syzbot

Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
Workqueue: writeback wb_workfn (flush-8:0)
RIP: 0010:bio_init block/bio.c:214 [inline]
RIP: 0010:bio_init_inline include/linux/bio.h:435 [inline]
RIP: 0010:bio_alloc_bioset+0x664/0xc10 block/bio.c:593
Code: 04 24 00 00 00 00 41 8d 46 ff 0f b7 d8 bf 04 00 00 00 89 de e8 3d ac 3c fd 66 83 fb 04 0f 83 db 00 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 ff e8 ce 0f a6 fd 49 c7 07 00 00 00 00 49
RSP: 0000:ffffc90000126fe8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff88801deedb80 RSI: 0000000000000000 RDI: 0000000000000004
RBP: dffffc0000000000 R08: ffffffff90123cf7 R09: 1ffffffff202479e
R10: dffffc0000000000 R11: fffffbfff202479f R12: 0000000000092800
R13: ffffffff9a475820 R14: 0000000000000001 R15: 0000000000000000
FS:  0000000000000000(0000) GS:ffff888125448000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000044eb7f CR3: 0000000074b46000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 bio_alloc include/linux/bio.h:373 [inline]
 submit_bh_wbc+0x22d/0x650 fs/buffer.c:2816
 __block_write_full_folio+0x810/0xe10 fs/buffer.c:1930
 blkdev_writepages+0xef/0x1b0 block/fops.c:486
 do_writepages+0x32e/0x550 mm/page-writeback.c:2554
 __writeback_single_inode+0x133/0x10e0 fs/fs-writeback.c:1750
 writeback_sb_inodes+0x979/0x19d0 fs/fs-writeback.c:2042
 __writeback_inodes_wb+0x111/0x240 fs/fs-writeback.c:2118
 wb_writeback+0x459/0xb00 fs/fs-writeback.c:2229
 wb_check_start_all fs/fs-writeback.c:2355 [inline]
 wb_do_writeback fs/fs-writeback.c:2381 [inline]
 wb_workfn+0x921/0xf10 fs/fs-writeback.c:2414
 process_one_work+0x9a3/0x1710 kernel/workqueue.c:3288
 process_scheduled_works kernel/workqueue.c:3379 [inline]
 worker_thread+0xba8/0x11e0 kernel/workqueue.c:3465
 kthread+0x388/0x470 kernel/kthread.c:436
 ret_from_fork+0x51e/0xb90 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_init block/bio.c:214 [inline]
RIP: 0010:bio_init_inline include/linux/bio.h:435 [inline]
RIP: 0010:bio_alloc_bioset+0x664/0xc10 block/bio.c:593
Code: 04 24 00 00 00 00 41 8d 46 ff 0f b7 d8 bf 04 00 00 00 89 de e8 3d ac 3c fd 66 83 fb 04 0f 83 db 00 00 00 4c 89 f8 48 c1 e8 03 <80> 3c 28 00 74 08 4c 89 ff e8 ce 0f a6 fd 49 c7 07 00 00 00 00 49
----------------
Code disassembly (best guess):
   0:	04 24                	add    $0x24,%al
   2:	00 00                	add    %al,(%rax)
   4:	00 00                	add    %al,(%rax)
   6:	41 8d 46 ff          	lea    -0x1(%r14),%eax
   a:	0f b7 d8             	movzwl %ax,%ebx
   d:	bf 04 00 00 00       	mov    $0x4,%edi
  12:	89 de                	mov    %ebx,%esi
  14:	e8 3d ac 3c fd       	call   0xfd3cac56
  19:	66 83 fb 04          	cmp    $0x4,%bx
  1d:	0f 83 db 00 00 00    	jae    0xfe
  23:	4c 89 f8             	mov    %r15,%rax
  26:	48 c1 e8 03          	shr    $0x3,%rax
* 2a:	80 3c 28 00          	cmpb   $0x0,(%rax,%rbp,1) <-- trapping instruction
  2e:	74 08                	je     0x38
  30:	4c 89 ff             	mov    %r15,%rdi
  33:	e8 ce 0f a6 fd       	call   0xfda61006
  38:	49 c7 07 00 00 00 00 	movq   $0x0,(%r15)
  3f:	49                   	rex.WB