BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor instruction fetch in kernel mode
#PF: error_code(0x0010) - not-present page
PGD 1ebe56067 P4D 1ebe56067 PUD 0 
Oops: 0010 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 339 Comm: syz-executor Not tainted 5.4.292-syzkaller-00021-gcd8e74fa0fa3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffff8881f6e09cf0 EFLAGS: 00010206
RAX: ffffffff8150a590 RBX: 0000000000000100 RCX: ffff8881f31caf40
RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881e3f5f1c0
RBP: ffff8881f6e09d30 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103edc1398 R11: 1ffff1103edc1398 R12: 00000000ffff9a18
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e3f5f1c0
FS:  00005555845f0500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000001d9ece000 CR4: 00000000003406b0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Call Trace:
 <IRQ>
 call_timer_fn+0x3c/0x380 kernel/time/timer.c:1448
 expire_timers kernel/time/timer.c:1493 [inline]
 __run_timers+0x81d/0xb60 kernel/time/timer.c:1817
 run_timer_softirq+0x6a/0xf0 kernel/time/timer.c:1830
 __do_softirq+0x236/0x660 kernel/softirq.c:292
 invoke_softirq kernel/softirq.c:373 [inline]
 irq_exit+0x197/0x1c0 kernel/softirq.c:413
 exiting_irq arch/x86/include/asm/apic.h:539 [inline]
 smp_apic_timer_interrupt+0x11d/0x490 arch/x86/kernel/apic/apic.c:1161
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:834
 </IRQ>
RIP: 0010:do_dentry_open+0x37d/0x1030 fs/open.c:787
Code: 8d bc 24 70 01 00 00 4d 89 fe 49 c1 ee 03 48 b8 00 00 00 00 00 fc ff df 41 80 3c 06 00 74 08 4c 89 ff e8 c6 a7 fa ff 4d 8b 2f <4d> 85 ed 0f 84 c6 00 00 00 4c 89 e8 48 c1 e8 03 48 b9 00 00 00 00
RSP: 0018:ffff8881d983f860 EFLAGS: 00000246 ORIG_RAX: ffffffffffffff13
RAX: dffffc0000000000 RBX: ffff8881e084b980 RCX: 1ffff1103c109738
RDX: 0000000000000000 RSI: 0000000000004000 RDI: 0000000000004000
RBP: ffff8881d983f948 R08: dffffc0000000000 R09: ffffed103e255b82
R10: ffffed103e255b82 R11: 1ffff1103e255b81 R12: ffff8881deb1c060
R13: ffffffff84c3bb80 R14: 1ffff1103bd6383a R15: ffff8881deb1c1d0
 vfs_open+0x73/0x80 fs/open.c:920
 do_last fs/namei.c:3565 [inline]
 path_openat+0x2a5e/0x35c0 fs/namei.c:3683
 do_filp_open+0x1ae/0x3f0 fs/namei.c:3713
 do_sys_open+0x2bb/0x5d0 fs/open.c:1123
 __do_sys_openat fs/open.c:1150 [inline]
 __se_sys_openat fs/open.c:1144 [inline]
 __x64_sys_openat+0xa2/0xb0 fs/open.c:1144
 do_syscall_64+0xcf/0x170 arch/x86/entry/common.c:290
 entry_SYSCALL_64_after_hwframe+0x5c/0xc1
RIP: 0033:0x7f91ff3c8261
Code: 44 24 18 31 c0 41 83 e2 40 75 3e 89 f0 25 00 00 41 00 3d 00 00 41 00 74 30 89 f2 b8 01 01 00 00 48 89 fe bf 9c ff ff ff 0f 05 <48> 3d 00 f0 ff ff 77 3f 48 8b 54 24 18 64 48 2b 14 25 28 00 00 00
RSP: 002b:00007ffdc789d480 EFLAGS: 00000287 ORIG_RAX: 0000000000000101
RAX: ffffffffffffffda RBX: 00007f91ff44a89d RCX: 00007f91ff3c8261
RDX: 0000000000090800 RSI: 00007ffdc789e630 RDI: 00000000ffffff9c
RBP: 00007ffdc789e61c R08: 00007ffdc7948080 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000287 R12: 00007ffdc789e630
R13: 00007f91ff44a89d R14: 0000000000009b58 R15: 00007ffdc789e670
Modules linked in:
CR2: 0000000000000000
---[ end trace 10c44cae3ec9bf32 ]---
RIP: 0010:0x0
Code: Bad RIP value.
RSP: 0018:ffff8881f6e09cf0 EFLAGS: 00010206
RAX: ffffffff8150a590 RBX: 0000000000000100 RCX: ffff8881f31caf40
RDX: 0000000080000100 RSI: 0000000000000000 RDI: ffff8881e3f5f1c0
RBP: ffff8881f6e09d30 R08: 0000000000000004 R09: 0000000000000003
R10: ffffed103edc1398 R11: 1ffff1103edc1398 R12: 00000000ffff9a18
R13: dffffc0000000000 R14: 0000000000000000 R15: ffff8881e3f5f1c0
FS:  00005555845f0500(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: ffffffffffffffd6 CR3: 00000001d9ece000 CR4: 00000000003406b0
DR0: 0000200000000300 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
----------------
Code disassembly (best guess):
   0:	8d bc 24 70 01 00 00 	lea    0x170(%rsp),%edi
   7:	4d 89 fe             	mov    %r15,%r14
   a:	49 c1 ee 03          	shr    $0x3,%r14
   e:	48 b8 00 00 00 00 00 	movabs $0xdffffc0000000000,%rax
  15:	fc ff df
  18:	41 80 3c 06 00       	cmpb   $0x0,(%r14,%rax,1)
  1d:	74 08                	je     0x27
  1f:	4c 89 ff             	mov    %r15,%rdi
  22:	e8 c6 a7 fa ff       	call   0xfffaa7ed
  27:	4d 8b 2f             	mov    (%r15),%r13
* 2a:	4d 85 ed             	test   %r13,%r13 <-- trapping instruction
  2d:	0f 84 c6 00 00 00    	je     0xf9
  33:	4c 89 e8             	mov    %r13,%rax
  36:	48 c1 e8 03          	shr    $0x3,%rax
  3a:	48                   	rex.W
  3b:	b9 00 00 00 00       	mov    $0x0,%ecx