BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 8000000110221067 P4D 8000000110221067 PUD 0 
Oops: Oops: 0000 [#1] SMP PTI
CPU: 0 UID: 0 PID: 3965 Comm: syz.2.19 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:__bio_iov_iter_get_pages block/bio.c:1258 [inline]
RIP: 0010:bio_iov_iter_get_pages+0x167/0x410 block/bio.c:1336
Code: 18 45 31 e4 eb 15 48 c7 44 24 20 00 00 00 00 45 01 f4 4d 29 fd 0f 84 db 01 00 00 45 89 e6 48 8b 44 24 28 44 89 e1 48 8b 04 c8 <48> 8b 68 08 40 f6 c5 01 0f 85 a9 01 00 00 0f 1f 44 00 00 48 89 c5
RSP: 0018:ffffc90003b57a18 EFLAGS: 00010206
RAX: 0000000000000000 RBX: ffff888106b83f00 RCX: 00000000000000d0
RDX: 0000000000001000 RSI: ffffea00046191c0 RDI: ffff888106b83f00
RBP: ffffea00046191c0 R08: 0000000000000a00 R09: 000000000000001a
R10: 0000000000000000 R11: 0100000000000000 R12: 00000000000000d0
R13: 0000000000030000 R14: 00000000000000d0 R15: 0000000000001000
FS:  00007fa06086c6c0(0000) GS:ffff8881b602c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000105b52000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 __blkdev_direct_IO+0x1a5/0x3b0 block/fops.c:215
 blkdev_direct_IO+0x4da/0x500 block/fops.c:433
 blkdev_direct_write+0x2d/0x90 block/fops.c:716
 blkdev_write_iter+0x166/0x1d0 block/fops.c:784
 aio_write+0x284/0x330 fs/aio.c:1634
 __io_submit_one fs/aio.c:-1 [inline]
 io_submit_one+0x4b8/0x6d0 fs/aio.c:2053
 __do_sys_io_submit fs/aio.c:2112 [inline]
 __se_sys_io_submit+0xce/0x1e0 fs/aio.c:2082
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fa05f98ebe9
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fa06086c038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
RAX: ffffffffffffffda RBX: 00007fa05fbc5fa0 RCX: 00007fa05f98ebe9
RDX: 00002000000000c0 RSI: 00000000000000f3 RDI: 00007fa06084b000
RBP: 00007fa05fa11e19 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 00007fa05fbc6038 R14: 00007fa05fbc5fa0 R15: 00007ffeb1dc9218
 </TASK>
Modules linked in:
CR2: 0000000000000008
---[ end trace 0000000000000000 ]---
RIP: 0010:_compound_head include/linux/page-flags.h:284 [inline]
RIP: 0010:__bio_iov_iter_get_pages block/bio.c:1258 [inline]
RIP: 0010:bio_iov_iter_get_pages+0x167/0x410 block/bio.c:1336
Code: 18 45 31 e4 eb 15 48 c7 44 24 20 00 00 00 00 45 01 f4 4d 29 fd 0f 84 db 01 00 00 45 89 e6 48 8b 44 24 28 44 89 e1 48 8b 04 c8 <48> 8b 68 08 40 f6 c5 01 0f 85 a9 01 00 00 0f 1f 44 00 00 48 89 c5
RSP: 0018:ffffc90003b57a18 EFLAGS: 00010206
RAX: 0000000000000000 RBX: ffff888106b83f00 RCX: 00000000000000d0
RDX: 0000000000001000 RSI: ffffea00046191c0 RDI: ffff888106b83f00
RBP: ffffea00046191c0 R08: 0000000000000a00 R09: 000000000000001a
R10: 0000000000000000 R11: 0100000000000000 R12: 00000000000000d0
R13: 0000000000030000 R14: 00000000000000d0 R15: 0000000000001000
FS:  00007fa06086c6c0(0000) GS:ffff8881b602c000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000105b52000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
   0:	18 45 31             	sbb    %al,0x31(%rbp)
   3:	e4 eb                	in     $0xeb,%al
   5:	15 48 c7 44 24       	adc    $0x2444c748,%eax
   a:	20 00                	and    %al,(%rax)
   c:	00 00                	add    %al,(%rax)
   e:	00 45 01             	add    %al,0x1(%rbp)
  11:	f4                   	hlt
  12:	4d 29 fd             	sub    %r15,%r13
  15:	0f 84 db 01 00 00    	je     0x1f6
  1b:	45 89 e6             	mov    %r12d,%r14d
  1e:	48 8b 44 24 28       	mov    0x28(%rsp),%rax
  23:	44 89 e1             	mov    %r12d,%ecx
  26:	48 8b 04 c8          	mov    (%rax,%rcx,8),%rax
* 2a:	48 8b 68 08          	mov    0x8(%rax),%rbp <-- trapping instruction
  2e:	40 f6 c5 01          	test   $0x1,%bpl
  32:	0f 85 a9 01 00 00    	jne    0x1e1
  38:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  3d:	48 89 c5             	mov    %rax,%rbp