EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz-executor385: mark_inode_dirty error
general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 PID: 5064 Comm: syz-executor385 Not tainted 6.7.0-rc6-syzkaller-00078-ga4aebe936554 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023
RIP: 0010:utf8nlookup+0x3a/0x890 fs/unicode/utf8-norm.c:306
Code: 89 fb 48 83 ec 20 48 89 54 24 10 4c 89 44 24 08 e8 8b 76 f2 fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 07 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b
RSP: 0018:ffffc900039cf958 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88807ee5a4d8
RDX: 0000000000000003 RSI: ffffffff8294fb45 RDI: 0000000000000018
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000080
R10: 0000000000000040 R11: ffffffff81ddf493 R12: 0000000000000000
R13: ffff88807ee5a4d8 R14: ffffc900039cfa70 R15: ffffc900039cfa70
FS: 0000555556cf8480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559d589bb000 CR3: 00000000774da000 CR4: 0000000000350ef0
Call Trace:
<TASK>
utf8byte+0x1ca/0x1390 fs/unicode/utf8-norm.c:502
utf8_casefold+0x16c/0x230 fs/unicode/utf8-core.c:109
ext4_fname_setup_ci_filename+0x18b/0x490 fs/ext4/namei.c:1462
ext4_fname_prepare_lookup+0x168/0x350 fs/ext4/crypto.c:55
ext4_lookup_entry fs/ext4/namei.c:1764 [inline]
ext4_lookup+0x147/0x740 fs/ext4/namei.c:1839
lookup_one_qstr_excl+0x116/0x180 fs/namei.c:1609
filename_create+0x1ed/0x530 fs/namei.c:3876
do_mkdirat+0xab/0x3a0 fs/namei.c:4121
__do_sys_mkdir fs/namei.c:4149 [inline]
__se_sys_mkdir fs/namei.c:4147 [inline]
__x64_sys_mkdir+0xf2/0x140 fs/namei.c:4147
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x63/0x6b
RIP: 0033:0x7fb43cf25557
Code: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007ffe7913d128 EFLAGS: 00000286 ORIG_RAX: 0000000000000053
RAX: ffffffffffffffda RBX: 00000000ffffffff RCX: 00007fb43cf25557
RDX: 0000000000000040 RSI: 00000000000001ff RDI: 0000000020000540
RBP: 00007ffe7913d1c0 R08: 00000000000000fd R09: 0000000000000000
R10: 0000000000000249 R11: 0000000000000286 R12: 0000000020000540
R13: 00000000200000c0 R14: 0000000000000000 R15: 0000000000000000
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:utf8nlookup+0x3a/0x890 fs/unicode/utf8-norm.c:306
Code: 89 fb 48 83 ec 20 48 89 54 24 10 4c 89 44 24 08 e8 8b 76 f2 fe 48 8d 7b 18 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 8e 07 00 00 48 b8 00 00 00 00 00 fc ff df 4c 8b
RSP: 0018:ffffc900039cf958 EFLAGS: 00010216
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffff88807ee5a4d8
RDX: 0000000000000003 RSI: ffffffff8294fb45 RDI: 0000000000000018
RBP: 0000000000000001 R08: 0000000000000005 R09: 0000000000000080
R10: 0000000000000040 R11: ffffffff81ddf493 R12: 0000000000000000
R13: ffff88807ee5a4d8 R14: ffffc900039cfa70 R15: ffffc900039cfa70
FS: 0000555556cf8480(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000559d589bb000 CR3: 00000000774da000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
0: 89 fb mov %edi,%ebx
2: 48 83 ec 20 sub $0x20,%rsp
6: 48 89 54 24 10 mov %rdx,0x10(%rsp)
b: 4c 89 44 24 08 mov %r8,0x8(%rsp)
10: e8 8b 76 f2 fe call 0xfef276a0
15: 48 8d 7b 18 lea 0x18(%rbx),%rdi
19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
20: fc ff df
23: 48 89 fa mov %rdi,%rdx
26: 48 c1 ea 03 shr $0x3,%rdx
* 2a: 80 3c 02 00 cmpb $0x0,(%rdx,%rax,1) <-- trapping instruction
2e: 0f 85 8e 07 00 00 jne 0x7c2
34: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax
3b: fc ff df
3e: 4c rex.WR
3f: 8b .byte 0x8b