loop3: detected capacity change from 0 to 2048 general protection fault, probably for non-canonical address 0xdffffc000000000a: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000050-0x0000000000000057] CPU: 1 PID: 23576 Comm: syz-executor.3 Not tainted 5.15.110-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/14/2023 RIP: 0010:relay_switch_subbuf+0x29e/0x6e0 kernel/relay.c:676 Code: 3c 08 00 4c 8b 24 24 74 08 48 89 ef e8 db 57 48 00 48 8b 5d 00 48 83 c3 50 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 39 48 89 df e8 b4 57 48 00 eb 2f e8 7d fd fe ff 49 RSP: 0018:ffffc90003acf060 EFLAGS: 00010006 RAX: 000000000000000a RBX: 0000000000000050 RCX: dffffc0000000000 RDX: ffffc90006681000 RSI: 0000000000001394 RDI: 0000000000001395 RBP: ffff88803cccfad8 R08: ffffffff8180df0a R09: 0000000000000000 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88803607dc28 R13: ffff88803607dc00 R14: ffff88803607dcb8 R15: 0000000000007ff0 FS: 00007f7d6dc54700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7d6dc55000 CR3: 000000008cd0d000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400 Call Trace: relay_reserve include/linux/relay.h:248 [inline] trace_note+0x553/0x6f0 kernel/trace/blktrace.c:95 trace_note_tsk+0xa9/0x140 kernel/trace/blktrace.c:126 __blk_add_trace+0x9f5/0xd70 kernel/trace/blktrace.c:267 blk_add_trace_bio+0x280/0x2d0 kernel/trace/blktrace.c:905 trace_block_bio_queue include/trace/events/block.h:332 [inline] submit_bio_checks+0x182c/0x1920 block/blk-core.c:893 __submit_bio+0x5a1/0x850 block/blk-core.c:917 __submit_bio_noacct_mq block/blk-core.c:1003 [inline] submit_bio_noacct+0x955/0xb30 block/blk-core.c:1033 submit_bio+0x2dd/0x560 block/blk-core.c:1095 submit_bh fs/buffer.c:3062 [inline] __bread_slow fs/buffer.c:1180 [inline] __bread_gfp+0x1c2/0x390 fs/buffer.c:1384 sb_bread include/linux/buffer_head.h:337 [inline] fat_fill_super+0x1ccc/0x4ea0 fs/fat/inode.c:1650 mount_bdev+0x26d/0x3a0 fs/super.c:1378 legacy_get_tree+0xeb/0x180 fs/fs_context.c:610 vfs_get_tree+0x88/0x270 fs/super.c:1508 do_new_mount+0x28b/0xad0 fs/namespace.c:2994 do_mount fs/namespace.c:3337 [inline] __do_sys_mount fs/namespace.c:3545 [inline] __se_sys_mount+0x2d5/0x3c0 fs/namespace.c:3522 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x61/0xcb RIP: 0033:0x7f7d6f6e369a Code: 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f7d6dc53f88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 RAX: ffffffffffffffda RBX: 0000000000000522 RCX: 00007f7d6f6e369a RDX: 0000000020000140 RSI: 0000000020000040 RDI: 00007f7d6dc53fe0 RBP: 00007f7d6dc54020 R08: 00007f7d6dc54020 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000140 R13: 0000000020000040 R14: 00007f7d6dc53fe0 R15: 0000000020000100 Modules linked in: ---[ end trace 2dac25860bf02b84 ]--- RIP: 0010:relay_switch_subbuf+0x29e/0x6e0 kernel/relay.c:676 Code: 3c 08 00 4c 8b 24 24 74 08 48 89 ef e8 db 57 48 00 48 8b 5d 00 48 83 c3 50 48 89 d8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 39 48 89 df e8 b4 57 48 00 eb 2f e8 7d fd fe ff 49 RSP: 0018:ffffc90003acf060 EFLAGS: 00010006 RAX: 000000000000000a RBX: 0000000000000050 RCX: dffffc0000000000 RDX: ffffc90006681000 RSI: 0000000000001394 RDI: 0000000000001395 RBP: ffff88803cccfad8 R08: ffffffff8180df0a R09: 0000000000000000 R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88803607dc28 R13: ffff88803607dc00 R14: ffff88803607dcb8 R15: 0000000000007ff0 FS: 00007f7d6dc54700(0000) GS:ffff8880b9b00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f7d6dc55000 CR3: 000000008cd0d000 CR4: 00000000003526e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000003b DR6: 00000000ffff0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 3c 08 cmp $0x8,%al 2: 00 4c 8b 24 add %cl,0x24(%rbx,%rcx,4) 6: 24 74 and $0x74,%al 8: 08 48 89 or %cl,-0x77(%rax) b: ef out %eax,(%dx) c: e8 db 57 48 00 callq 0x4857ec 11: 48 8b 5d 00 mov 0x0(%rbp),%rbx 15: 48 83 c3 50 add $0x50,%rbx 19: 48 89 d8 mov %rbx,%rax 1c: 48 c1 e8 03 shr $0x3,%rax 20: 48 b9 00 00 00 00 00 movabs $0xdffffc0000000000,%rcx 27: fc ff df * 2a: 80 3c 08 00 cmpb $0x0,(%rax,%rcx,1) <-- trapping instruction 2e: 74 39 je 0x69 30: 48 89 df mov %rbx,%rdi 33: e8 b4 57 48 00 callq 0x4857ec 38: eb 2f jmp 0x69 3a: e8 7d fd fe ff callq 0xfffefdbc 3f: 49 rex.WB