BUG: kernel NULL pointer dereference, address: 000000000000000a #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 114d7c067 P4D 114d7c067 PUD 114d7a067 PMD 0 Oops: 0000 [#1] PREEMPT SMP CPU: 0 PID: 1296 Comm: syz-executor.0 Not tainted 6.1.1-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2023 RIP: 0010:d_is_miss include/linux/dcache.h:391 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:437 [inline] RIP: 0010:d_is_positive include/linux/dcache.h:447 [inline] RIP: 0010:filename_create+0xeb/0x1a0 fs/namei.c:3813 Code: 7d c0 44 89 f2 e8 05 11 00 00 49 89 c6 48 3d 00 f0 ff ff 76 05 8b 5d b4 eb 41 80 7d bb 00 0f 95 c0 41 f6 c5 02 0f 94 c1 20 c1 <41> 0f b6 56 02 f6 c2 70 0f 95 c0 08 c8 49 c7 c7 ef ff ff ff f6 c2 RSP: 0018:ffffc900021b3e58 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000500000000 RSI: 0000000000000000 RDI: ffff8881113711c0 RBP: ffffc900021b3ea8 R08: 00000000ffffff9c R09: ffffffff8153156f R10: ffff88810b38c1c0 R11: ffff888100041400 R12: ffffc900021b3ec0 R13: 0000000000000002 R14: 0000000000000008 R15: 00000000000000a0 FS: 00007f74a4e0b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000a CR3: 0000000114d43000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: do_mkdirat+0xb7/0x150 fs/namei.c:4051 __do_sys_mkdirat fs/namei.c:4076 [inline] __se_sys_mkdirat fs/namei.c:4074 [inline] __x64_sys_mkdirat+0x2c/0x40 fs/namei.c:4074 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f74a407b5e7 Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f74a4e0aee8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f74a407b5e7 RDX: 00000000000001ff RSI: 00000000200001c0 RDI: 00000000ffffff9c RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200001c0 R13: 00007f74a4e0af40 R14: 0000000000000000 R15: 0000000000000000 Modules linked in: CR2: 000000000000000a ---[ end trace 0000000000000000 ]--- RIP: 0010:d_is_miss include/linux/dcache.h:391 [inline] RIP: 0010:d_is_negative include/linux/dcache.h:437 [inline] RIP: 0010:d_is_positive include/linux/dcache.h:447 [inline] RIP: 0010:filename_create+0xeb/0x1a0 fs/namei.c:3813 Code: 7d c0 44 89 f2 e8 05 11 00 00 49 89 c6 48 3d 00 f0 ff ff 76 05 8b 5d b4 eb 41 80 7d bb 00 0f 95 c0 41 f6 c5 02 0f 94 c1 20 c1 <41> 0f b6 56 02 f6 c2 70 0f 95 c0 08 c8 49 c7 c7 ef ff ff ff f6 c2 RSP: 0018:ffffc900021b3e58 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000500000000 RSI: 0000000000000000 RDI: ffff8881113711c0 RBP: ffffc900021b3ea8 R08: 00000000ffffff9c R09: ffffffff8153156f R10: ffff88810b38c1c0 R11: ffff888100041400 R12: ffffc900021b3ec0 R13: 0000000000000002 R14: 0000000000000008 R15: 00000000000000a0 FS: 00007f74a4e0b6c0(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000000a CR3: 0000000114d43000 CR4: 00000000003506b0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 7d c0 jge 0xffffffc2 2: 44 89 f2 mov %r14d,%edx 5: e8 05 11 00 00 call 0x110f a: 49 89 c6 mov %rax,%r14 d: 48 3d 00 f0 ff ff cmp $0xfffffffffffff000,%rax 13: 76 05 jbe 0x1a 15: 8b 5d b4 mov -0x4c(%rbp),%ebx 18: eb 41 jmp 0x5b 1a: 80 7d bb 00 cmpb $0x0,-0x45(%rbp) 1e: 0f 95 c0 setne %al 21: 41 f6 c5 02 test $0x2,%r13b 25: 0f 94 c1 sete %cl 28: 20 c1 and %al,%cl * 2a: 41 0f b6 56 02 movzbl 0x2(%r14),%edx <-- trapping instruction 2f: f6 c2 70 test $0x70,%dl 32: 0f 95 c0 setne %al 35: 08 c8 or %cl,%al 37: 49 c7 c7 ef ff ff ff mov $0xffffffffffffffef,%r15 3e: f6 .byte 0xf6 3f: c2 .byte 0xc2