./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor3247272804 <...> Warning: Permanently added '10.128.1.128' (ED25519) to the list of known hosts. execve("./syz-executor3247272804", ["./syz-executor3247272804"], 0x7ffeef98ecb0 /* 10 vars */) = 0 brk(NULL) = 0x555558bc6000 brk(0x555558bc6d00) = 0x555558bc6d00 arch_prctl(ARCH_SET_FS, 0x555558bc6380) = 0 set_tid_address(0x555558bc6650) = 5070 set_robust_list(0x555558bc6660, 24) = 0 rseq(0x555558bc6ca0, 0x20, 0, 0x53053053) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 readlink("/proc/self/exe", "/root/syz-executor3247272804", 4096) = 28 getrandom("\x1d\x47\x20\xb1\x9b\x8e\x69\xcc", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x555558bc6d00 brk(0x555558be7d00) = 0x555558be7d00 brk(0x555558be8000) = 0x555558be8000 mprotect(0x7fd73a03d000, 16384, PROT_READ) = 0 mmap(0x1ffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x1ffff000 mmap(0x20000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x20000000 mmap(0x21000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x21000000 memfd_create("syzkaller", 0) = 3 mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fd731a00000 write(3, "\xce\xfa\xad\x1b\x00\x0e\x00\x00\xff\x0f\x00\x00\x00\x00\x00\x00\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x73\x79\x01\x80\x00\x00\x73\x79\x7a\x6b\xb8\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 32768) = 32768 munmap(0x7fd731a00000, 138412032) = 0 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4 ioctl(4, LOOP_SET_FD, 3) = 0 close(3) = 0 close(4) = 0 mkdir("./file0", 0777) = 0 mount("/dev/loop0", "./file0", "bfs", 0, "\x31\x38\x34\x34\x36\x37\x34\x34\x30\x37\x33\x37\x30\x39\x35\x35\x31\x36\x31\x35\xff\xff\xff\xff\xff\xff\xff\xff\x30\x78\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\x30\xff\xff\xff\xff") = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = -1 ENOTDIR (Not a directory) syzkaller login: [ 55.628964][ T5070] loop0: detected capacity change from 0 to 64 openat(AT_FDCWD, "/dev/loop0", O_RDWR) = -1 EBUSY (Device or resource busy) mkdir("./file1", 000) = 0 mkdir("./bus", 000) = 0 mkdir("./file1/file0", 000) = 0 mount(NULL, "./file0", "overlay", 0, "workdir=./bus,lowerdir=./file0,upperdir=./file1/file0,") = 0 mkdir("./file0", 0777) = -1 EEXIST (File exists) mount(NULL, "./file0", 0x20000040, MS_NOSUID|MS_SYNCHRONOUS|MS_REMOUNT|MS_DIRSYNC|MS_REC|MS_SILENT, "fd=0xffffffffffffffff,rootmode=00000000000000000020000,user_id=18446744073709551615,group_id=0000000"...) = 0 openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3 [ 55.715690][ T5070] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 55.741997][ T5070] BUG: kernel NULL pointer dereference, address: 0000000000000000 [ 55.749808][ T5070] #PF: supervisor instruction fetch in kernel mode [ 55.756287][ T5070] #PF: error_code(0x0010) - not-present page [ 55.762262][ T5070] PGD 8000000022852067 P4D 8000000022852067 PUD 2dc51067 PMD 0 [ 55.769886][ T5070] Oops: 0010 [#1] PREEMPT SMP KASAN PTI [ 55.775410][ T5070] CPU: 1 PID: 5070 Comm: syz-executor324 Not tainted 6.9.0-rc5-syzkaller-00036-g9d1ddab261f3 #0 [ 55.785801][ T5070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 [ 55.795838][ T5070] RIP: 0010:0x0 [ 55.799299][ T5070] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 55.806639][ T5070] RSP: 0018:ffffc9000352f1b8 EFLAGS: 00010246 [ 55.812684][ T5070] RAX: 1ffffffff17b0bc0 RBX: ffffffff8bd85e00 RCX: ffff88807ef35a00 [ 55.820745][ T5070] RDX: 0000000000000000 RSI: ffff8880207f85e0 RDI: ffff88807ebf8018 [ 55.828695][ T5070] RBP: ffffc9000352f2d0 R08: ffffffff820b2843 R09: 1ffffffff28ed13f [ 55.836664][ T5070] R10: dffffc0000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 55.844613][ T5070] R13: ffff8880207f85e0 R14: 1ffff110040ff0bc R15: 1ffff920006a5e3c [ 55.852562][ T5070] FS: 0000555558bc6380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 55.861467][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 55.868029][ T5070] CR2: ffffffffffffffd6 CR3: 000000001cba8000 CR4: 00000000003506f0 [ 55.875982][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 55.883933][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 55.891881][ T5070] Call Trace: [ 55.895144][ T5070] [ 55.898074][ T5070] ? __die_body+0x88/0xe0 [ 55.902395][ T5070] ? page_fault_oops+0x817/0xb30 [ 55.907312][ T5070] ? __pfx_lock_release+0x10/0x10 [ 55.912315][ T5070] ? __pfx_page_fault_oops+0x10/0x10 [ 55.917580][ T5070] ? d_alloc_parallel+0x14ab/0x1600 [ 55.922758][ T5070] ? rcu_is_watching+0x15/0xb0 [ 55.927501][ T5070] ? is_errata93+0xbc/0x250 [ 55.931984][ T5070] ? exc_page_fault+0x5e2/0x8e0 [ 55.936822][ T5070] ? asm_exc_page_fault+0x26/0x30 [ 55.941829][ T5070] ? __lookup_slow+0x153/0x3f0 [ 55.946577][ T5070] __lookup_slow+0x28c/0x3f0 [ 55.951148][ T5070] ? __pfx___lookup_slow+0x10/0x10 [ 55.956245][ T5070] ? __d_lookup+0x85/0x7e0 [ 55.960645][ T5070] lookup_one_unlocked+0x1a4/0x290 [ 55.965824][ T5070] ? kasan_save_track+0x51/0x80 [ 55.970658][ T5070] ? kasan_save_track+0x3f/0x80 [ 55.975488][ T5070] ? __pfx_lookup_one_unlocked+0x10/0x10 [ 55.981098][ T5070] ? do_filp_open+0x235/0x490 [ 55.985751][ T5070] ? do_syscall_64+0xf5/0x240 [ 55.990410][ T5070] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 55.996473][ T5070] ovl_lookup_single+0x200/0xbd0 [ 56.001393][ T5070] ? __pfx_ovl_lookup_single+0x10/0x10 [ 56.006836][ T5070] ovl_lookup_layer+0x417/0x510 [ 56.011668][ T5070] ? ovl_lookup+0x8b2/0x2a60 [ 56.016233][ T5070] ? __pfx_ovl_lookup_layer+0x10/0x10 [ 56.021585][ T5070] ? __kmalloc+0x251/0x4a0 [ 56.025982][ T5070] ovl_lookup+0xcf7/0x2a60 [ 56.030385][ T5070] ? __pfx_ovl_lookup+0x10/0x10 [ 56.035214][ T5070] ? d_alloc_parallel+0x14ab/0x1600 [ 56.040391][ T5070] ? d_alloc_parallel+0x311/0x1600 [ 56.045479][ T5070] ? __d_lookup+0x85/0x7e0 [ 56.049877][ T5070] ? __d_lookup+0x85/0x7e0 [ 56.054287][ T5070] ? __pfx_d_alloc_parallel+0x10/0x10 [ 56.059638][ T5070] ? __d_lookup+0x727/0x7e0 [ 56.064118][ T5070] ? mnt_get_write_access+0x68/0x2b0 [ 56.069385][ T5070] ? __pfx_ovl_lookup+0x10/0x10 [ 56.074211][ T5070] path_openat+0x1033/0x3240 [ 56.078785][ T5070] ? __pfx_path_openat+0x10/0x10 [ 56.083704][ T5070] do_filp_open+0x235/0x490 [ 56.088184][ T5070] ? __pfx_do_filp_open+0x10/0x10 [ 56.093209][ T5070] ? _raw_spin_unlock+0x28/0x50 [ 56.098039][ T5070] ? alloc_fd+0x59d/0x640 [ 56.102350][ T5070] do_sys_openat2+0x13e/0x1d0 [ 56.107008][ T5070] ? __pfx_do_sys_openat2+0x10/0x10 [ 56.112184][ T5070] ? lockdep_hardirqs_on+0x99/0x150 [ 56.117363][ T5070] ? _raw_spin_unlock_irq+0x2e/0x50 [ 56.122542][ T5070] ? ptrace_notify+0x279/0x380 [ 56.127287][ T5070] __x64_sys_openat+0x247/0x2a0 [ 56.132115][ T5070] ? __pfx___x64_sys_openat+0x10/0x10 [ 56.137466][ T5070] ? do_syscall_64+0x102/0x240 [ 56.142220][ T5070] do_syscall_64+0xf5/0x240 [ 56.146705][ T5070] ? clear_bhb_loop+0x35/0x90 [ 56.151369][ T5070] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 56.157326][ T5070] RIP: 0033:0x7fd739fc9f39 [ 56.161722][ T5070] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 61 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 [ 56.181304][ T5070] RSP: 002b:00007ffc39adcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 56.189694][ T5070] RAX: ffffffffffffffda RBX: 6e69666e6f636e75 RCX: 00007fd739fc9f39 [ 56.197651][ T5070] RDX: 0000000000001200 RSI: 0000000020000340 RDI: 0000000000000003 [ 56.205604][ T5070] RBP: 646165725f78616d R08: 0000000000000000 R09: 0000000000000000 [ 56.213553][ T5070] R10: 0000000000000001 R11: 0000000000000246 R12: 0030656c69662f2e [ 56.221505][ T5070] R13: 7269647265776f6c R14: 0079616c7265766f R15: 2f31656c69662f2e [ 56.229464][ T5070] [ 56.232460][ T5070] Modules linked in: [ 56.236332][ T5070] CR2: 0000000000000000 [ 56.240460][ T5070] ---[ end trace 0000000000000000 ]--- [ 56.245892][ T5070] RIP: 0010:0x0 [ 56.249344][ T5070] Code: Unable to access opcode bytes at 0xffffffffffffffd6. [ 56.256683][ T5070] RSP: 0018:ffffc9000352f1b8 EFLAGS: 00010246 [ 56.262726][ T5070] RAX: 1ffffffff17b0bc0 RBX: ffffffff8bd85e00 RCX: ffff88807ef35a00 [ 56.270681][ T5070] RDX: 0000000000000000 RSI: ffff8880207f85e0 RDI: ffff88807ebf8018 [ 56.278647][ T5070] RBP: ffffc9000352f2d0 R08: ffffffff820b2843 R09: 1ffffffff28ed13f [ 56.286601][ T5070] R10: dffffc0000000000 R11: 0000000000000000 R12: dffffc0000000000 [ 56.294553][ T5070] R13: ffff8880207f85e0 R14: 1ffff110040ff0bc R15: 1ffff920006a5e3c [ 56.302500][ T5070] FS: 0000555558bc6380(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 [ 56.311406][ T5070] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 56.317969][ T5070] CR2: ffffffffffffffd6 CR3: 000000001cba8000 CR4: 00000000003506f0 [ 56.325935][ T5070] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 56.333885][ T5070] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 56.341862][ T5070] Kernel panic - not syncing: Fatal exception [ 56.348186][ T5070] Kernel Offset: disabled [ 56.352508][ T5070] Rebooting in 86400 seconds..