 1ffffffff1832078 RBX: ffffffff8c1903c0 RCX: 0000000000040000 [ 83.002881][ T5111] RDX: 0000000000000000 RSI: ffff888012c682f0 RDI: ffff88803ef40018 [ 83.006049][ T5111] RBP: ffffc90002faf2d0 R08: ffffffff82142663 R09: 1ffffffff34881fa [ 83.009632][ T5111] R10: dffffc0000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 83.013537][ T5111] R13: ffff888012c682f0 R14: 1ffff1100258d05e R15: 1ffff920005f5e3c [ 83.016703][ T5111] FS: 00007f638b8ff6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 83.020083][ T5111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.023074][ T5111] CR2: ffffffffffffffd6 CR3: 000000003fba8000 CR4: 0000000000352ef0 [ 83.027558][ T5111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.031196][ T5111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.034259][ T5111] Call Trace: [ 83.035594][ T5111] [ 83.036865][ T5111] ? __die_body+0x5f/0xb0 [ 83.038705][ T5111] ? page_fault_oops+0x8e4/0xcc0 [ 83.040596][ T5111] ? __pfx_page_fault_oops+0x10/0x10 [ 83.042284][ T5111] ? do_raw_spin_unlock+0x58/0x8b0 [ 83.044111][ T5111] ? d_alloc_parallel+0x14a8/0x1600 [ 83.046070][ T5111] ? rcu_is_watching+0x15/0xb0 [ 83.048025][ T5111] ? is_errata93+0xbe/0x260 [ 83.049922][ T5111] ? exc_page_fault+0x5ed/0x8c0 [ 83.051774][ T5111] ? asm_exc_page_fault+0x26/0x30 [ 83.053678][ T5111] ? __lookup_slow+0x153/0x3f0 [ 83.055659][ T5111] __lookup_slow+0x28c/0x3f0 [ 83.057399][ T5111] ? __pfx___lookup_slow+0x10/0x10 [ 83.059228][ T5111] ? __d_lookup+0x64/0x7b0 [ 83.060876][ T5111] lookup_one_unlocked+0x1a4/0x290 [ 83.062807][ T5111] ? __pfx_lookup_one_unlocked+0x10/0x10 [ 83.065625][ T5111] ? __kasan_kmalloc+0x98/0xb0 [ 83.067850][ T5111] ? path_openat+0x11a7/0x3590 [ 83.069944][ T5111] ? do_filp_open+0x235/0x490 [ 83.071604][ T5111] ? __x64_sys_openat+0x247/0x2a0 [ 83.073391][ T5111] ovl_lookup_single+0x200/0xbd0 [ 83.075443][ T5111] ? __pfx_ovl_lookup_single+0x10/0x10 [ 83.077550][ T5111] ovl_lookup_layer+0x417/0x510 [ 83.079207][ T5111] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 83.080930][ T5111] ? ovl_lookup+0x8b2/0x2a60 [ 83.082912][ T5111] ? ovl_lookup+0x8b2/0x2a60 [ 83.085283][ T5111] ? ovl_lookup+0x8b2/0x2a60 [ 83.087354][ T5111] ? __kmalloc_noprof+0x21a/0x400 [ 83.089351][ T5111] ovl_lookup+0xcf7/0x2a60 [ 83.091147][ T5111] ? __pfx_ovl_lookup+0x10/0x10 [ 83.093111][ T5111] ? __pfx_ovl_permission+0x10/0x10 [ 83.095015][ T5111] ? __pfx_tomoyo_path_mknod+0x10/0x10 [ 83.097070][ T5111] ? from_kgid+0x1a7/0x730 [ 83.098907][ T5111] ? make_vfsgid+0x51/0xa0 [ 83.101002][ T5111] ? HAS_UNMAPPED_ID+0xf9/0x150 [ 83.103212][ T5111] ? inode_permission+0xff/0x460 [ 83.105279][ T5111] ? __pfx_ovl_permission+0x10/0x10 [ 83.107063][ T5111] ? bpf_lsm_inode_create+0x9/0x10 [ 83.108823][ T5111] ? security_inode_create+0xbe/0x340 [ 83.110953][ T5111] ? __pfx_ovl_lookup+0x10/0x10 [ 83.112839][ T5111] path_openat+0x11a7/0x3590 [ 83.114624][ T5111] ? __pfx_path_openat+0x10/0x10 [ 83.116692][ T5111] do_filp_open+0x235/0x490 [ 83.118726][ T5111] ? __pfx_do_filp_open+0x10/0x10 [ 83.120633][ T5111] ? _raw_spin_unlock+0x28/0x50 [ 83.122443][ T5111] ? alloc_fd+0x5a1/0x640 [ 83.124310][ T5111] do_sys_openat2+0x13e/0x1d0 [ 83.126015][ T5111] ? __might_fault+0xaa/0x120 [ 83.127804][ T5111] ? __pfx_do_sys_openat2+0x10/0x10 [ 83.129647][ T5111] ? rcu_is_watching+0x15/0xb0 [ 83.131273][ T5111] ? __rseq_handle_notify_resume+0x353/0x14e0 [ 83.133359][ T5111] __x64_sys_openat+0x247/0x2a0 [ 83.135326][ T5111] ? __pfx___x64_sys_openat+0x10/0x10 [ 83.137673][ T5111] ? do_syscall_64+0x100/0x230 [ 83.140000][ T5111] ? do_syscall_64+0xb6/0x230 [ 83.142419][ T5111] do_syscall_64+0xf3/0x230 [ 83.144399][ T5111] ? clear_bhb_loop+0x35/0x90 [ 83.146305][ T5111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 83.148442][ T5111] RIP: 0033:0x7f638ab7dff9 [ 83.150068][ T5111] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 83.158449][ T5111] RSP: 002b:00007f638b8ff038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 83.162041][ T5111] RAX: ffffffffffffffda RBX: 00007f638ad35f80 RCX: 00007f638ab7dff9 [ 83.165262][ T5111] RDX: 000000000000275a RSI: 0000000020000080 RDI: ffffffffffffff9c [ 83.168334][ T5111] RBP: 00007f638abf0296 R08: 0000000000000000 R09: 0000000000000000 [ 83.171912][ T5111] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 83.175963][ T5111] R13: 0000000000000000 R14: 00007f638ad35f80 R15: 00007ffff6c30988 [ 83.178909][ T5111] [ 83.180087][ T5111] Modules linked in: [ 83.181497][ T5111] CR2: 0000000000000000 [ 83.183203][ T5111] ---[ end trace 0000000000000000 ]--- [ 83.185503][ T5111] RIP: 0010:0x0 [ 83.187066][ T5111] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 83.190643][ T5111] RSP: 0018:ffffc90002faf1b8 EFLAGS: 00010246 [ 83.193127][ T5111] RAX: 1ffffffff1832078 RBX: ffffffff8c1903c0 RCX: 0000000000040000 [ 83.196037][ T5111] RDX: 0000000000000000 RSI: ffff888012c682f0 RDI: ffff88803ef40018 [ 83.199080][ T5111] RBP: ffffc90002faf2d0 R08: ffffffff82142663 R09: 1ffffffff34881fa [ 83.202168][ T5111] R10: dffffc0000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 83.204933][ T5111] R13: ffff888012c682f0 R14: 1ffff1100258d05e R15: 1ffff920005f5e3c [ 83.207610][ T5111] FS: 00007f638b8ff6c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000 [ 83.210630][ T5111] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 83.213172][ T5111] CR2: ffffffffffffffd6 CR3: 000000003fba8000 CR4: 0000000000352ef0 [ 83.216419][ T5111] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 83.220303][ T5111] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 83.224249][ T5111] Kernel panic - not syncing: Fatal exception [ 83.227235][ T5111] Kernel Offset: disabled [ 83.228915][ T5111] Rebooting in 86400 seconds..