kasan: GPF could be caused by NULL-ptr deref or user memory access general protection fault: 0000 [#1] PREEMPT SMP KASAN CPU: 0 PID: 27433 Comm: syz-executor.1 Not tainted 4.19.185-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 RIP: 0010:d_backing_inode include/linux/dcache.h:543 [inline] RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:722 Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffff888099fef660 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000804b000 RDX: 000000000000000b RSI: ffffffff833188ce RDI: 0000000000000058 RBP: ffff888099fef7b8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000005 R11: 0000000000000000 R12: ffff88808d9966e0 R13: ffff888099fef7b8 R14: 00000000000007ff R15: 0000000000000000 FS: 00007fa1dc34e700(0000) GS:ffff8880ba000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000003161708 CR3: 000000009c938000 CR4: 00000000001426f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: vfs_getattr+0x22/0x60 fs/stat.c:113 ovl_copy_up_one+0x125/0xf20 fs/overlayfs/copy_up.c:776 ovl_copy_up_flags+0x14b/0x1c0 fs/overlayfs/copy_up.c:857 ovl_maybe_copy_up+0x140/0x190 fs/overlayfs/copy_up.c:889 ovl_open+0xb4/0x260 fs/overlayfs/file.c:126 do_dentry_open+0x4aa/0x1160 fs/open.c:796 do_last fs/namei.c:3421 [inline] path_openat+0x793/0x2df0 fs/namei.c:3537 do_filp_open+0x18c/0x3f0 fs/namei.c:3567 file_open_name+0x269/0x380 fs/open.c:1032 acct_on kernel/acct.c:207 [inline] __do_sys_acct kernel/acct.c:286 [inline] __se_sys_acct+0xf2/0x930 kernel/acct.c:273 do_syscall_64+0xf9/0x620 arch/x86/entry/common.c:293 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x466459 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fa1dc34e188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a3 RAX: ffffffffffffffda RBX: 000000000056c008 RCX: 0000000000466459 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000440 RBP: 00000000004bf9fb R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 000000000056c008 R13: 00007ffc35910e8f R14: 00007fa1dc34e300 R15: 0000000000022000 Modules linked in: ---[ end trace d283d8ed0ff81471 ]--- RIP: 0010:d_backing_inode include/linux/dcache.h:543 [inline] RIP: 0010:security_inode_getattr+0x46/0x140 security/security.c:722 loop_set_status: loop7 ([n)' 'uGzj`Ď w9diyD=+>< ) has still dirty pages (nrpages=16) Code: 48 89 fa 48 c1 ea 03 80 3c 02 00 0f 85 04 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 8b 5d 08 48 8d 7b 58 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 d7 00 00 00 48 b8 00 00 00 00 00 fc ff df 48 8b RSP: 0018:ffff888099fef660 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffc9000804b000 RDX: 000000000000000b RSI: ffffffff833188ce RDI: 0000000000000058 RBP: ffff888099fef7b8 R08: 0000000000000000 R09: 0000000000000000 overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. R10: 0000000000000005 R11: 0000000000000000 R12: ffff88808d9966e0 R13: ffff888099fef7b8 R14: 00000000000007ff R15: 0000000000000000 FS: 00007fa1dc34e700(0000) GS:ffff8880ba100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4fb70a04fb CR3: 000000009c938000 CR4: 00000000001426e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400