Unable to handle kernel paging request at virtual address fffffffff1089c10
KASAN: maybe wild-memory-access in range [0x0003ffff8844e080-0x0003ffff8844e087]
Mem abort info:
  ESR = 0x0000000096000006
  EC = 0x25: DABT (current EL), IL = 32 bits
  SET = 0, FnV = 0
  EA = 0, S1PTW = 0
  FSC = 0x06: level 2 translation fault
Data abort info:
  ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000
  CM = 0, WnR = 0, TnD = 0, TagAccess = 0
  GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
swapper pgtable: 4k pages, 48-bit VAs, pgdp=000000021b612000
[fffffffff1089c10] pgd=0000000000000000, p4d=000000021d0ad403, pud=000000021d0ae403, pmd=0000000000000000
Internal error: Oops: 0000000096000006 [#1]  SMP
Modules linked in:
CPU: 1 UID: 0 PID: 6346 Comm: syz.4.388 Not tainted syzkaller #0 PREEMPT 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
pstate: 83400005 (Nzcv daif +PAN -UAO +TCO +DIT -SSBS BTYPE=--)
pc : ovl_seek_cursor fs/overlayfs/readdir.c:473 [inline]
pc : ovl_iterate_merged fs/overlayfs/readdir.c:852 [inline]
pc : ovl_iterate+0xecc/0x1850 fs/overlayfs/readdir.c:907
lr : ovl_cache_get fs/overlayfs/readdir.c:507 [inline]
lr : ovl_iterate_merged fs/overlayfs/readdir.c:846 [inline]
lr : ovl_iterate+0xd50/0x1850 fs/overlayfs/readdir.c:907
sp : ffff800099e07820
x29: ffff800099e07b50 x28: ffff0000c6327c00 x27: 0000000000000000
x26: fffffffff1089c00 x25: ffff0000d1ed1300 x24: 0000000000000000
x23: ffff7000133c0f18 x22: ffff800099e07ca8 x21: dfff800000000000
x20: fffffffff1089c10 x19: fffffffff1089c10 x18: 00000000ffffffff
x17: ffff800080ca451c x16: ffff8000814a1e08 x15: 0000000000000000
x14: 00000000ffff8000 x13: 0000000051da25a6 x12: ffff80008002159c
x11: ffff80008a356d08 x10: 0000000000000003 x9 : 0c8c0f8e1b41f900
x8 : 0000000000000000 x7 : 0000000000000000 x6 : 000000000000003f
x5 : 0000000000000040 x4 : 0000000000000008 x3 : ffff800080154bd4
x2 : 0000000000000006 x1 : ffff0000d4dc5700 x0 : 0000000000000001
Call trace:
 ovl_seek_cursor fs/overlayfs/readdir.c:473 [inline] (P)
 ovl_iterate_merged fs/overlayfs/readdir.c:852 [inline] (P)
 ovl_iterate+0xecc/0x1850 fs/overlayfs/readdir.c:907 (P)
 wrap_directory_iterator+0x90/0xf0 fs/readdir.c:67
 shared_ovl_iterate+0x30/0x40 fs/overlayfs/readdir.c:1066
 iterate_dir+0x2dc/0x478 fs/readdir.c:110
 __do_sys_getdents64 fs/readdir.c:399 [inline]
 __se_sys_getdents64 fs/readdir.c:384 [inline]
 __arm64_sys_getdents64+0x11c/0x318 fs/readdir.c:384
 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline]
 invoke_syscall+0x98/0x244 arch/arm64/kernel/syscall.c:49
 el0_svc_common+0xe8/0x23c arch/arm64/kernel/syscall.c:121
 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:140
 el0_svc+0x64/0x260 arch/arm64/kernel/entry-common.c:740
 el0t_64_sync_handler+0x48/0x148 arch/arm64/kernel/entry-common.c:759
 el0t_64_sync+0x198/0x19c arch/arm64/kernel/entry.S:594
Code: 38756908 34000068 aa1403e0 97db055b (f9400294) 
---[ end trace 0000000000000000 ]---
----------------
Code disassembly (best guess):
   0:	38756908 	ldrb	w8, [x8, x21]
   4:	34000068 	cbz	w8, 0x10
   8:	aa1403e0 	mov	x0, x20
   c:	97db055b 	bl	0xffffffffff6c1578
* 10:	f9400294 	ldr	x20, [x20] <-- trapping instruction