BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0 
Oops: Oops: 0000 [#1] PREEMPT SMP PTI
CPU: 1 UID: 0 PID: 4657 Comm: udevd Not tainted 6.14.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:bdev_nr_sectors include/linux/blkdev.h:814 [inline]
RIP: 0010:guard_bio_eod+0x8/0x30 block/bio.c:694
Code: 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 8b 47 08 <48> 8b 70 08 48 85 f6 74 11 48 2b 77 20 76 0b 8b 47 28 c1 e8 09 48
RSP: 0018:ffffc90001faf8e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffc90001faf980 RCX: 8e2ea21b9a34d900
RDX: 0000000000000000 RSI: ffffea000417df00 RDI: ffff88810e2d50c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
R10: ffffc90001faf980 R11: ffffffff81487480 R12: ffff88810e2d50c0
R13: 0000000000000000 R14: ffffea000417df00 R15: 0000000000000000
FS:  00007f32bd4ce880(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000107fec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 mpage_bio_submit_read fs/mpage.c:74 [inline]
 do_mpage_readpage+0x532/0x670 fs/mpage.c:-1
 mpage_readahead+0xe1/0x1a0 fs/mpage.c:371
 read_pages+0x8b/0x170 mm/readahead.c:161
 page_cache_ra_unbounded+0x1ac/0x230 mm/readahead.c:298
 do_page_cache_ra mm/readahead.c:328 [inline]
 force_page_cache_ra mm/readahead.c:357 [inline]
 page_cache_sync_ra+0xff/0x340 mm/readahead.c:585
 filemap_get_pages+0x163/0x850 mm/filemap.c:2580
 filemap_read+0xea/0x500 mm/filemap.c:2691
 blkdev_read_iter+0xe6/0x130 block/fops.c:796
 new_sync_read fs/read_write.c:484 [inline]
 vfs_read+0x29a/0x370 fs/read_write.c:565
 ksys_read+0x75/0xf0 fs/read_write.c:708
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf6/0x210 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f32bd5bc407
Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
RSP: 002b:00007fffff73a940 EFLAGS: 00000202 ORIG_RAX: 0000000000000000
RAX: ffffffffffffffda RBX: 00007f32bd4ce880 RCX: 00007f32bd5bc407
RDX: 0000000000000200 RSI: 00007f32bcb84000 RDI: 0000000000000009
RBP: 000055fb71572c60 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
R13: 0000000000000000 R14: 000055fb71573b08 R15: 00007f32bdd1239c
 </TASK>
Modules linked in:
CR2: 0000000000000008
---[ end trace 0000000000000000 ]---
RIP: 0010:bdev_nr_sectors include/linux/blkdev.h:814 [inline]
RIP: 0010:guard_bio_eod+0x8/0x30 block/bio.c:694
Code: 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 8b 47 08 <48> 8b 70 08 48 85 f6 74 11 48 2b 77 20 76 0b 8b 47 28 c1 e8 09 48
RSP: 0018:ffffc90001faf8e8 EFLAGS: 00010246
RAX: 0000000000000000 RBX: ffffc90001faf980 RCX: 8e2ea21b9a34d900
RDX: 0000000000000000 RSI: ffffea000417df00 RDI: ffff88810e2d50c0
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000004
R10: ffffc90001faf980 R11: ffffffff81487480 R12: ffff88810e2d50c0
R13: 0000000000000000 R14: ffffea000417df00 R15: 0000000000000000
FS:  00007f32bd4ce880(0000) GS:ffff888237d00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 0000000107fec000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	41 5d                	pop    %r13
   2:	41 5e                	pop    %r14
   4:	41 5f                	pop    %r15
   6:	5d                   	pop    %rbp
   7:	c3                   	ret
   8:	cc                   	int3
   9:	cc                   	int3
   a:	cc                   	int3
   b:	cc                   	int3
   c:	cc                   	int3
   d:	0f 1f 44 00 00       	nopl   0x0(%rax,%rax,1)
  12:	90                   	nop
  13:	90                   	nop
  14:	90                   	nop
  15:	90                   	nop
  16:	90                   	nop
  17:	90                   	nop
  18:	90                   	nop
  19:	90                   	nop
  1a:	90                   	nop
  1b:	90                   	nop
  1c:	90                   	nop
  1d:	90                   	nop
  1e:	90                   	nop
  1f:	90                   	nop
  20:	90                   	nop
  21:	90                   	nop
  22:	66 0f 1f 00          	nopw   (%rax)
  26:	48 8b 47 08          	mov    0x8(%rdi),%rax
* 2a:	48 8b 70 08          	mov    0x8(%rax),%rsi <-- trapping instruction
  2e:	48 85 f6             	test   %rsi,%rsi
  31:	74 11                	je     0x44
  33:	48 2b 77 20          	sub    0x20(%rdi),%rsi
  37:	76 0b                	jbe    0x44
  39:	8b 47 28             	mov    0x28(%rdi),%eax
  3c:	c1 e8 09             	shr    $0x9,%eax
  3f:	48                   	rex.W