overlayfs: "xino" feature enabled using 3 upper inode bits. Unable to handle kernel paging request at virtual address ffffffffcb961790 KASAN: maybe wild-memory-access in range [0x0003fffe5cb0bc80-0x0003fffe5cb0bc87] Mem abort info: ESR = 0x0000000096000006 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x06: level 2 translation fault Data abort info: ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000021b60a000 [ffffffffcb961790] pgd=0000000000000000, p4d=000000021d09a403, pud=000000021d09b403, pmd=0000000000000000 Internal error: Oops: 0000000096000006 [#1] SMP Modules linked in: CPU: 0 UID: 0 PID: 9137 Comm: syz.3.1305 Tainted: G L syzkaller #0 PREEMPT Tainted: [L]=SOFTLOCKUP Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--) pc : ovl_seek_cursor fs/overlayfs/readdir.c:473 [inline] pc : ovl_iterate_merged fs/overlayfs/readdir.c:852 [inline] pc : ovl_iterate+0xecc/0x1850 fs/overlayfs/readdir.c:907 lr : ovl_cache_get fs/overlayfs/readdir.c:507 [inline] lr : ovl_iterate_merged fs/overlayfs/readdir.c:846 [inline] lr : ovl_iterate+0xd50/0x1850 fs/overlayfs/readdir.c:907 sp : ffff800097fa7820 x29: ffff800097fa7b50 x28: ffff0000f1ed1a00 x27: 0000000000000000 x26: ffffffffcb961780 x25: ffff0000c82ee800 x24: 0000000000000000 x23: ffff700012ff4f18 x22: ffff800097fa7ca8 x21: dfff800000000000 x20: ffffffffcb961790 x19: ffffffffcb961790 x18: 00000000ffffffff x17: ffff800080c9ecc4 x16: ffff80008149c670 x15: 0000000000000000 x14: 00000000ffff8000 x13: 000000000f7672ab x12: ffff80008002159c x11: ffff80008a343d08 x10: 0000000000000003 x9 : 9d6e596607f49800 x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f x5 : 0000000000000040 x4 : 0000000000000008 x3 : ffff800080153db0 x2 : 0000000000000006 x1 : ffff0000c4d00000 x0 : 0000000000000001 Call trace: ovl_seek_cursor fs/overlayfs/readdir.c:473 [inline] (P) ovl_iterate_merged fs/overlayfs/readdir.c:852 [inline] (P) ovl_iterate+0xecc/0x1850 fs/overlayfs/readdir.c:907 (P) wrap_directory_iterator+0x90/0xf0 fs/readdir.c:67 shared_ovl_iterate+0x30/0x40 fs/overlayfs/readdir.c:1066 iterate_dir+0x2dc/0x478 fs/readdir.c:110 __do_sys_getdents64 fs/readdir.c:399 [inline] __se_sys_getdents64 fs/readdir.c:384 [inline] __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:384 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140 el0_svc+0x60/0x25c arch/arm64/kernel/entry-common.c:723 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:742 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594 Code: 38756908 34000068 aa1403e0 97db075f (f9400294) ---[ end trace 0000000000000000 ]--- ---------------- Code disassembly (best guess): 0: 38756908 ldrb w8, [x8, x21] 4: 34000068 cbz w8, 0x10 8: aa1403e0 mov x0, x20 c: 97db075f bl 0xffffffffff6c1d88 * 10: f9400294 ldr x20, [x20] <-- trapping instruction