syzbot

random: crng reseeded on system resumption
Unable to handle kernel paging request at virtual address dfff80000000000d
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
Mem abort info:
  ESR = 0x0000000096000005
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x05: level 1 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[dfff80000000000d] address between user and kernel address ranges
Internal error: Oops: 0000000096000005 [#1] PREEMPT SMP
Modules linked in:
CPU: 1 UID: 0 PID: 10149 Comm: syz.0.921 Not tainted 6.14.0-rc3-syzkaller-ge6747d19291c #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : efivarfs_pm_notify+0xcc/0x350 fs/efivarfs/super.c:480
lr : efivarfs_pm_notify+0x8c/0x350 fs/efivarfs/super.c:477
sp : ffff80009f157260
x29: ffff80009f157300 x28: 0000000000000000 x27: 1fffe0001a8b1ac1
x26: dfff800000000000 x25: ffff700013e2ae4c x24: 0000000000000068
x23: ffff80009f157288 x22: 0000000000000005 x21: ffff80009f157280
x20: ffff80009f157260 x19: ffff0000d458d608 x18: ffff80009f156e00
x17: 0000000000038f76 x16: ffff8000832b5a70 x15: 0000000000000001
x14: 1fffe0001dfc9a5f x13: 0000000000000000 x12: 0000000000000000
x11: 0000000000080000 x10: 000000000002697b x9 : ffff8000a4b29000
x8 : 000000000000000d x7 : 0000000000000000 x6 : 0000000000000000
x5 : ffff800093a1fa08 x4 : 0000000000000002 x3 : ffff80008b7495d0
x2 : 0000000000000000 x1 : 0000000000000005 x0 : ffff0000d458d628
Call trace:
 efivarfs_pm_notify+0xcc/0x350 fs/efivarfs/super.c:480 (P)
 notifier_call_chain+0x1c4/0x550 kernel/notifier.c:85
 notifier_call_chain_robust kernel/notifier.c:120 [inline]
 blocking_notifier_call_chain_robust+0xdc/0x1bc kernel/notifier.c:345
 pm_notifier_call_chain_robust+0x34/0x64 kernel/power/main.c:102
 snapshot_open+0x11c/0x270 kernel/power/user.c:87
 misc_open+0x2b8/0x328 drivers/char/misc.c:179
 chrdev_open+0x3b0/0x4bc fs/char_dev.c:414
 do_dentry_open+0xb7c/0x1538 fs/open.c:956
 vfs_open+0x48/0x2d8 fs/open.c:1086
 do_open fs/namei.c:3830 [inline]
 path_openat+0x2308/0x2b1c fs/namei.c:3989
 do_filp_open+0x1e8/0x404 fs/namei.c:4016
 do_sys_openat2+0x124/0x1b8 fs/open.c:1428
 do_sys_open fs/open.c:1443 [inline]
 __do_sys_openat fs/open.c:1459 [inline]
 __se_sys_openat fs/open.c:1454 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1454
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:132
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151
 el0_svc+0x54/0x168 arch/arm64/kernel/entry-common.c:744
 el0t_64_sync_handler+0x84/0x108 arch/arm64/kernel/entry-common.c:762
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:600
Code: f940027c 9100a297 9101a398 d343ff08 (387a6908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	f940027c 	ldr	x28, [x19]
   4:	9100a297 	add	x23, x20, #0x28
   8:	9101a398 	add	x24, x28, #0x68
   c:	d343ff08 	lsr	x8, x24, #3
* 10:	387a6908 	ldrb	w8, [x8, x26] <-- trapping instruction