loop0: detected capacity change from 0 to 32768 ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. BUG: kernel NULL pointer dereference, address: 0000000000000011 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 5c837067 P4D 5c837067 PUD 797b1067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 0 UID: 0 PID: 6447 Comm: syz.0.119 Not tainted 6.12.0-syzkaller-01782-gbf9aa14fc523 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:___slab_alloc+0x27a/0x1880 mm/slub.c:3761 Code: 0b 49 83 7f 28 00 0f 85 de 07 00 00 4d 89 77 28 49 83 7c 24 10 00 0f 85 45 06 00 00 4d 8b 7c 24 18 4d 85 ff 0f 84 d2 06 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 49 89 44 24 18 74 20 49 8b 07 48 RSP: 0018:ffffc900051beb50 EFLAGS: 00010002 RAX: 0000000000000000 RBX: 0000000000000202 RCX: ffffffff8169da5e RDX: 0000000000000001 RSI: ffffffff81e3c118 RDI: 0000000000000000 RBP: ffffc900051bec30 R08: 0000000000000000 R09: fffffbfff2dc8198 R10: ffffffff96e40cc7 R11: 000000000000000a R12: ffffe8ffffc6c1a0 R13: ffff88814def1dc0 R14: ffff888030de3c00 R15: 0000000000000001 FS: 00007fd7c8bf66c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000011 CR3: 0000000032f1a000 CR4: 0000000000350ef0 Call Trace: __slab_alloc.constprop.0+0x56/0xb0 mm/slub.c:3908 __slab_alloc_node mm/slub.c:3961 [inline] slab_alloc_node mm/slub.c:4122 [inline] kmem_cache_alloc_noprof+0x2a7/0x2f0 mm/slub.c:4141 jbd2_alloc+0xb5/0xd0 fs/jbd2/journal.c:2787 jbd2_journal_get_undo_access+0x212/0x3f0 fs/jbd2/transaction.c:1395 __ocfs2_journal_access+0x426/0x8b0 fs/ocfs2/journal.c:692 ocfs2_block_group_set_bits+0x298/0x9b0 fs/ocfs2/suballoc.c:1387 ocfs2_search_chain+0x1139/0x24b0 fs/ocfs2/suballoc.c:1900 ocfs2_claim_suballoc_bits+0x800/0x2010 fs/ocfs2/suballoc.c:1985 __ocfs2_claim_clusters+0x28e/0xa70 fs/ocfs2/suballoc.c:2395 ocfs2_local_alloc_new_window fs/ocfs2/localalloc.c:1183 [inline] ocfs2_local_alloc_slide_window+0x90c/0x18f0 fs/ocfs2/localalloc.c:1312 ocfs2_reserve_local_alloc_bits+0x4f4/0xc60 fs/ocfs2/localalloc.c:669 ocfs2_reserve_clusters_with_limit+0x697/0xe80 fs/ocfs2/suballoc.c:1166 ocfs2_reserve_clusters fs/ocfs2/suballoc.c:1227 [inline] ocfs2_lock_allocators+0x339/0x5f0 fs/ocfs2/suballoc.c:2746 ocfs2_write_begin_nolock+0x2886/0x6ea0 fs/ocfs2/aops.c:1738 ocfs2_write_begin+0x1cd/0x340 fs/ocfs2/aops.c:1902 generic_perform_write+0x2bd/0x920 mm/filemap.c:4056 __generic_file_write_iter+0x1f7/0x240 mm/filemap.c:4157 ocfs2_file_write_iter+0xb70/0x20e0 fs/ocfs2/file.c:2467 new_sync_write fs/read_write.c:586 [inline] vfs_write+0x5b1/0x1150 fs/read_write.c:679 ksys_write+0x12b/0x250 fs/read_write.c:731 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd7cad7e819 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fd7c8bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fd7caf35fa0 RCX: 00007fd7cad7e819 RDX: 000000000208e24b RSI: 0000000020000000 RDI: 0000000000000004 RBP: 00007fd7cadf175e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007fd7caf35fa0 R15: 00007ffec9a66ca8 Modules linked in: CR2: 0000000000000011 ---[ end trace 0000000000000000 ]--- RIP: 0010:___slab_alloc+0x27a/0x1880 mm/slub.c:3761 Code: 0b 49 83 7f 28 00 0f 85 de 07 00 00 4d 89 77 28 49 83 7c 24 10 00 0f 85 45 06 00 00 4d 8b 7c 24 18 4d 85 ff 0f 84 d2 06 00 00 <49> 8b 47 10 83 bd 68 ff ff ff ff 49 89 44 24 18 74 20 49 8b 07 48 RSP: 0018:ffffc900051beb50 EFLAGS: 00010002 RAX: 0000000000000000 RBX: 0000000000000202 RCX: ffffffff8169da5e RDX: 0000000000000001 RSI: ffffffff81e3c118 RDI: 0000000000000000 RBP: ffffc900051bec30 R08: 0000000000000000 R09: fffffbfff2dc8198 R10: ffffffff96e40cc7 R11: 000000000000000a R12: ffffe8ffffc6c1a0 R13: ffff88814def1dc0 R14: ffff888030de3c00 R15: 0000000000000001 FS: 00007fd7c8bf66c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000011 CR3: 0000000032f1a000 CR4: 0000000000350ef0 ---------------- Code disassembly (best guess), 1 bytes skipped: 0: 49 83 7f 28 00 cmpq $0x0,0x28(%r15) 5: 0f 85 de 07 00 00 jne 0x7e9 b: 4d 89 77 28 mov %r14,0x28(%r15) f: 49 83 7c 24 10 00 cmpq $0x0,0x10(%r12) 15: 0f 85 45 06 00 00 jne 0x660 1b: 4d 8b 7c 24 18 mov 0x18(%r12),%r15 20: 4d 85 ff test %r15,%r15 23: 0f 84 d2 06 00 00 je 0x6fb * 29: 49 8b 47 10 mov 0x10(%r15),%rax <-- trapping instruction 2d: 83 bd 68 ff ff ff ff cmpl $0xffffffff,-0x98(%rbp) 34: 49 89 44 24 18 mov %rax,0x18(%r12) 39: 74 20 je 0x5b 3b: 49 8b 07 mov (%r15),%rax 3e: 48 rex.W