syzbot

Unable to handle kernel paging request at virtual address dfff80000000000d
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006
  CM = 0, WnR = 0
[dfff80000000000d] address between user and kernel address ranges
Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP
Modules linked in:
CPU: 0 PID: 5810 Comm: syz.4.465 Not tainted 6.1.111-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : d_backing_inode include/linux/dcache.h:543 [inline]
pc : security_inode_getattr+0x48/0x124 security/security.c:1359
lr : security_inode_getattr+0x24/0x124 security/security.c:1358
sp : ffff800021496e30
x29: ffff800021496e30 x28: 1ffff00004292e64 x27: ffff0000de86f1a0
x26: dfff800000000000 x25: 0000000000000000 x24: 0000000000020002
x23: ffff800021497330 x22: dfff800000000000 x21: ffff800021497340
x20: 0000000000000068 x19: ffff800021497330 x18: 1ffff00004292e30
x17: 0000000000000000 x16: ffff8000121e6200 x15: 0000000000000002
x14: 1ffff00002b3a0b0 x13: 0000000000000000 x12: 0000000000040000
x11: 00000000000016d3 x10: ffff800024f5c000 x9 : ffff80000a6d6f50
x8 : 000000000000000d x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000000 x3 : 0000000000000000
x2 : 00000000000007ff x1 : ffff800021497340 x0 : ffff800021497330
Call trace:
 d_backing_inode include/linux/dcache.h:543 [inline]
 security_inode_getattr+0x48/0x124 security/security.c:1359
 vfs_getattr+0x34/0x88 fs/stat.c:158
 ovl_copy_up_one fs/overlayfs/copy_up.c:974 [inline]
 ovl_copy_up_flags+0x400/0x2c08 fs/overlayfs/copy_up.c:1060
 ovl_maybe_copy_up+0x160/0x17c fs/overlayfs/copy_up.c:1092
 ovl_open+0xe8/0x274 fs/overlayfs/file.c:152
 do_dentry_open+0x734/0xfa0 fs/open.c:882
 vfs_open+0x7c/0x90 fs/open.c:1013
 do_open fs/namei.c:3628 [inline]
 path_openat+0x1e14/0x2548 fs/namei.c:3785
 do_filp_open+0x1bc/0x3cc fs/namei.c:3812
 do_sys_openat2+0x128/0x3e0 fs/open.c:1318
 do_sys_open fs/open.c:1334 [inline]
 __do_sys_openat fs/open.c:1350 [inline]
 __se_sys_openat fs/open.c:1345 [inline]
 __arm64_sys_openat+0x1f0/0x240 fs/open.c:1345
 __invoke_syscall arch/arm64/kernel/syscall.c:38 [inline]
 invoke_syscall+0x98/0x2c0 arch/arm64/kernel/syscall.c:52
 el0_svc_common+0x138/0x258 arch/arm64/kernel/syscall.c:140
 do_el0_svc+0x64/0x218 arch/arm64/kernel/syscall.c:204
 el0_svc+0x58/0x168 arch/arm64/kernel/entry-common.c:637
 el0t_64_sync_handler+0x84/0xf0 arch/arm64/kernel/entry-common.c:655
 el0t_64_sync+0x18c/0x190 arch/arm64/kernel/entry.S:585
Code: 978a9d70 f9400288 9101a114 d343fe88 (38766908) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	978a9d70 	bl	0xfffffffffe2a75c0
   4:	f9400288 	ldr	x8, [x20]
   8:	9101a114 	add	x20, x8, #0x68
   c:	d343fe88 	lsr	x8, x20, #3
* 10:	38766908 	ldrb	w8, [x8, x22] <-- trapping instruction