overlayfs: failed to verify origin (1438/file0, ino=16558, err=-12)
kobject: 'loop3' (000000006da7c677): fill_kobj_path: path = '/devices/virtual/block/loop3'
kobject: 'hwsim788' (000000007da219e4): kobject_add_internal: parent: 'mac80211_hwsim', set: 'devices'
------------[ cut here ]------------
kobject: 'loop3' (000000006da7c677): kobject_uevent_env
kernel BUG at arch/x86/mm/physaddr.c:22!
kobject: 'loop3' (000000006da7c677): fill_kobj_path: path = '/devices/virtual/block/loop3'
invalid opcode: 0000 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 15059 Comm: syz-executor4 Not tainted 4.19.0-rc7-next-20181015+ #94
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
kobject: 'hwsim788' (000000007da219e4): kobject_uevent_env
RIP: 0010:__phys_addr+0xff/0x120 arch/x86/mm/physaddr.c:22
Code: 3c 02 00 75 31 4c 8b 25 bf 52 ee 07 48 89 de bf ff ff ff 1f e8 12 57 45 00 49 01 dc 48 81 fb ff ff ff 1f 76 a7 e8 d1 55 45 00 <0f> 0b e8 8a 0c 8a 00 e9 7a ff ff ff e8 e0 0c 8a 00 eb c8 0f 1f 40
kobject: 'hwsim788' (000000007da219e4): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim788'
RSP: 0018:ffff8801747d7820 EFLAGS: 00010046
RAX: 0000000000040000 RBX: 000000007ffffff4 RCX: ffffc9000a0d3000
RDX: 0000000000040000 RSI: ffffffff8138cd6f RDI: 0000000000000007
RBP: ffff8801747d7838 R08: ffff88017ebc2300 R09: ffffed003b5e5b4f
R10: ffffed003b5e5b4f R11: ffff8801daf2da7b R12: 000000007ffffff4
kobject: 'hwsim788' (000000007da219e4): kobject_uevent_env
R13: 0000000000000001 R14: ffffffff882fcf80 R15: 00000000000040ae
FS:  00007f7fae547700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3437204000 CR3: 00000001554f3000 CR4: 00000000001406e0
Call Trace:
kobject: 'hwsim788' (000000007da219e4): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim788'
 virt_to_head_page include/linux/mm.h:658 [inline]
 virt_to_cache mm/slab.c:399 [inline]
 kfree+0x7b/0x230 mm/slab.c:3813
 ovl_verify_set_fh+0xba/0x180 fs/overlayfs/namei.c:435
kobject: 'ieee80211' (000000001524560f): kobject_add_internal: parent: 'hwsim788', set: '(null)'
 ovl_verify_origin fs/overlayfs/overlayfs.h:316 [inline]
 ovl_get_indexdir fs/overlayfs/super.c:1140 [inline]
 ovl_fill_super+0x3039/0x3f33 fs/overlayfs/super.c:1443
kobject: 'phy787' (00000000b8bd893a): kobject_add_internal: parent: 'ieee80211', set: 'devices'
kobject: 'phy787' (00000000b8bd893a): kobject_uevent_env
 mount_nodev+0x73/0x120 fs/super.c:1402
kobject: 'phy787' (00000000b8bd893a): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim788/ieee80211/phy787'
 ovl_mount+0x34/0x40 fs/overlayfs/super.c:1521
 legacy_get_tree+0x131/0x460 fs/fs_context.c:718
kobject: 'rfkill789' (000000009b3f5e18): kobject_add_internal: parent: 'phy787', set: 'devices'
 vfs_get_tree+0x1cb/0x5c0 fs/super.c:1795
 do_new_mount fs/namespace.c:2648 [inline]
 do_mount+0x70c/0x1d90 fs/namespace.c:2974
kobject: 'rfkill789' (000000009b3f5e18): kobject_uevent_env
kobject: 'rfkill789' (000000009b3f5e18): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim788/ieee80211/phy787/rfkill789'
ieee80211 phy787: Selected rate control algorithm 'minstrel_ht'
 ksys_mount+0x12d/0x140 fs/namespace.c:3190
kobject: 'net' (00000000dc8095f3): kobject_add_internal: parent: 'hwsim788', set: '(null)'
 __do_sys_mount fs/namespace.c:3204 [inline]
 __se_sys_mount fs/namespace.c:3201 [inline]
 __x64_sys_mount+0xbe/0x150 fs/namespace.c:3201
 do_syscall_64+0x1b9/0x820 arch/x86/entry/common.c:290
kobject: 'wlan773' (000000002f8eb51e): kobject_add_internal: parent: 'net', set: 'devices'
kobject: 'wlan773' (000000002f8eb51e): kobject_uevent_env
kobject: 'wlan773' (000000002f8eb51e): fill_kobj_path: path = '/devices/virtual/mac80211_hwsim/hwsim788/net/wlan773'
 entry_SYSCALL_64_after_hwframe+0x49/0xbe
RIP: 0033:0x457569
Code: fd b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 cb b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
kobject: 'queues' (0000000095d05acf): kobject_add_internal: parent: 'wlan773', set: '<NULL>'
RSP: 002b:00007f7fae546c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f7fae546c90 RCX: 0000000000457569
RDX: 00000000200000c0 RSI: 0000000020000000 RDI: 0000000000400000
RBP: 000000000072bfa0 R08: 0000000020000100 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7fae5476d4
kobject: 'queues' (0000000095d05acf): kobject_uevent_env
R13: 00000000004c2916 R14: 00000000004d3d68 R15: 0000000000000005
Modules linked in:
---[ end trace 00f9972e377b3ab3 ]---
kobject: 'queues' (0000000095d05acf): kobject_uevent_env: filter function caused the event to drop!
RIP: 0010:__phys_addr+0xff/0x120 arch/x86/mm/physaddr.c:22
Code: 3c 02 00 75 31 4c 8b 25 bf 52 ee 07 48 89 de bf ff ff ff 1f e8 12 57 45 00 49 01 dc 48 81 fb ff ff ff 1f 76 a7 e8 d1 55 45 00 <0f> 0b e8 8a 0c 8a 00 e9 7a ff ff ff e8 e0 0c 8a 00 eb c8 0f 1f 40
RSP: 0018:ffff8801747d7820 EFLAGS: 00010046
kobject: 'rx-0' (00000000bce27797): kobject_add_internal: parent: 'queues', set: 'queues'
RAX: 0000000000040000 RBX: 000000007ffffff4 RCX: ffffc9000a0d3000
RDX: 0000000000040000 RSI: ffffffff8138cd6f RDI: 0000000000000007
RBP: ffff8801747d7838 R08: ffff88017ebc2300 R09: ffffed003b5e5b4f
R10: ffffed003b5e5b4f R11: ffff8801daf2da7b R12: 000000007ffffff4
R13: 0000000000000001 R14: ffffffff882fcf80 R15: 00000000000040ae
FS:  00007f7fae547700(0000) GS:ffff8801daf00000(0000) knlGS:0000000000000000
kobject: 'rx-0' (00000000bce27797): kobject_uevent_env
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f3437204000 CR3: 00000001554f3000 CR4: 00000000001406e0