loop0: detected capacity change from 0 to 32768
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 1 UID: 0 PID: 6297 Comm: syz.0.44 Not tainted 6.13.0-syzkaller-09793-g69b8923f5003 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:do_inode_permission fs/namei.c:523 [inline]
RIP: 0010:inode_permission+0x62/0x460 fs/namei.c:592
Code: e3 02 48 89 5c 24 10 89 6c 24 0c 0f 85 cf 00 00 00 4d 89 e5 e8 ef c7 87 ff 4c 89 f5 4d 8d 66 02 4c 89 e3 48 c1 eb 03 4d 89 fe <42> 0f b6 04 3b 84 c0 0f 85 16 03 00 00 45 0f b7 3c 24 44 89 fe 83
RSP: 0018:ffffc900034379c0 EFLAGS: 00010246
RAX: ffffffff82379481 RBX: 0000000000000000 RCX: ffff88804d699e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8237945b R09: ffffffff8238fda6
R10: 0000000000000002 R11: ffff88804d699e00 R12: 0000000000000002
R13: ffffffff8ea8dbc0 R14: dffffc0000000000 R15: dffffc0000000000
FS: 00007f4ad8e416c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4acfbff000 CR3: 000000004c82c000 CR4: 00000000003526f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
may_lookup fs/namei.c:1821 [inline]
link_path_walk+0x204/0xea0 fs/namei.c:2427
path_parentat fs/namei.c:2683 [inline]
__filename_parentat+0x2a7/0x740 fs/namei.c:2707
filename_parentat fs/namei.c:2725 [inline]
filename_create+0xf6/0x540 fs/namei.c:4063
do_mkdirat+0xbd/0x3a0 fs/namei.c:4328
__do_sys_mkdirat fs/namei.c:4351 [inline]
__se_sys_mkdirat fs/namei.c:4349 [inline]
__x64_sys_mkdirat+0x87/0xa0 fs/namei.c:4349
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f4ad7f8b617
Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f4ad8e40e68 EFLAGS: 00000202 ORIG_RAX: 0000000000000102
RAX: ffffffffffffffda RBX: 00007f4ad8e40ef0 RCX: 00007f4ad7f8b617
RDX: 00000000000001ff RSI: 0000000020000040 RDI: 00000000ffffff9c
RBP: 0000000020000000 R08: 0000000000000000 R09: 0000000000005939
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000040
R13: 00007f4ad8e40eb0 R14: 000000000000593f R15: 0000000020000380
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:do_inode_permission fs/namei.c:523 [inline]
RIP: 0010:inode_permission+0x62/0x460 fs/namei.c:592
Code: e3 02 48 89 5c 24 10 89 6c 24 0c 0f 85 cf 00 00 00 4d 89 e5 e8 ef c7 87 ff 4c 89 f5 4d 8d 66 02 4c 89 e3 48 c1 eb 03 4d 89 fe <42> 0f b6 04 3b 84 c0 0f 85 16 03 00 00 45 0f b7 3c 24 44 89 fe 83
RSP: 0018:ffffc900034379c0 EFLAGS: 00010246
RAX: ffffffff82379481 RBX: 0000000000000000 RCX: ffff88804d699e00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: 0000000000000000 R08: ffffffff8237945b R09: ffffffff8238fda6
R10: 0000000000000002 R11: ffff88804d699e00 R12: 0000000000000002
R13: ffffffff8ea8dbc0 R14: dffffc0000000000 R15: dffffc0000000000
FS: 00007f4ad8e416c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
----------------
Code disassembly (best guess):
0: e3 02 jrcxz 0x4
2: 48 89 5c 24 10 mov %rbx,0x10(%rsp)
7: 89 6c 24 0c mov %ebp,0xc(%rsp)
b: 0f 85 cf 00 00 00 jne 0xe0
11: 4d 89 e5 mov %r12,%r13
14: e8 ef c7 87 ff call 0xff87c808
19: 4c 89 f5 mov %r14,%rbp
1c: 4d 8d 66 02 lea 0x2(%r14),%r12
20: 4c 89 e3 mov %r12,%rbx
23: 48 c1 eb 03 shr $0x3,%rbx
27: 4d 89 fe mov %r15,%r14
* 2a: 42 0f b6 04 3b movzbl (%rbx,%r15,1),%eax <-- trapping instruction
2f: 84 c0 test %al,%al
31: 0f 85 16 03 00 00 jne 0x34d
37: 45 0f b7 3c 24 movzwl (%r12),%r15d
3c: 44 89 fe mov %r15d,%esi
3f: 83 .byte 0x83