Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 1 UID: 0 PID: 351 Comm: kworker/u8:4 Not tainted 6.12.30-syzkaller-ge2bf362ee23b #0 e1c904518e9113895a28c59b25a6002cdacb68bf
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
Workqueue: events_unbound netfs_write_collection_worker
RIP: 0010:folioq_folio include/linux/folio_queue.h:277 [inline]
RIP: 0010:netfs_writeback_unlock_folios fs/netfs/write_collect.c:107 [inline]
RIP: 0010:netfs_collect_write_results fs/netfs/write_collect.c:493 [inline]
RIP: 0010:netfs_write_collection_worker+0x138b/0x49b0 fs/netfs/write_collect.c:550
Code: 1e 0f 87 80 04 00 00 e8 f3 b6 75 ff 48 89 5c 24 48 4c 89 b4 24 b0 00 00 00 4b 8d 5c f7 08 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 28 00 74 08 48 89 df e8 e6 ae cb ff 48 89 9c 24 a8 00 00
RSP: 0018:ffffc900096ff9e0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888109744c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001f
RBP: ffffc900096ffc98 R08: ffff888100ac1453 R09: 1ffff1102015828a
R10: dffffc0000000000 R11: ffffed102015828b R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000011712e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
process_one_work kernel/workqueue.c:3238 [inline]
process_scheduled_works+0x7d5/0x1020 kernel/workqueue.c:3319
worker_thread+0xc58/0x1250 kernel/workqueue.c:3400
kthread+0x2c7/0x370 kernel/kthread.c:389
ret_from_fork+0x64/0xa0 arch/x86/kernel/process.c:153
ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244
</TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:folioq_folio include/linux/folio_queue.h:277 [inline]
RIP: 0010:netfs_writeback_unlock_folios fs/netfs/write_collect.c:107 [inline]
RIP: 0010:netfs_collect_write_results fs/netfs/write_collect.c:493 [inline]
RIP: 0010:netfs_write_collection_worker+0x138b/0x49b0 fs/netfs/write_collect.c:550
Code: 1e 0f 87 80 04 00 00 e8 f3 b6 75 ff 48 89 5c 24 48 4c 89 b4 24 b0 00 00 00 4b 8d 5c f7 08 48 89 d8 48 c1 e8 03 48 89 44 24 40 <42> 80 3c 28 00 74 08 48 89 df e8 e6 ae cb ff 48 89 9c 24 a8 00 00
RSP: 0018:ffffc900096ff9e0 EFLAGS: 00010202
RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888109744c00
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000001f
RBP: ffffc900096ffc98 R08: ffff888100ac1453 R09: 1ffff1102015828a
R10: dffffc0000000000 R11: ffffed102015828b R12: 0000000000000000
R13: dffffc0000000000 R14: 0000000000000000 R15: 0000000000000000
FS: 0000000000000000(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000200000001000 CR3: 000000011712e000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess), 1 bytes skipped:
0: 0f 87 80 04 00 00 ja 0x486
6: e8 f3 b6 75 ff call 0xff75b6fe
b: 48 89 5c 24 48 mov %rbx,0x48(%rsp)
10: 4c 89 b4 24 b0 00 00 mov %r14,0xb0(%rsp)
17: 00
18: 4b 8d 5c f7 08 lea 0x8(%r15,%r14,8),%rbx
1d: 48 89 d8 mov %rbx,%rax
20: 48 c1 e8 03 shr $0x3,%rax
24: 48 89 44 24 40 mov %rax,0x40(%rsp)
* 29: 42 80 3c 28 00 cmpb $0x0,(%rax,%r13,1) <-- trapping instruction
2e: 74 08 je 0x38
30: 48 89 df mov %rbx,%rdi
33: e8 e6 ae cb ff call 0xffcbaf1e
38: 48 rex.W
39: 89 .byte 0x89
3a: 9c pushf
3b: 24 a8 and $0xa8,%al