loop0: detected capacity change from 0 to 2048
general protection fault, probably for non-canonical address 0xdffffc0000000004: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027]
CPU: 0 PID: 6860 Comm: syz-executor.0 Not tainted 6.8.0-rc2-syzkaller-00397-g56897d51886f #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
RIP: 0010:__block_commit_write+0x61/0x270 fs/buffer.c:2165
Code: ea 03 80 3c 02 00 0f 85 16 02 00 00 48 8b 44 24 18 4c 8b 78 28 48 b8 00 00 00 00 00 fc ff df 49 8d 7f 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 01 00 00 41 8b 47 20 4c 89 fb 45 31 f6 31 ed
RSP: 0018:ffffc90008947918 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffffea00019b1180 RCX: ffffffff82086d31
RDX: 0000000000000004 RSI: ffffffff820823e4 RDI: 0000000000000020
RBP: 0000000000000040 R08: 0000000000000004 R09: 0000000000000040
R10: 0000000000000040 R11: 0000000000000003 R12: 0000000000000000
R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000
FS: 00007f6f6a4016c0(0000) GS:ffff8880b9400000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000020007640 CR3: 0000000015340000 CR4: 0000000000350ef0
Call Trace:
<TASK>
block_write_end+0xc8/0x250 fs/buffer.c:2251
ext4_write_end+0x277/0xed0 fs/ext4/inode.c:1287
ext4_da_write_end+0xa64/0xce0 fs/ext4/inode.c:3020
generic_perform_write+0x33b/0x620 mm/filemap.c:3941
ext4_buffered_write_iter+0x11f/0x3d0 fs/ext4/file.c:299
ext4_file_write_iter+0x819/0x1960 fs/ext4/file.c:698
call_write_iter include/linux/fs.h:2085 [inline]
new_sync_write fs/read_write.c:497 [inline]
vfs_write+0x6e1/0x1110 fs/read_write.c:590
ksys_write+0x12f/0x260 fs/read_write.c:643
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xd8/0x270 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x6f/0x77
RIP: 0033:0x7f6f6967dda9
Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6f6a4010c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 00007f6f697abf80 RCX: 00007f6f6967dda9
RDX: 0000000000000040 RSI: 0000000020002ac0 RDI: 0000000000000005
RBP: 00007f6f696ca47a R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f6f697abf80 R15: 00007ffc14067c28
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:__block_commit_write+0x61/0x270 fs/buffer.c:2165
Code: ea 03 80 3c 02 00 0f 85 16 02 00 00 48 8b 44 24 18 4c 8b 78 28 48 b8 00 00 00 00 00 fc ff df 49 8d 7f 20 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 e4 01 00 00 41 8b 47 20 4c 89 fb 45 31 f6 31 ed
RSP: 0018:ffffc90008947918 EFLAGS: 00010212
RAX: dffffc0000000000 RBX: ffffea00019b1180 RCX: ffffffff82086d31
RDX: 0000000000000004 RSI: ffffffff820823e4 RDI: 0000000000000020
RBP: 0000000000000040 R08: 0000000000000004 R09: 0000000000000040
R10: 0000000000000040 R11: 0000000000000003 R12: 0000000000000000
R13: 0000000000000040 R14: 0000000000000040 R15: 0000000000000000
FS: 00007f6f6a4016c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f9a064f7000 CR3: 0000000015340000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 03 80 3c 02 00 0f add 0xf00023c(%rax),%eax
6: 85 16 test %edx,(%rsi)
8: 02 00 add (%rax),%al
a: 00 48 8b add %cl,-0x75(%rax)
d: 44 24 18 rex.R and $0x18,%al
10: 4c 8b 78 28 mov 0x28(%rax),%r15
14: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
1b: fc ff df
1e: 49 8d 7f 20 lea 0x20(%r15),%rdi
22: 48 89 fa mov %rdi,%rdx
25: 48 c1 ea 03 shr $0x3,%rdx
* 29: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2d: 0f 85 e4 01 00 00 jne 0x217
33: 41 8b 47 20 mov 0x20(%r15),%eax
37: 4c 89 fb mov %r15,%rbx
3a: 45 31 f6 xor %r14d,%r14d
3d: 31 ed xor %ebp,%ebp