kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 7335 Comm: gfs2_quotad Not tainted syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 RIP: 0010:do_sync+0x994/0xc40 fs/gfs2/quota.c:986 Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 f4 77 4d fe 48 8b 1b 48 8d 7b 10 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 d1 77 4d fe 48 8b 7b 10 48 89 de ba 02 00 04 RSP: 0018:ffffc9000333fb80 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000010 RBP: ffffc9000333fce8 R08: ffffffff901d12b7 R09: 1ffffffff203a256 R10: dffffc0000000000 R11: fffffbfff203a257 R12: ffff88805d54b640 R13: 00000000fffffffb R14: ffffffffffffffff R15: ffff88802a33e280 FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b32423ffc CR3: 000000007a98f000 CR4: 00000000003506e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: gfs2_quota_sync+0x32c/0x700 fs/gfs2/quota.c:1329 quotad_check_timeo fs/gfs2/quota.c:1519 [inline] gfs2_quotad+0x403/0x890 fs/gfs2/quota.c:1586 kthread+0x436/0x520 kernel/kthread.c:334 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:287 Modules linked in: ---[ end trace a1191b2227ef0327 ]--- RIP: 0010:do_sync+0x994/0xc40 fs/gfs2/quota.c:986 Code: 00 fc ff df 80 3c 08 00 74 08 48 89 df e8 f4 77 4d fe 48 8b 1b 48 8d 7b 10 48 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 05 e8 d1 77 4d fe 48 8b 7b 10 48 89 de ba 02 00 04 RSP: 0018:ffffc9000333fb80 EFLAGS: 00010202 RAX: 0000000000000002 RBX: 0000000000000000 RCX: dffffc0000000000 RDX: dffffc0000000000 RSI: ffffffff8a2b2780 RDI: 0000000000000010 RBP: ffffc9000333fce8 R08: ffffffff901d12b7 R09: 1ffffffff203a256 R10: dffffc0000000000 R11: fffffbfff203a257 R12: ffff88805d54b640 R13: 00000000fffffffb R14: ffffffffffffffff R15: ffff88802a33e280 FS: 0000000000000000(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007efed6c50600 CR3: 000000007e1a3000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 00 fc add %bh,%ah 2: ff lcall (bad) 3: df 80 3c 08 00 74 filds 0x7400083c(%rax) 9: 08 48 89 or %cl,-0x77(%rax) c: df e8 fucomip %st(0),%st e: f4 hlt f: 77 4d ja 0x5e 11: fe 48 8b decb -0x75(%rax) 14: 1b 48 8d sbb -0x73(%rax),%ecx 17: 7b 10 jnp 0x29 19: 48 89 f8 mov %rdi,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 74 05 je 0x35 30: e8 d1 77 4d fe call 0xfe4d7806 35: 48 8b 7b 10 mov 0x10(%rbx),%rdi 39: 48 89 de mov %rbx,%rsi 3c: ba .byte 0xba 3d: 02 00 add (%rax),%al 3f: 04 .byte 0x4