WARNING: The mand mount option has been deprecated and
         and is ignored by this kernel. Remove the mand
         option from the mount to silence this warning.
=======================================================
EXT4-fs: Ignoring removed i_version option
BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 80000001093f6067 P4D 80000001093f6067 PUD 0 
Oops: Oops: 0000 [#1] SMP PTI
CPU: 1 UID: 0 PID: 2883 Comm: syz.3.17 Not tainted syzkaller #0 PREEMPT(none) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
RIP: 0010:bio_get_first_bvec block/blk-merge.c:22 [inline]
RIP: 0010:bio_get_last_bvec block/blk-merge.c:30 [inline]
RIP: 0010:bio_seg_gap+0x74/0x1e0 block/blk-merge.c:743
Code: db 74 0f 0f b6 c0 38 d8 0f b6 cb 0f 42 c8 89 cb eb 02 89 c3 44 8b 4e 28 8b 4e 2c 44 8b 46 30 48 8b 46 68 49 89 ca 49 c1 e2 04 <42> 8b 6c 10 08 44 29 c5 46 8b 5c 10 0c 45 01 c3 41 39 e9 41 0f 42
RSP: 0018:ffffc900020db670 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888101bcfe40 RSI: ffff888101bcfd80 RDI: ffff888106289ba8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000400
R10: 0000000000000000 R11: 0000000000000800 R12: 0000000000000000
R13: ffff888106289c01 R14: ffff888101bcfe40 R15: 0000000000000000
FS:  00007f67871976c0(0000) GS:ffff8882b4b14000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 00000001179a2000 CR4: 00000000003506f0
Call Trace:
 <TASK>
 bio_attempt_back_merge+0xc9/0x180 block/blk-merge.c:940
 blk_attempt_plug_merge+0x51/0x80 block/blk-merge.c:1073
 blk_mq_attempt_bio_merge block/blk-mq.c:3022 [inline]
 blk_mq_submit_bio+0x55b/0x7d0 block/blk-mq.c:3186
 __submit_bio+0xd7/0x250 block/blk-core.c:637
 __submit_bio_noacct_mq block/blk-core.c:724 [inline]
 submit_bio_noacct_nocheck+0xdd/0x310 block/blk-core.c:755
 submit_bio_wait+0xb0/0xf0 block/bio.c:1389
 blkdev_issue_discard+0x121/0x170 block/blk-lib.c:95
 ext4_mb_clear_bb fs/ext4/mballoc.c:6620 [inline]
 ext4_free_blocks+0x4b9/0x940 fs/ext4/mballoc.c:6770
 ext4_clear_blocks+0x11c/0x180 fs/ext4/indirect.c:888
 ext4_free_data fs/ext4/indirect.c:962 [inline]
 ext4_ind_truncate+0x3b9/0x540 fs/ext4/indirect.c:1154
 ext4_truncate+0x377/0x490 fs/ext4/inode.c:4616
 ext4_evict_inode+0x526/0x730 fs/ext4/inode.c:261
 evict+0x1e4/0x3a0 fs/inode.c:810
 ext4_orphan_cleanup+0x2ef/0x510 fs/ext4/orphan.c:470
 __ext4_fill_super fs/ext4/super.c:5617 [inline]
 ext4_fill_super+0x17ef/0x1a60 fs/ext4/super.c:5736
 get_tree_bdev_flags+0x13c/0x1c0 fs/super.c:1691
 vfs_get_tree+0x29/0xb0 fs/super.c:1751
 fc_mount fs/namespace.c:1208 [inline]
 do_new_mount_fc fs/namespace.c:3651 [inline]
 do_new_mount+0x168/0x3b0 fs/namespace.c:3727
 do_mount fs/namespace.c:4050 [inline]
 __do_sys_mount fs/namespace.c:4238 [inline]
 __se_sys_mount+0x144/0x1b0 fs/namespace.c:4215
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0x8f/0x250 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7f6787330e6a
Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007f6787196e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
RAX: ffffffffffffffda RBX: 00007f6787196ef0 RCX: 00007f6787330e6a
RDX: 0000200000000ac0 RSI: 0000200000000240 RDI: 00007f6787196eb0
RBP: 0000200000000ac0 R08: 00007f6787196ef0 R09: 0000000003810744
R10: 0000000003810744 R11: 0000000000000246 R12: 0000200000000240
R13: 00007f6787196eb0 R14: 0000000000000453 R15: 000000000000002c
 </TASK>
Modules linked in:
CR2: 0000000000000008
---[ end trace 0000000000000000 ]---
RIP: 0010:bio_get_first_bvec block/blk-merge.c:22 [inline]
RIP: 0010:bio_get_last_bvec block/blk-merge.c:30 [inline]
RIP: 0010:bio_seg_gap+0x74/0x1e0 block/blk-merge.c:743
Code: db 74 0f 0f b6 c0 38 d8 0f b6 cb 0f 42 c8 89 cb eb 02 89 c3 44 8b 4e 28 8b 4e 2c 44 8b 46 30 48 8b 46 68 49 89 ca 49 c1 e2 04 <42> 8b 6c 10 08 44 29 c5 46 8b 5c 10 0c 45 01 c3 41 39 e9 41 0f 42
RSP: 0018:ffffc900020db670 EFLAGS: 00010246
RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
RDX: ffff888101bcfe40 RSI: ffff888101bcfd80 RDI: ffff888106289ba8
RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000400
R10: 0000000000000000 R11: 0000000000000800 R12: 0000000000000000
R13: ffff888106289c01 R14: ffff888101bcfe40 R15: 0000000000000000
FS:  00007f67871976c0(0000) GS:ffff8882b4b14000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 00000001179a2000 CR4: 00000000003506f0
----------------
Code disassembly (best guess):
   0:	db 74 0f 0f          	(bad)  0xf(%rdi,%rcx,1)
   4:	b6 c0                	mov    $0xc0,%dh
   6:	38 d8                	cmp    %bl,%al
   8:	0f b6 cb             	movzbl %bl,%ecx
   b:	0f 42 c8             	cmovb  %eax,%ecx
   e:	89 cb                	mov    %ecx,%ebx
  10:	eb 02                	jmp    0x14
  12:	89 c3                	mov    %eax,%ebx
  14:	44 8b 4e 28          	mov    0x28(%rsi),%r9d
  18:	8b 4e 2c             	mov    0x2c(%rsi),%ecx
  1b:	44 8b 46 30          	mov    0x30(%rsi),%r8d
  1f:	48 8b 46 68          	mov    0x68(%rsi),%rax
  23:	49 89 ca             	mov    %rcx,%r10
  26:	49 c1 e2 04          	shl    $0x4,%r10
* 2a:	42 8b 6c 10 08       	mov    0x8(%rax,%r10,1),%ebp <-- trapping instruction
  2f:	44 29 c5             	sub    %r8d,%ebp
  32:	46 8b 5c 10 0c       	mov    0xc(%rax,%r10,1),%r11d
  37:	45 01 c3             	add    %r8d,%r11d
  3a:	41 39 e9             	cmp    %ebp,%r9d
  3d:	41                   	rex.B
  3e:	0f                   	.byte 0xf
  3f:	42                   	rex.X