Extracting prog: 41.538589935s
Minimizing prog: 40m56.40928469s
Simplifying prog options: 0s
Extracting C: 45.501157305s
Simplifying C: 8m20.450437035s


extracting reproducer from 37 programs
first checking the prog from the crash report
single: executing 1 programs separately with timeout 30s
testing program (duration=30s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE-write$cgroup_int-connect$unix-recvmmsg-ioctl$sock_SIOCGIFINDEX_80211-writev
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0)
write$cgroup_int(r7, &(0x7f0000000000), 0x12)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000002c0), 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'})
writev(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x4}, {&(0x7f0000000540)='\"', 0x1}], 0x2)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
single: successfully extracted reproducer
found reproducer with 23 syscalls
minimizing guilty program
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE-write$cgroup_int-connect$unix-recvmmsg-ioctl$sock_SIOCGIFINDEX_80211
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0)
write$cgroup_int(r7, &(0x7f0000000000), 0x12)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000002c0), 0x0, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000080)={'wlan0\x00'})

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE-write$cgroup_int-connect$unix-recvmmsg
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0)
write$cgroup_int(r7, &(0x7f0000000000), 0x12)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
recvmmsg(r7, &(0x7f00000002c0), 0x0, 0x2, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE-write$cgroup_int-connect$unix
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff})
r7 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r7, 0xf503, 0x0)
write$cgroup_int(r7, &(0x7f0000000000), 0x12)
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE-write$cgroup_int
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r6, 0xf503, 0x0)
write$cgroup_int(r6, &(0x7f0000000000), 0x12)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat-ioctl$F2FS_IOC_START_VOLATILE_WRITE
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_VOLATILE_WRITE(r6, 0xf503, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-socketpair$unix
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-getsockopt$nfc_llcp-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
getsockopt$nfc_llcp(r0, 0x118, 0x0, &(0x7f0000000480)=""/130, 0x82)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)={0x20, r2, 0x1, 0x70bd2c, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}]}, 0x20}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-socket$nl_generic-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-sendmsg$NL80211_CMD_REGISTER_FRAME-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
r4 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000040)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000003a00000008000300", @ANYRES32=r3, @ANYBLOB="03000000"], 0x20}}, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-socket$nl_generic-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-ioctl$sock_SIOCGIFINDEX_80211-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00'})
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-syz_genetlink_get_family_id$nl80211-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-socket$nl_generic-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat$dir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-close-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
close(r0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-fchdir-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
fchdir(r0)
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-open_tree-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): mount$overlay-chdir-openat
detailed listing:
executing program 0:
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, 0x0, &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, 0x0)
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(0x0)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)

program did not crash
testing program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
detailed listing:
executing program 0:
syz_mount_image$bfs(&(0x7f0000000080), &(0x7f0000000100)='./file0\x00', 0x1000004, &(0x7f0000000200)=ANY=[], 0x0, 0xaf, &(0x7f00000003c0)="$eJzs17FJBFEQBuB/d3VXDWzAwFosRQQTzYwUwYpswgIswT40GXnrIsddeBx3B98XDMz/XjAw0Xz+vF/lMslbUlU1JjlPpiT19PzycPvY6pDmLP/ae3cSjl3fFrns9npYwptWxmnp5vSr+66q17s5Od3TsAAAwFb6fFys9t3Gj7+r7349GnY+GgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBB+A0AAP//MrQUNA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000000)='./file0\x00')
openat(0xffffffffffffff9c, 0x0, 0x183341, 0x0)

program did not crash
extracting C reproducer
testing compiled C program (duration=52.470442014s, {Threaded:true Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
simplifying C reproducer
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:true RepeatTimes:0 Procs:5 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:true Cgroups:true BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox:none SandboxArg:0 Leak:false NetInjection:true NetDevices:true NetReset:false Cgroups:false BinfmtMisc:true CloseFDs:true KCSAN:false DevlinkPCI:false NicVF:false USB:true VhciInjection:true Wifi:true IEEE802154:true Sysctl:true Swap:true UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:true Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:true HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:true Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:true Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
testing compiled C program (duration=52.470442014s, {Threaded:false Repeat:false RepeatTimes:0 Procs:1 Slowdown:1 Sandbox: SandboxArg:0 Leak:false NetInjection:false NetDevices:false NetReset:false Cgroups:false BinfmtMisc:false CloseFDs:false KCSAN:false DevlinkPCI:false NicVF:false USB:false VhciInjection:false Wifi:false IEEE802154:false Sysctl:false Swap:false UseTmpDir:false HandleSegv:false Trace:false LegacyOptions:{Collide:false Fault:false FaultCall:0 FaultNth:0}}): syz_mount_image$bfs-mount$overlay-chdir-openat
program crashed: BUG: unable to handle kernel NULL pointer dereference in lookup_one_unlocked
reproducing took 50m43.899503335s
repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 64
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107a4c000
[0000000000000000] pgd=080000010ba3b003, p4d=080000010ba3b003, pud=080000011108e003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4018 Comm: syz-executor652 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0x0
lr : __lookup_slow+0x250/0x388 fs/namei.c:1663
sp : ffff80001fc070c0
x29: ffff80001fc071a0 x28: 0000000010000000 x27: 1fffe000180d182f
x26: dfff800000000000 x25: ffff700003f80e1c x24: ffff80001fc07100
x23: ffff0000de784018 x22: ffff80001fc07220 x21: ffff800011d46400
x20: 0000000000000000 x19: ffff0000c068c178 x18: ffff80001fc06c20
x17: 0000000000000000 x16: ffff800011b4c298 x15: 000000000000bcce
x14: 00000000953e73d0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000cadb0000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800017842ea8 x4 : 0000000000000000 x3 : ffff8000089e2334
x2 : 0000000000000000 x1 : ffff0000c068c178 x0 : ffff0000de784018
Call trace:
 0x0
 lookup_slow fs/namei.c:1680 [inline]
 lookup_one_unlocked+0x144/0x254 fs/namei.c:2779
 lookup_one_len_unlocked+0x3c/0x50 fs/namei.c:2833
 ovl_lookup_positive_unlocked fs/overlayfs/namei.c:205 [inline]
 ovl_lookup_single+0x84/0x6c4 fs/overlayfs/namei.c:230
 ovl_lookup_layer+0x368/0x454 fs/overlayfs/namei.c:314
 ovl_lookup+0x840/0x1928 fs/overlayfs/namei.c:914
 lookup_open fs/namei.c:3440 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xd9c/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: bad PC value
---[ end trace 321ff6f349049f7a ]---

final repro crashed as (corrupted=false):
loop0: detected capacity change from 0 to 64
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
Mem abort info:
  ESR = 0x0000000086000006
  EC = 0x21: IABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
user pgtable: 4k pages, 48-bit VAs, pgdp=0000000107a4c000
[0000000000000000] pgd=080000010ba3b003, p4d=080000010ba3b003, pud=080000011108e003, pmd=0000000000000000
Internal error: Oops: 0000000086000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 4018 Comm: syz-executor652 Not tainted 5.15.173-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : 0x0
lr : __lookup_slow+0x250/0x388 fs/namei.c:1663
sp : ffff80001fc070c0
x29: ffff80001fc071a0 x28: 0000000010000000 x27: 1fffe000180d182f
x26: dfff800000000000 x25: ffff700003f80e1c x24: ffff80001fc07100
x23: ffff0000de784018 x22: ffff80001fc07220 x21: ffff800011d46400
x20: 0000000000000000 x19: ffff0000c068c178 x18: ffff80001fc06c20
x17: 0000000000000000 x16: ffff800011b4c298 x15: 000000000000bcce
x14: 00000000953e73d0 x13: dfff800000000000 x12: 0000000000000001
x11: 0000000000000000 x10: 0000000000000000 x9 : ffff0000cadb0000
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800017842ea8 x4 : 0000000000000000 x3 : ffff8000089e2334
x2 : 0000000000000000 x1 : ffff0000c068c178 x0 : ffff0000de784018
Call trace:
 0x0
 lookup_slow fs/namei.c:1680 [inline]
 lookup_one_unlocked+0x144/0x254 fs/namei.c:2779
 lookup_one_len_unlocked+0x3c/0x50 fs/namei.c:2833
 ovl_lookup_positive_unlocked fs/overlayfs/namei.c:205 [inline]
 ovl_lookup_single+0x84/0x6c4 fs/overlayfs/namei.c:230
 ovl_lookup_layer+0x368/0x454 fs/overlayfs/namei.c:314
 ovl_lookup+0x840/0x1928 fs/overlayfs/namei.c:914
 lookup_open fs/namei.c:3440 [inline]
 open_last_lookups fs/namei.c:3532 [inline]
 path_openat+0xd9c/0x26cc fs/namei.c:3739
 do_filp_open+0x1a8/0x3b4 fs/namei.c:3769
 do_sys_openat2+0x128/0x3e0 fs/open.c:1253
 do_sys_open fs/open.c:1269 [inline]
 __do_sys_openat fs/open.c:1285 [inline]
 __se_sys_openat fs/open.c:1280 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1280
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:142
 do_el0_svc+0x58/0x14c arch/arm64/kernel/syscall.c:181
 el0_svc+0x7c/0x1f0 arch/arm64/kernel/entry-common.c:608
 el0t_64_sync_handler+0x84/0xe4 arch/arm64/kernel/entry-common.c:626
 el0t_64_sync+0x1a0/0x1a4 arch/arm64/kernel/entry.S:584
Code: bad PC value
---[ end trace 321ff6f349049f7a ]---