Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN NOPTI
KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]
CPU: 0 UID: 0 PID: 23093 Comm: kworker/0:1 Tainted: G             L      syzkaller #0 PREEMPT(full) 
Tainted: [L]=SOFTLOCKUP
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
Workqueue: events ublk_partition_scan_work
RIP: 0010:ublk_queue_cmd drivers/block/ublk_drv.c:2095 [inline]
RIP: 0010:ublk_queue_rq+0x13d/0x280 drivers/block/ublk_drv.c:2223
Code: 3c 02 00 0f 85 37 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 c1 e5 07 49 8b ac 2d 10 01 00 00 48 8d 7d 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 02 01 00 00 4c 89 65 18 31 d2 48 c7 c6 f0 71 47
RSP: 0018:ffffc90003647000 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8647ec3b
RDX: 0000000000000003 RSI: ffffffff8647ec49 RDI: 0000000000000018
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805be98000
R13: 0000000000000100 R14: ffff88807a2ec000 R15: ffffc90003647238
FS:  0000000000000000(0000) GS:ffff888124383000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000558f10a5c300 CR3: 00000000392c1000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 blk_mq_dispatch_rq_list+0x422/0x1e70 block/blk-mq.c:2148
 __blk_mq_do_dispatch_sched block/blk-mq-sched.c:168 [inline]
 blk_mq_do_dispatch_sched block/blk-mq-sched.c:182 [inline]
 __blk_mq_sched_dispatch_requests+0xcea/0x1620 block/blk-mq-sched.c:307
 blk_mq_sched_dispatch_requests+0xd7/0x1c0 block/blk-mq-sched.c:329
 blk_mq_run_hw_queue+0x348/0x670 block/blk-mq.c:2386
 blk_mq_dispatch_list+0x51d/0x1360 block/blk-mq.c:2949
 blk_mq_flush_plug_list block/blk-mq.c:2997 [inline]
 blk_mq_flush_plug_list+0x130/0x600 block/blk-mq.c:2969
 __blk_flush_plug+0x2c4/0x4b0 block/blk-core.c:1230
 blk_finish_plug block/blk-core.c:1257 [inline]
 __submit_bio+0x584/0x6c0 block/blk-core.c:649
 __submit_bio_noacct_mq block/blk-core.c:722 [inline]
 submit_bio_noacct_nocheck+0x543/0xbf0 block/blk-core.c:753
 submit_bio_noacct+0xd18/0x2000 block/blk-core.c:884
 blk_crypto_submit_bio include/linux/blk-crypto.h:203 [inline]
 submit_bh_wbc+0x681/0x890 fs/buffer.c:2737
 submit_bh fs/buffer.c:2742 [inline]
 block_read_full_folio+0x4c8/0x8e0 fs/buffer.c:2358
 filemap_read_folio+0xfc/0x3b0 mm/filemap.c:2502
 do_read_cache_folio+0x2d7/0x6b0 mm/filemap.c:4107
 read_mapping_folio include/linux/pagemap.h:1017 [inline]
 read_part_sector+0xd1/0x370 block/partitions/core.c:724
 adfspart_check_ICS+0x91/0x7d0 block/partitions/acorn.c:356
 check_partition block/partitions/core.c:143 [inline]
 blk_add_partitions block/partitions/core.c:591 [inline]
 bdev_disk_changed+0x7a3/0x1250 block/partitions/core.c:695
 ublk_partition_scan_work+0xe4/0x170 drivers/block/ublk_drv.c:2467
 process_one_work+0xa0e/0x1980 kernel/workqueue.c:3314
 process_scheduled_works kernel/workqueue.c:3397 [inline]
 worker_thread+0x5ef/0xe50 kernel/workqueue.c:3478
 kthread+0x370/0x450 kernel/kthread.c:436
 ret_from_fork+0x72b/0xd50 arch/x86/kernel/process.c:158
 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ublk_queue_cmd drivers/block/ublk_drv.c:2095 [inline]
RIP: 0010:ublk_queue_rq+0x13d/0x280 drivers/block/ublk_drv.c:2223
Code: 3c 02 00 0f 85 37 01 00 00 48 b8 00 00 00 00 00 fc ff df 49 c1 e5 07 49 8b ac 2d 10 01 00 00 48 8d 7d 18 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 02 01 00 00 4c 89 65 18 31 d2 48 c7 c6 f0 71 47
RSP: 0018:ffffc90003647000 EFLAGS: 00010206
RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff8647ec3b
RDX: 0000000000000003 RSI: ffffffff8647ec49 RDI: 0000000000000018
RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88805be98000
R13: 0000000000000100 R14: ffff88807a2ec000 R15: ffffc90003647238
FS:  0000000000000000(0000) GS:ffff888124383000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f4edf1bf368 CR3: 0000000074cf6000 CR4: 00000000003526f0
----------------
Code disassembly (best guess):
   0:	3c 02                	cmp    $0x2,%al
   2:	00 0f                	add    %cl,(%rdi)
   4:	85 37                	test   %esi,(%rdi)
   6:	01 00                	add    %eax,(%rax)
   8:	00 48 b8             	add    %cl,-0x48(%rax)
   b:	00 00                	add    %al,(%rax)
   d:	00 00                	add    %al,(%rax)
   f:	00 fc                	add    %bh,%ah
  11:	ff                   	lcall  (bad)
  12:	df 49 c1             	fisttps -0x3f(%rcx)
  15:	e5 07                	in     $0x7,%eax
  17:	49 8b ac 2d 10 01 00 	mov    0x110(%r13,%rbp,1),%rbp
  1e:	00
  1f:	48 8d 7d 18          	lea    0x18(%rbp),%rdi
  23:	48 89 fa             	mov    %rdi,%rdx
  26:	48 c1 ea 03          	shr    $0x3,%rdx
* 2a:	80 3c 02 00          	cmpb   $0x0,(%rdx,%rax,1) <-- trapping instruction
  2e:	0f 85 02 01 00 00    	jne    0x136
  34:	4c 89 65 18          	mov    %r12,0x18(%rbp)
  38:	31 d2                	xor    %edx,%edx
  3a:	48                   	rex.W
  3b:	c7                   	.byte 0xc7
  3c:	c6                   	(bad)
  3d:	f0 71 47             	lock jno 0x87