kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] PREEMPT SMP KASAN
CPU: 0 PID: 357 Comm: syz-executor989 Not tainted 5.4.265-syzkaller-00009-g43a5ead9254d #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
vfs_getattr+0x27/0x700 fs/stat.c:115
ovl_copy_up_one fs/overlayfs/copy_up.c:804 [inline]
ovl_copy_up_flags+0x5b2/0x29f0 fs/overlayfs/copy_up.c:886
ovl_maybe_copy_up+0x14e/0x180 fs/overlayfs/copy_up.c:918
ovl_open+0xa3/0x320 fs/overlayfs/file.c:128
do_dentry_open+0x964/0x1130 fs/open.c:796
vfs_open fs/open.c:910 [inline]
dentry_open+0xb1/0xf0 fs/open.c:926
file_open+0x2ab/0x620 fs/incfs/vfs.c:1449
do_dentry_open+0x964/0x1130 fs/open.c:796
do_last fs/namei.c:3515 [inline]
path_openat+0x2992/0x3480 fs/namei.c:3634
do_filp_open+0x20b/0x450 fs/namei.c:3664
do_sys_open+0x39c/0x810 fs/open.c:1113
do_syscall_64+0xca/0x1c0 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x5c/0xc1
Modules linked in:
---[ end trace 6d8a3904c6a322b6 ]---
RIP: 0010:d_backing_inode include/linux/dcache.h:552 [inline]
RIP: 0010:security_inode_getattr+0x42/0x120 security/security.c:1241
Code: 5c ff 49 8d 5f 08 48 89 d8 48 c1 e8 03 42 80 3c 20 00 74 08 48 89 df e8 cc fd 8b ff 48 8b 2b 48 83 c5 30 48 89 e8 48 c1 e8 03 <42> 80 3c 20 00 74 08 48 89 ef e8 af fd 8b ff 48 8b 6d 00 48 83 c5
RSP: 0018:ffff8881db8cef58 EFLAGS: 00010206
RAX: 0000000000000006 RBX: ffff8881db8cf3f8 RCX: ffff8881dc1a8fc0
RDX: 0000000000000000 RSI: ffff8881db8cf400 RDI: ffff8881db8cf3f0
RBP: 0000000000000030 R08: dffffc0000000000 R09: ffff8881db8cf3f0
R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
R13: ffff8881db8cf3f0 R14: 0000000000000000 R15: ffff8881db8cf3f0
FS: 00005555570e1480(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020000040 CR3: 00000001dc36a000 CR4: 00000000003406b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: 5c pop %rsp
1: ff 49 8d decl -0x73(%rcx)
4: 5f pop %rdi
5: 08 48 89 or %cl,-0x77(%rax)
8: d8 48 c1 fmuls -0x3f(%rax)
b: e8 03 42 80 3c call 0x3c804213
10: 20 00 and %al,(%rax)
12: 74 08 je 0x1c
14: 48 89 df mov %rbx,%rdi
17: e8 cc fd 8b ff call 0xff8bfde8
1c: 48 8b 2b mov (%rbx),%rbp
1f: 48 83 c5 30 add $0x30,%rbp
23: 48 89 e8 mov %rbp,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction
2f: 74 08 je 0x39
31: 48 89 ef mov %rbp,%rdi
34: e8 af fd 8b ff call 0xff8bfde8
39: 48 8b 6d 00 mov 0x0(%rbp),%rbp
3d: 48 rex.W
3e: 83 .byte 0x83
3f: c5 .byte 0xc5