Buffer I/O error on device loop5, logical block 371
Buffer I/O error on device loop5, logical block 371
Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 UID: 0 PID: 53 Comm: kworker/u8:3 Not tainted 6.14.0-rc7-syzkaller-00202-g183601b78a9b #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Workqueue: ext4-rsv-conversion ext4_end_io_rsv_work
RIP: 0010:ext4_finish_bio+0x262/0xc60 fs/ext4/page-io.c:120
Code: ff 85 db 4c 89 74 24 28 74 50 0f b6 fb e8 46 bf 4c 02 41 89 c4 49 8d 5e 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 60 19 a2 ff 4c 8b 33 31 ff 44 89 e6
RSP: 0018:ffffc90000be7800 EFLAGS: 00010216
RAX: 0000000000000003 RBX: 000000000000001b RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000013
RBP: ffffc90000be79b8 R08: ffffffff84d3c538 R09: 1ffffd40003d46c0
R10: dffffc0000000000 R11: fffff940003d46c1 R12: 00000000fffffffb
R13: 000000000001b000 R14: 0000000000000003 R15: 1ffff9200017cf23
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200001000000 CR3: 000000007c6dc000 CR4: 0000000000350ef0
Call Trace:
<TASK>
ext4_release_io_end+0xdf/0x2c0 fs/ext4/page-io.c:159
ext4_end_io_end fs/ext4/page-io.c:193 [inline]
ext4_do_flush_completed_IO fs/ext4/page-io.c:258 [inline]
ext4_end_io_rsv_work+0x5da/0x6f0 fs/ext4/page-io.c:272
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0xac0/0x18e0 kernel/workqueue.c:3319
worker_thread+0x870/0xd30 kernel/workqueue.c:3400
kthread+0x7ab/0x920 kernel/kthread.c:464
ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:148
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_finish_bio+0x262/0xc60 fs/ext4/page-io.c:120
Code: ff 85 db 4c 89 74 24 28 74 50 0f b6 fb e8 46 bf 4c 02 41 89 c4 49 8d 5e 18 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 48 89 df e8 60 19 a2 ff 4c 8b 33 31 ff 44 89 e6
RSP: 0018:ffffc90000be7800 EFLAGS: 00010216
RAX: 0000000000000003 RBX: 000000000000001b RCX: dffffc0000000000
RDX: 0000000000000000 RSI: 000000000000000a RDI: 0000000000000013
RBP: ffffc90000be79b8 R08: ffffffff84d3c538 R09: 1ffffd40003d46c0
R10: dffffc0000000000 R11: fffff940003d46c1 R12: 00000000fffffffb
R13: 000000000001b000 R14: 0000000000000003 R15: 1ffff9200017cf23
FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200001000000 CR3: 0000000034182000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: ff 85 db 4c 89 74 incl 0x74894cdb(%rbp)
6: 24 28 and $0x28,%al
8: 74 50 je 0x5a
a: 0f b6 fb movzbl %bl,%edi
d: e8 46 bf 4c 02 call 0x24cbf58
12: 41 89 c4 mov %eax,%r12d
15: 49 8d 5e 18 lea 0x18(%r14),%rbx
19: 48 89 d8 mov %rbx,%rax
1c: 48 c1 e8 03 shr $0x3,%rax
20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx
27: fc ff df
* 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 60 19 a2 ff call 0xffa21998
38: 4c 8b 33 mov (%rbx),%r14
3b: 31 ff xor %edi,%edi
3d: 44 89 e6 mov %r12d,%esi