loop4: detected capacity change from 0 to 512
BUG: kernel NULL pointer dereference, address: 0000000000000013
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 31f4d067 P4D 31f4d067 PUD 0 
Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI
CPU: 0 UID: 0 PID: 6179 Comm: syz.4.56 Not tainted 6.14.0-rc2-syzkaller-00039-g09fbf3d50205 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 12/27/2024
RIP: 0010:___slab_alloc+0x26d/0x1720 mm/slub.c:3769
Code: ff 75 0b 49 83 7f 28 00 0f 85 92 06 00 00 4d 89 77 28 48 83 7b 10 00 0f 85 fb 04 00 00 4c 8b 7b 18 4d 85 ff 0f 84 88 05 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 48 89 43 18 74 20 49 8b 07 48 83
RSP: 0018:ffffc9000bd77780 EFLAGS: 00010006
RAX: 0000000000000000 RBX: ffffe8ffffc766c0 RCX: ffffffff8195b34e
RDX: 0000000000000001 RSI: ffffffff82114611 RDI: 0000000000000000
RBP: ffffc9000bd77860 R08: 0000000000000000 R09: fffffbfff2dd6f98
R10: ffffffff96eb7cc7 R11: 0000000000000001 R12: ffff88802a77e3c0
R13: 0000000000000206 R14: ffff888034d5da00 R15: 0000000000000003
FS:  00007fadc194f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000013 CR3: 00000000556ec000 CR4: 0000000000350ef0
Call Trace:
 <TASK>
 __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3916
 __slab_alloc_node mm/slub.c:3991 [inline]
 slab_alloc_node mm/slub.c:4152 [inline]
 kmem_cache_alloc_noprof+0xfa/0x3d0 mm/slub.c:4171
 ext4_mb_add_groupinfo+0x445/0x1100 fs/ext4/mballoc.c:3356
 ext4_mb_init_backend fs/ext4/mballoc.c:3435 [inline]
 ext4_mb_init+0x11df/0x2640 fs/ext4/mballoc.c:3733
 __ext4_fill_super fs/ext4/super.c:5551 [inline]
 ext4_fill_super+0x8b72/0xb160 fs/ext4/super.c:5722
 get_tree_bdev_flags+0x38e/0x620 fs/super.c:1636
 vfs_get_tree+0x8e/0x340 fs/super.c:1814
 do_new_mount fs/namespace.c:3560 [inline]
 path_mount+0x14e6/0x1f10 fs/namespace.c:3887
 do_mount fs/namespace.c:3900 [inline]
 __do_sys_mount fs/namespace.c:4111 [inline]
 __se_sys_mount fs/namespace.c:4088 [inline]
 __x64_sys_mount+0x28f/0x310 fs/namespace.c:4088
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7fadc0b8e58a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007fadc194ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007fadc194eef0 RCX: 00007fadc0b8e58a
RDX: 0000400000000180 RSI: 0000400000000080 RDI: 00007fadc194eeb0
RBP: 0000400000000180 R08: 00007fadc194eef0 R09: 0000000000000002
R10: 0000000000000002 R11: 0000000000000246 R12: 0000400000000080
R13: 00007fadc194eeb0 R14: 00000000000004be R15: 00004000000000c0
 </TASK>
Modules linked in:
CR2: 0000000000000013
---[ end trace 0000000000000000 ]---
RIP: 0010:___slab_alloc+0x26d/0x1720 mm/slub.c:3769
Code: ff 75 0b 49 83 7f 28 00 0f 85 92 06 00 00 4d 89 77 28 48 83 7b 10 00 0f 85 fb 04 00 00 4c 8b 7b 18 4d 85 ff 0f 84 88 05 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 48 89 43 18 74 20 49 8b 07 48 83
RSP: 0018:ffffc9000bd77780 EFLAGS: 00010006
RAX: 0000000000000000 RBX: ffffe8ffffc766c0 RCX: ffffffff8195b34e
RDX: 0000000000000001 RSI: ffffffff82114611 RDI: 0000000000000000
RBP: ffffc9000bd77860 R08: 0000000000000000 R09: fffffbfff2dd6f98
R10: ffffffff96eb7cc7 R11: 0000000000000001 R12: ffff88802a77e3c0
R13: 0000000000000206 R14: ffff888034d5da00 R15: 0000000000000003
FS:  00007fadc194f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000013 CR3: 00000000556ec000 CR4: 0000000000350ef0
----------------
Code disassembly (best guess):
   0:	ff 75 0b             	push   0xb(%rbp)
   3:	49 83 7f 28 00       	cmpq   $0x0,0x28(%r15)
   8:	0f 85 92 06 00 00    	jne    0x6a0
   e:	4d 89 77 28          	mov    %r14,0x28(%r15)
  12:	48 83 7b 10 00       	cmpq   $0x0,0x10(%rbx)
  17:	0f 85 fb 04 00 00    	jne    0x518
  1d:	4c 8b 7b 18          	mov    0x18(%rbx),%r15
  21:	4d 85 ff             	test   %r15,%r15
  24:	0f 84 88 05 00 00    	je     0x5b2
* 2a:	49 8b 47 10          	mov    0x10(%r15),%rax <-- trapping instruction
  2e:	83 bd 68 ff ff ff ff 	cmpl   $0xffffffff,-0x98(%rbp)
  35:	48 89 43 18          	mov    %rax,0x18(%rbx)
  39:	74 20                	je     0x5b
  3b:	49 8b 07             	mov    (%r15),%rax
  3e:	48                   	rex.W
  3f:	83                   	.byte 0x83