loop3: detected capacity change from 0 to 2048
general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057]
CPU: 1 PID: 23576 Comm: syz-executor.3 Not tainted 5.15.110-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023
RIP: 0010:relay_switch_subbuf+0x29e/0x6e0 kernel/relay.c:676
Code: 3c 08 00 4c 8b 24 24 74 08 48 89 ef e8 db 57 48 00 48 8b 5d 00 48 83 c3 50 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 39 48 89 df e8 b4 57 48 00 eb 2f e8 7d fd fe ff 49
RSP: 0018:ffffc90003acf060 EFLAGS: 00010006
RAX: 000000000000000a RBX: 0000000000000050 RCX: dffffc0000000000
RDX: ffffc90006681000 RSI: 0000000000001394 RDI: 0000000000001395
RBP: ffff88803cccfad8 R08: ffffffff8180df0a R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88803607dc28
R13: ffff88803607dc00 R14: ffff88803607dcb8 R15: 0000000000007ff0
FS:  00007f7d6dc54700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7d6dc55000 CR3: 000000008cd0d000 CR4: 00000000003526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 relay_reserve include/linux/relay.h:248 [inline]
 trace_note+0x553/0x6f0 kernel/trace/blktrace.c:95
 trace_note_tsk+0xa9/0x140 kernel/trace/blktrace.c:126
 __blk_add_trace+0x9f5/0xd70 kernel/trace/blktrace.c:267
 blk_add_trace_bio+0x280/0x2d0 kernel/trace/blktrace.c:905
 trace_block_bio_queue include/trace/events/block.h:332 [inline]
 submit_bio_checks+0x182c/0x1920 block/blk-core.c:893
 __submit_bio+0x5a1/0x850 block/blk-core.c:917
 __submit_bio_noacct_mq block/blk-core.c:1003 [inline]
 submit_bio_noacct+0x955/0xb30 block/blk-core.c:1033
 submit_bio+0x2dd/0x560 block/blk-core.c:1095
 submit_bh fs/buffer.c:3062 [inline]
 __bread_slow fs/buffer.c:1180 [inline]
 __bread_gfp+0x1c2/0x390 fs/buffer.c:1384
 sb_bread include/linux/buffer_head.h:337 [inline]
 fat_fill_super+0x1ccc/0x4ea0 fs/fat/inode.c:1650
 mount_bdev+0x26d/0x3a0 fs/super.c:1378
 legacy_get_tree+0xeb/0x180 fs/fs_context.c:610
 vfs_get_tree+0x88/0x270 fs/super.c:1508
 do_new_mount+0x28b/0xad0 fs/namespace.c:2994
 do_mount fs/namespace.c:3337 [inline]
 __do_sys_mount fs/namespace.c:3545 [inline]
 __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x61/0xcb
RIP: 0033:0x7f7d6f6e369a
Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f7d6dc53f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 0000000000000522 RCX: 00007f7d6f6e369a
RDX: 0000000020000140 RSI: 0000000020000040 RDI: 00007f7d6dc53fe0
RBP: 00007f7d6dc54020 R08: 00007f7d6dc54020 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000140
R13: 0000000020000040 R14: 00007f7d6dc53fe0 R15: 0000000020000100
 </TASK>
Modules linked in:
---[ end trace 2dac25860bf02b84 ]---
RIP: 0010:relay_switch_subbuf+0x29e/0x6e0 kernel/relay.c:676
Code: 3c 08 00 4c 8b 24 24 74 08 48 89 ef e8 db 57 48 00 48 8b 5d 00 48 83 c3 50 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 39 48 89 df e8 b4 57 48 00 eb 2f e8 7d fd fe ff 49
RSP: 0018:ffffc90003acf060 EFLAGS: 00010006
RAX: 000000000000000a RBX: 0000000000000050 RCX: dffffc0000000000
RDX: ffffc90006681000 RSI: 0000000000001394 RDI: 0000000000001395
RBP: ffff88803cccfad8 R08: ffffffff8180df0a R09: 0000000000000000
R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88803607dc28
R13: ffff88803607dc00 R14: ffff88803607dcb8 R15: 0000000000007ff0
FS:  00007f7d6dc54700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f7d6dc55000 CR3: 000000008cd0d000 CR4: 00000000003526e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	3c 08                	cmp    $0x8,%al
   2:	00 4c 8b 24          	add    %cl,0x24(%rbx,%rcx,4)
   6:	24 74                	and    $0x74,%al
   8:	08 48 89             	or     %cl,-0x77(%rax)
   b:	ef                   	out    %eax,(%dx)
   c:	e8 db 57 48 00       	callq  0x4857ec
  11:	48 8b 5d 00          	mov    0x0(%rbp),%rbx
  15:	48 83 c3 50          	add    $0x50,%rbx
  19:	48 89 d8             	mov    %rbx,%rax
  1c:	48 c1 e8 03          	shr    $0x3,%rax
  20:	48 b9 00 00 00 00 00 	movabs $0xdffffc0000000000,%rcx
  27:	fc ff df
* 2a:	80 3c 08 00          	cmpb   $0x0,(%rax,%rcx,1) <-- trapping instruction
  2e:	74 39                	je     0x69
  30:	48 89 df             	mov    %rbx,%rdi
  33:	e8 b4 57 48 00       	callq  0x4857ec
  38:	eb 2f                	jmp    0x69
  3a:	e8 7d fd fe ff       	callq  0xfffefdbc
  3f:	49                   	rex.WB