general protection fault, probably for non-canonical address 0xdffffc0000000030: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000180-0x0000000000000187]
CPU: 1 PID: 30136 Comm: syz-executor.0 Not tainted 5.16.0-rc3-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:perf_tp_event_match kernel/events/core.c:9687 [inline]
RIP: 0010:perf_tp_event+0x1d5/0xbc0 kernel/events/core.c:9738
Code: 89 85 e8 fd ff ff eb 0f e8 08 d5 e0 ff 48 83 eb 60 0f 84 4a 01 00 00 e8 f9 d4 e0 ff 48 8d bb e0 01 00 00 48 89 f8 48 c1 e8 03 <42> 0f b6 04 20 84 c0 74 08 3c 03 0f 8e 94 08 00 00 44 8b bb e0 01
RSP: 0018:ffffc9000554f600 EFLAGS: 00010216
RAX: 0000000000000030 RBX: ffffffffffffffa1 RCX: ffffc90002d97000
RDX: 0000000000040000 RSI: ffffffff8196d5c7 RDI: 0000000000000181
RBP: ffffc9000554f870 R08: 0000000000000000 R09: 0000000000000000
R10: ffffffff817bf44d R11: 0000000000000000 R12: dffffc0000000000
R13: ffff8880b9d34860 R14: 0000000000000001 R15: 1ffff110173a691d
FS: 00007f17f9892700(0000) GS:ffff8880b9d00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f17f9891fe8 CR3: 000000007b2fe000 CR4: 0000000000350ee0
Call Trace:
<TASK>
perf_trace_run_bpf_submit+0x11c/0x210 kernel/events/core.c:9713
perf_trace_lock_acquire+0x34c/0x550 include/trace/events/lock.h:13
trace_lock_acquire include/trace/events/lock.h:13 [inline]
lock_acquire+0x416/0x510 kernel/locking/lockdep.c:5608
__raw_spin_lock include/linux/spinlock_api_smp.h:133 [inline]
_raw_spin_lock+0x2a/0x40 kernel/locking/spinlock.c:154
spin_lock include/linux/spinlock.h:349 [inline]
lockref_get_not_dead+0x14/0x80 lib/lockref.c:211
__legitimize_path+0x7f/0x1c0 fs/namei.c:698
legitimize_path fs/namei.c:708 [inline]
try_to_unlazy+0x10a/0x3b0 fs/namei.c:777
complete_walk+0x10d/0x320 fs/namei.c:883
path_parentat+0xec/0x1c0 fs/namei.c:2498
filename_parentat+0x1bb/0x5a0 fs/namei.c:2519
filename_create+0xa1/0x480 fs/namei.c:3637
do_mkdirat+0x94/0x300 fs/namei.c:3898
__do_sys_mkdir fs/namei.c:3929 [inline]
__se_sys_mkdir fs/namei.c:3927 [inline]
__x64_sys_mkdir+0xf2/0x140 fs/namei.c:3927
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x44/0xae
RIP: 0033:0x7f17fa93cbf7
Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f17f9891fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f17fa93cbf7
RDX: ffffffffffffff81 RSI: 00000000000001ff RDI: 0000000020000400
RBP: 00007f17f9892040 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 0000000020000400 R14: 00007f17f9892000 R15: 0000000020000680
</TASK>
Modules linked in:
----------------
Code disassembly (best guess):
0: 89 85 e8 fd ff ff mov %eax,-0x218(%rbp)
6: eb 0f jmp 0x17
8: e8 08 d5 e0 ff callq 0xffe0d515
d: 48 83 eb 60 sub $0x60,%rbx
11: 0f 84 4a 01 00 00 je 0x161
17: e8 f9 d4 e0 ff callq 0xffe0d515
1c: 48 8d bb e0 01 00 00 lea 0x1e0(%rbx),%rdi
23: 48 89 f8 mov %rdi,%rax
26: 48 c1 e8 03 shr $0x3,%rax
* 2a: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction
2f: 84 c0 test %al,%al
31: 74 08 je 0x3b
33: 3c 03 cmp $0x3,%al
35: 0f 8e 94 08 00 00 jle 0x8cf
3b: 44 rex.R
3c: 8b .byte 0x8b
3d: bb .byte 0xbb
3e: e0 01 loopne 0x41