BUG: unable to handle kernel NULL pointer dereference at (null) IP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] IP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:234 [inline] IP: trylock_buffer include/linux/buffer_head.h:367 [inline] IP: lock_buffer include/linux/buffer_head.h:373 [inline] IP: alloc_branch fs/minix/itree_common.c:88 [inline] IP: get_block+0x6a3/0x1100 fs/minix/itree_common.c:191 PGD 9428c067 P4D 9428c067 PUD 907fe067 PMD 0 Oops: 0002 [#1] PREEMPT SMP KASAN Modules linked in: CPU: 1 PID: 23730 Comm: syz-executor.2 Not tainted 4.14.184-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 task: ffff8880a8510540 task.stack: ffff888082ae8000 RIP: 0010:test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] RIP: 0010:test_and_set_bit_lock arch/x86/include/asm/bitops.h:234 [inline] RIP: 0010:trylock_buffer include/linux/buffer_head.h:367 [inline] RIP: 0010:lock_buffer include/linux/buffer_head.h:373 [inline] RIP: 0010:alloc_branch fs/minix/itree_common.c:88 [inline] RIP: 0010:get_block+0x6a3/0x1100 fs/minix/itree_common.c:191 RSP: 0018:ffff888082aef808 EFLAGS: 00010246 RAX: 0000000000000007 RBX: ffff888082aef910 RCX: 1ffffffff0fe794c RDX: 0000000000000000 RSI: 00000000ffffffff RDI: ffff8880a8510564 RBP: ffff888082aef988 R08: 0000000000000001 R09: 0000000000000003 R10: ffff8880a8510e40 R11: ffff8880a8510540 R12: ffff88803e730100 R13: ffff888082aef8d4 R14: dffffc0000000000 R15: 0000000000000000 FS: 00007f3bcad4a700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000008c9f9000 CR4: 00000000001406e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: minix_get_block+0xd6/0x100 fs/minix/inode.c:379 __block_write_begin_int+0x33a/0x1000 fs/buffer.c:2038 __block_write_begin fs/buffer.c:2088 [inline] block_write_begin+0x58/0x260 fs/buffer.c:2147 minix_write_begin+0x35/0xc0 fs/minix/inode.c:415 generic_perform_write+0x1c9/0x420 mm/filemap.c:3047 __generic_file_write_iter+0x227/0x590 mm/filemap.c:3172 generic_file_write_iter+0x36f/0x650 mm/filemap.c:3200 call_write_iter include/linux/fs.h:1778 [inline] new_sync_write fs/read_write.c:469 [inline] __vfs_write+0x44e/0x630 fs/read_write.c:482 vfs_write+0x17f/0x4d0 fs/read_write.c:544 SYSC_write fs/read_write.c:590 [inline] SyS_write+0xf2/0x210 fs/read_write.c:582 do_syscall_64+0x1d5/0x640 arch/x86/entry/common.c:292 entry_SYSCALL_64_after_hwframe+0x46/0xbb RIP: 0033:0x45ca59 RSP: 002b:00007f3bcad49c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 MINIX-fs: mounting unchecked file system, running fsck is recommended RAX: ffffffffffffffda RBX: 000000000050c5e0 RCX: 000000000045ca59 RDX: 000000000001033b RSI: 0000000020000280 RDI: 0000000000000005 RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 0000000000000cce R14: 00000000004cf2af R15: 00007f3bcad4a6d4 Code: ef minix_free_block (loop5:42852): bit already cleared 08 00 00 49 8b bf 28 01 00 00 b9 08 00 minix_free_block (loop5:28485): bit already cleared 00 00 e8 13 57 c6 ff 31 d2 be 74 01 00 00 48 c7 c7 a0 ea 99 86 49 89 c7 e8 ad 27 6d ff 49 0f ba 2f 02 0f 83 1e fe Trying to free block not in datazone ff ff e8 0c c8 89 ff 4c 89 ff e8 RIP: test_and_set_bit arch/x86/include/asm/bitops.h:220 [inline] RSP: ffff888082aef808 RIP: test_and_set_bit_lock arch/x86/include/asm/bitops.h:234 [inline] RSP: ffff888082aef808 RIP: trylock_buffer include/linux/buffer_head.h:367 [inline] RSP: ffff888082aef808 RIP: lock_buffer include/linux/buffer_head.h:373 [inline] RSP: ffff888082aef808 RIP: alloc_branch fs/minix/itree_common.c:88 [inline] RSP: ffff888082aef808 RIP: get_block+0x6a3/0x1100 fs/minix/itree_common.c:191 RSP: ffff888082aef808 CR2: 0000000000000000 minix_free_block (loop5:20408): bit already cleared ---[ end trace 931b30b033395752 ]--- minix_free_block (loop5:14039): bit already cleared