general protection fault, probably for non-canonical address 0xdffffc0000000012: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000090-0x0000000000000097]
CPU: 0 PID: 26988 Comm: udevd Not tainted 5.10.77-syzkaller-01258-g76698ea35fd3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
RIP: 0010:bdev_read_page+0x39/0x1e0 fs/block_dev.c:733
Code: ec 18 48 89 55 c0 48 89 75 c8 48 89 fb 49 be 00 00 00 00 00 fc ff df e8 75 11 ae ff 4c 8d a3 90 00 00 00 4d 89 e5 49 c1 ed 03 <43> 80 7c 35 00 00 74 08 4c 89 e7 e8 b7 e5 e7 ff 48 89 5d d0 4d 8b
RSP: 0018:ffffc90001277130 EFLAGS: 00010206
RAX: ffffffff81bee6eb RBX: 0000000000000000 RCX: ffff88810f7d8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90001277170 R08: ffffffff81c01e6d R09: fffff940008afcc9
R10: fffff940008afcc9 R11: 0000000000000000 R12: 0000000000000090
R13: 0000000000000012 R14: dffffc0000000000 R15: ffffc900012773e0
FS: 00007f2d6cbfd840(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055667b932b48 CR3: 000000011abc2000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
do_mpage_readpage+0x143c/0x1bb0 fs/mpage.c:338
mpage_readahead+0x2d7/0x5f0 fs/mpage.c:427
blkdev_readahead+0x1c/0x20 fs/block_dev.c:651
read_pages+0x160/0xaa0 mm/readahead.c:140
page_cache_ra_unbounded+0x6c4/0x8a0 mm/readahead.c:248
do_page_cache_ra mm/readahead.c:277 [inline]
force_page_cache_ra+0x3e6/0x440 mm/readahead.c:308
page_cache_sync_ra+0x23f/0x2a0 mm/readahead.c:582
page_cache_sync_readahead include/linux/pagemap.h:837 [inline]
generic_file_buffered_read+0x63f/0x2640 mm/filemap.c:2247
generic_file_read_iter+0x113/0x6f0 mm/filemap.c:2565
blkdev_read_iter+0x135/0x190 fs/block_dev.c:1954
call_read_iter include/linux/fs.h:1941 [inline]
new_sync_read fs/read_write.c:415 [inline]
vfs_read+0x9d4/0xbe0 fs/read_write.c:496
ksys_read+0x186/0x2b0 fs/read_write.c:634
__do_sys_read fs/read_write.c:644 [inline]
__se_sys_read fs/read_write.c:642 [inline]
__x64_sys_read+0x7b/0x90 fs/read_write.c:642
do_syscall_64+0x31/0x70 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xa9
RIP: 0033:0x7f2d6cd548fe
Code: c0 e9 e6 fe ff ff 50 48 8d 3d 0e c7 09 00 e8 c9 cf 01 00 66 0f 1f 84 00 00 00 00 00 64 8b 04 25 18 00 00 00 85 c0 75 14 0f 05 <48> 3d 00 f0 ff ff 77 5a c3 66 0f 1f 84 00 00 00 00 00 48 83 ec 28
RSP: 002b:00007fffcd5a0be8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2d6cd548fe
RDX: 0000000000000400 RSI: 000055667b932738 RDI: 0000000000000009
RBP: 0000000000000400 R08: 000055667b932710 R09: 00007f2d6ce24a60
R10: 0000000000000008 R11: 0000000000000246 R12: 000055667b932710
R13: 000055667b932728 R14: 000055667b8ac5d0 R15: 000055667b8ac580
Modules linked in:
---[ end trace 1895950161826ea4 ]---
RIP: 0010:bdev_read_page+0x39/0x1e0 fs/block_dev.c:733
Code: ec 18 48 89 55 c0 48 89 75 c8 48 89 fb 49 be 00 00 00 00 00 fc ff df e8 75 11 ae ff 4c 8d a3 90 00 00 00 4d 89 e5 49 c1 ed 03 <43> 80 7c 35 00 00 74 08 4c 89 e7 e8 b7 e5 e7 ff 48 89 5d d0 4d 8b
RSP: 0018:ffffc90001277130 EFLAGS: 00010206
RAX: ffffffff81bee6eb RBX: 0000000000000000 RCX: ffff88810f7d8000
RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
RBP: ffffc90001277170 R08: ffffffff81c01e6d R09: fffff940008afcc9
R10: fffff940008afcc9 R11: 0000000000000000 R12: 0000000000000090
R13: 0000000000000012 R14: dffffc0000000000 R15: ffffc900012773e0
FS: 00007f2d6cbfd840(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000055667b932b48 CR3: 000000011abc2000 CR4: 00000000003526b0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
0: ec in (%dx),%al
1: 18 48 89 sbb %cl,-0x77(%rax)
4: 55 push %rbp
5: c0 48 89 75 rorb $0x75,-0x77(%rax)
9: c8 48 89 fb enterq $0x8948,$0xfb
d: 49 be 00 00 00 00 00 movabs $0xdffffc0000000000,%r14
14: fc ff df
17: e8 75 11 ae ff callq 0xffae1191
1c: 4c 8d a3 90 00 00 00 lea 0x90(%rbx),%r12
23: 4d 89 e5 mov %r12,%r13
26: 49 c1 ed 03 shr $0x3,%r13
* 2a: 43 80 7c 35 00 00 cmpb $0x0,0x0(%r13,%r14,1) <-- trapping instruction
30: 74 08 je 0x3a
32: 4c 89 e7 mov %r12,%rdi
35: e8 b7 e5 e7 ff callq 0xffe7e5f1
3a: 48 89 5d d0 mov %rbx,-0x30(%rbp)
3e: 4d rex.WRB
3f: 8b .byte 0x8b