block loop2: failed to create loop2, ret = -17 general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 0 PID: 270 Comm: syz-executor.2 Not tainted 6.2.0-rc8-next-20230214 #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 RIP: 0010:blkg_destroy_all+0xa6/0x260 Code: 08 e8 fe ef 3f 02 48 8b 44 24 10 80 38 00 0f 85 a5 01 00 00 48 8b 04 24 48 8b 98 10 04 00 00 48 89 d8 48 8d 6b f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 77 01 00 00 48 8b 03 4c 8d 78 f8 49 39 dd 0f RSP: 0018:ffff888016caf7e8 EFLAGS: 00010056 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff812dcdb5 RDX: 1ffff11001366759 RSI: 0000000000000004 RDI: ffff888016caf778 RBP: fffffffffffffff8 R08: 0000000000000001 R09: ffff888016caf77b R10: ffffed1002d95eef R11: 0000000000000001 R12: dffffc0000000000 R13: ffff88800dcb6410 R14: ffff88800dcb6090 R15: ffff88800984e758 FS: 0000555556195400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3b914f6000 CR3: 0000000031644000 CR4: 0000000000350ef0 Call Trace: blkcg_exit_disk+0x15/0x50 disk_release+0xe3/0x490 device_release+0xa6/0x240 kobject_put+0x177/0x270 put_device+0x1f/0x30 put_disk+0x45/0x60 loop_add+0x8d4/0xad0 loop_probe+0x4c/0x60 blk_request_module+0x112/0x1c0 blkdev_get_no_open+0x7c/0xe0 blkdev_get_by_dev.part.0+0x22/0xb80 blkdev_get_by_dev+0x73/0x90 blkdev_open+0x140/0x2d0 do_dentry_open+0x6ca/0x12b0 path_openat+0x18ad/0x2750 do_filp_open+0x1ba/0x410 do_sys_openat2+0x171/0x4c0 __x64_sys_openat+0x143/0x200 do_syscall_64+0x3f/0x90 entry_SYSCALL_64_after_hwframe+0x72/0xdc RIP: 0033:0x7f08ee18ca04 Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44 RSP: 002b:00007ffd7d90db90 EFLAGS: 00000293 ORIG_RAX: 0000000000000101 RAX: ffffffffffffffda RBX: 00007ffd7d90dc90 RCX: 00007f08ee18ca04 RDX: 0000000000000002 RSI: 00007ffd7d90dcd0 RDI: 00000000ffffff9c RBP: 00007ffd7d90dcd0 R08: 0000000000000000 R09: 00007ffd7d90daa0 R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 R13: 0000000000000000 R14: 0000000000000001 R15: 00007ffd7d90dcd0 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:blkg_destroy_all+0xa6/0x260 Code: 08 e8 fe ef 3f 02 48 8b 44 24 10 80 38 00 0f 85 a5 01 00 00 48 8b 04 24 48 8b 98 10 04 00 00 48 89 d8 48 8d 6b f8 48 c1 e8 03 <42> 80 3c 20 00 0f 85 77 01 00 00 48 8b 03 4c 8d 78 f8 49 39 dd 0f RSP: 0018:ffff888016caf7e8 EFLAGS: 00010056 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff812dcdb5 RDX: 1ffff11001366759 RSI: 0000000000000004 RDI: ffff888016caf778 RBP: fffffffffffffff8 R08: 0000000000000001 R09: ffff888016caf77b R10: ffffed1002d95eef R11: 0000000000000001 R12: dffffc0000000000 R13: ffff88800dcb6410 R14: ffff88800dcb6090 R15: ffff88800984e758 FS: 0000555556195400(0000) GS:ffff88806ce00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f3b914f6000 CR3: 0000000031644000 CR4: 0000000000350ef0 note: syz-executor.2[270] exited with irqs disabled note: syz-executor.2[270] exited with preempt_count 1 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: e8 fe ef 3f 02 callq 0x23ff003 5: 48 8b 44 24 10 mov 0x10(%rsp),%rax a: 80 38 00 cmpb $0x0,(%rax) d: 0f 85 a5 01 00 00 jne 0x1b8 13: 48 8b 04 24 mov (%rsp),%rax 17: 48 8b 98 10 04 00 00 mov 0x410(%rax),%rbx 1e: 48 89 d8 mov %rbx,%rax 21: 48 8d 6b f8 lea -0x8(%rbx),%rbp 25: 48 c1 e8 03 shr $0x3,%rax * 29: 42 80 3c 20 00 cmpb $0x0,(%rax,%r12,1) <-- trapping instruction 2e: 0f 85 77 01 00 00 jne 0x1ab 34: 48 8b 03 mov (%rbx),%rax 37: 4c 8d 78 f8 lea -0x8(%rax),%r15 3b: 49 39 dd cmp %rbx,%r13 3e: 0f .byte 0xf