general protection fault, probably for non-canonical address 0xdffffc0000000002: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 1 PID: 5087 Comm: kworker/u9:3 Not tainted 6.9.0-rc7-syzkaller-00188-gba16c1cf11c9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 Workqueue: bcachefs bch2_write_point_do_index_updates RIP: 0010:bch2_snapshot_has_children fs/bcachefs/snapshot.h:188 [inline] RIP: 0010:__bch2_insert_snapshot_whiteouts+0x306/0x15e0 fs/bcachefs/btree_update.c:135 Code: fb 0f 86 c2 11 00 00 e8 08 5c 82 fd 49 6b c7 38 49 8d 5c 04 18 48 8d 7b 14 48 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df <42> 0f b6 04 20 84 c0 0f 85 3d 12 00 00 44 8b 7b 14 48 83 c3 18 48 RSP: 0018:ffffc900037b6920 EFLAGS: 00010203 RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffff888025138000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000014 RBP: ffffc900037b6c80 R08: ffffffff8413ab28 R09: 1ffffffff25dfca0 R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: dffffc0000000000 R13: ffffc900037b6be0 R14: ffffffff8413aa44 R15: 00000000ffffffff FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c001a49eb8 CR3: 00000000465ec000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: bch2_insert_snapshot_whiteouts fs/bcachefs/btree_update.h:93 [inline] bch2_trans_update_extent_overwrite+0xfd6/0x3710 fs/bcachefs/btree_update.c:218 bch2_trans_update_extent fs/bcachefs/btree_update.c:318 [inline] bch2_trans_update+0x186f/0x2550 fs/bcachefs/btree_update.c:514 bch2_extent_update+0x43c/0xbb0 fs/bcachefs/io_write.c:325 bch2_write_index_default fs/bcachefs/io_write.c:374 [inline] __bch2_write_index+0xee9/0x2190 fs/bcachefs/io_write.c:528 bch2_write_point_do_index_updates+0x32e/0x690 fs/bcachefs/io_write.c:637 process_one_work kernel/workqueue.c:3267 [inline] process_scheduled_works+0xa10/0x17c0 kernel/workqueue.c:3348 worker_thread+0x86d/0xd70 kernel/workqueue.c:3429 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:bch2_snapshot_has_children fs/bcachefs/snapshot.h:188 [inline] RIP: 0010:__bch2_insert_snapshot_whiteouts+0x306/0x15e0 fs/bcachefs/btree_update.c:135 Code: fb 0f 86 c2 11 00 00 e8 08 5c 82 fd 49 6b c7 38 49 8d 5c 04 18 48 8d 7b 14 48 89 f8 48 c1 e8 03 49 bc 00 00 00 00 00 fc ff df <42> 0f b6 04 20 84 c0 0f 85 3d 12 00 00 44 8b 7b 14 48 83 c3 18 48 RSP: 0018:ffffc900037b6920 EFLAGS: 00010203 RAX: 0000000000000002 RBX: 0000000000000000 RCX: ffff888025138000 RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000014 RBP: ffffc900037b6c80 R08: ffffffff8413ab28 R09: 1ffffffff25dfca0 R10: dffffc0000000000 R11: fffffbfff25dfca1 R12: dffffc0000000000 R13: ffffc900037b6be0 R14: ffffffff8413aa44 R15: 00000000ffffffff FS: 0000000000000000(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c001a49eb8 CR3: 00000000465ec000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: fb sti 1: 0f 86 c2 11 00 00 jbe 0x11c9 7: e8 08 5c 82 fd call 0xfd825c14 c: 49 6b c7 38 imul $0x38,%r15,%rax 10: 49 8d 5c 04 18 lea 0x18(%r12,%rax,1),%rbx 15: 48 8d 7b 14 lea 0x14(%rbx),%rdi 19: 48 89 f8 mov %rdi,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 49 bc 00 00 00 00 00 movabs $0xdffffc0000000000,%r12 27: fc ff df * 2a: 42 0f b6 04 20 movzbl (%rax,%r12,1),%eax <-- trapping instruction 2f: 84 c0 test %al,%al 31: 0f 85 3d 12 00 00 jne 0x1274 37: 44 8b 7b 14 mov 0x14(%rbx),%r15d 3b: 48 83 c3 18 add $0x18,%rbx 3f: 48 rex.W