program: syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x21081e, &(0x7f00000012c0)={[{@nombcache}, {@debug}, {@norecovery}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=") (async) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)) pwritev2(r0, &(0x7f0000000600)=[{&(0x7f0000000080)='W', 0x1}], 0x1, 0x800be6b, 0x0, 0x0) (async, rerun: 64) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) (rerun: 64) pwritev2(r1, &(0x7f00000001c0)=[{&(0x7f0000000040)='4', 0x1}], 0x1, 0x0, 0x0, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) (async) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @empty}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$9p_virtio(&(0x7f00000001c0), &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x0, &(0x7f0000000400)=ANY=[@ANYRES16]) (async, rerun: 64) chdir(&(0x7f0000000100)='./file0\x00') (rerun: 64) r4 = open(&(0x7f00000003c0)='.\x00', 0x270000, 0x0) getdents64(r4, &(0x7f0000002ec0)=""/4096, 0x1000) (async) sendmmsg$inet(r2, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000003ac0)="bb", 0x1d4c}], 0x1}}, {{0x0, 0x0, &(0x7f0000004200)=[{&(0x7f00000001c0)="5a93f8b25eabafa3997fcf0068bfdf4b6db2997a52846a38dac5a545e912cd6b4ced1fedd92c1fa0afab1c4ee981049fde0806bb84989a69b540d6910ca212cb9b5e65f99979c194938a9b13f2f5adf765d69aca3eb5a439537d7333352252c8b35a6361182331ce07c70ec53d713563d033d0de532272a01e00"/139, 0xf111973a6f6ab58}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="0000585195c18b846c30882ada03476b025b0800000000000000fa6303d4808d2b4955ecd0cfe25cd6425819161e305a8f387300895f1a75f5b7116d1e3ad0345ed0fc", 0x2}], 0x1}}], 0x3, 0x60cd894) r5 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1db) writev(r5, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x64000}], 0x1) bind$netlink(0xffffffffffffffff, &(0x7f0000000100)={0x10, 0x0, 0x25dfdbfd, 0x400}, 0xc) (async) getsockname$packet(0xffffffffffffffff, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="d8000000100000002bbd70000000000000000000", @ANYRES32=r6, @ANYBLOB="01000000405001000a0002000180c2000001000008001b00a802000040003480140035006970766c616e3100000000000000000014003500766c616e300000000000080000000000140035006c6f0000000000000000000000000000140035007767320000000000000000000000000008002000060000002400240032b3bcfc008219f6c2eff6ae75ce104acc2db2b9a32a693be36652ca7ccb0ab124001a8020000a8014000700fe8000000000000000000000000000aa05000800ff000000"], 0xd8}, 0x1, 0x0, 0x0, 0x40040}, 0x24004881) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) (async, rerun: 64) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) (rerun: 64) sendmsg$nl_route(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="4000007a70edfdc6a0f4ef000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000000100000001800128008000100767469000c00028008000100", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r8, @ANYBLOB], 0x40}}, 0x0) bind$can_raw(r5, &(0x7f0000000440)={0x1d, r6}, 0x10) (async) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) (async) write(r2, &(0x7f0000000c40)="95f8519cb393e7cab3fd0c5c253d334e2e299806a86e7431858302be45f44052452878dc95d133fc43a0566a7aa6428fd3b81010da61695a762271097b9204666b6399aab13651f402404af9072b596ccdf10761aebdbcbca1bedb18b730a30d20c84d134e8c096e5bc03073ed3ceeb406eed2ce42bccf55da4aa8ecf78c7a9bd30c7f7faf95592daacc33157d655562d474621871ea349525fdcb481ce2ccfa1e4b7eca05b578649530e700"/186, 0xfffffffffffffcfa) [ 74.043203][ T5335] Bluetooth: hci0: command tx timeout [ 74.078384][ T5356] loop0: detected capacity change from 0 to 512 [ 74.216001][ T5356] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c119, mo2=0002] [ 74.219564][ T5356] System zones: 0-2, 18-18, 34-35 [ 74.230258][ T5356] __kmem_cache_create_args(ext4_groupinfo_2k) failed with error -22 [ 74.241184][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.241201][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.241208][ T5356] Call Trace: [ 74.241214][ T5356] [ 74.241220][ T5356] dump_stack_lvl+0x189/0x250 [ 74.241306][ T5356] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.241321][ T5356] ? __pfx__printk+0x10/0x10 [ 74.241341][ T5356] ? __kmem_cache_create_args+0x1d8/0x320 [ 74.241421][ T5356] ? kmem_cache_free+0x18f/0x400 [ 74.241438][ T5356] __kmem_cache_create_args+0x237/0x320 [ 74.241453][ T5356] ext4_mb_init+0x2ff/0x2860 [ 74.241474][ T5356] ? __pfx_ext4_mb_init+0x10/0x10 [ 74.241483][ T5356] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 74.241500][ T5356] ? rcu_is_watching+0x15/0xb0 [ 74.241512][ T5356] ? ext4_fill_super+0x515f/0x6090 [ 74.241526][ T5356] ? kfree+0x4d/0x440 [ 74.241541][ T5356] ext4_fill_super+0x5253/0x6090 [ 74.241568][ T5356] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.241580][ T5356] ? set_blocksize+0x21e/0x500 [ 74.241600][ T5356] ? sb_set_blocksize+0x104/0x180 [ 74.241617][ T5356] ? setup_bdev_super+0x4c1/0x5b0 [ 74.241658][ T5356] get_tree_bdev_flags+0x40b/0x4d0 [ 74.241673][ T5356] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.241689][ T5356] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.241711][ T5356] vfs_get_tree+0x92/0x2b0 [ 74.241727][ T5356] do_new_mount+0x2a2/0x9e0 [ 74.241745][ T5356] ? ns_capable+0x8a/0xf0 [ 74.241756][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 74.241769][ T5356] ? path_mount+0x61c/0xfe0 [ 74.241782][ T5356] ? user_path_at+0x44/0x60 [ 74.241804][ T5356] __se_sys_mount+0x317/0x410 [ 74.241823][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 74.241846][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 74.242005][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 74.242021][ T5356] do_syscall_64+0xfa/0x3b0 [ 74.242031][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.242045][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.242056][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 74.242069][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.242080][ T5356] RIP: 0033:0x7f9a5239034a [ 74.242123][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.242132][ T5356] RSP: 002b:00007f9a5316de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.242146][ T5356] RAX: ffffffffffffffda RBX: 00007f9a5316def0 RCX: 00007f9a5239034a [ 74.242154][ T5356] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f9a5316deb0 [ 74.242161][ T5356] RBP: 0000200000000180 R08: 00007f9a5316def0 R09: 000000000021081e [ 74.242168][ T5356] R10: 000000000021081e R11: 0000000000000246 R12: 0000200000000140 [ 74.242179][ T5356] R13: 00007f9a5316deb0 R14: 00000000000004fa R15: 00002000000012c0 [ 74.242199][ T5356] [ 74.377094][ T5356] EXT4-fs: no memory for groupinfo slab cache [ 74.379644][ T5356] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN NOPTI [ 74.384659][ T5356] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 74.388229][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 74.392027][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.396460][ T5356] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 74.398985][ T5356] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 80 83 5a 09 cc 66 66 66 66 66 66 2e [ 74.407001][ T5356] RSP: 0018:ffffc9000d347700 EFLAGS: 00010006 [ 74.409561][ T5356] RAX: dffffc0000000000 RBX: ffffffff8b7edbf7 RCX: 36cb8f2ee3d1cf00 [ 74.412915][ T5356] RDX: 0000000000000000 RSI: ffffffff8b7edbf7 RDI: 0000000000000003 [ 74.416190][ T5356] RBP: ffffffff8b7b0d59 R08: 0000000000000001 R09: 0000000000000000 [ 74.419543][ T5356] R10: dffffc0000000000 R11: fffffbfff1f878c7 R12: 0000000000000000 [ 74.422986][ T5356] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001 [ 74.426308][ T5356] FS: 00007f9a5316e6c0(0000) GS:ffff88808d00a000(0000) knlGS:0000000000000000 [ 74.430140][ T5356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.432967][ T5356] CR2: 00007f8afcab5492 CR3: 00000000409b2000 CR4: 0000000000352ef0 [ 74.436358][ T5356] Call Trace: [ 74.437843][ T5356] [ 74.439159][ T5356] __kasan_check_byte+0x12/0x40 [ 74.441304][ T5356] lock_acquire+0x8d/0x360 [ 74.443262][ T5356] _raw_spin_lock_irqsave+0xa7/0xf0 [ 74.445457][ T5356] ? xa_destroy+0x59/0x2e0 [ 74.447336][ T5356] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 74.449845][ T5356] ? _printk+0xcf/0x120 [ 74.451689][ T5356] xa_destroy+0x59/0x2e0 [ 74.453551][ T5356] ext4_mb_init+0x136a/0x2860 [ 74.455602][ T5356] ? __pfx_ext4_mb_init+0x10/0x10 [ 74.457847][ T5356] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 74.460281][ T5356] ? rcu_is_watching+0x15/0xb0 [ 74.462474][ T5356] ? ext4_fill_super+0x515f/0x6090 [ 74.464754][ T5356] ? kfree+0x4d/0x440 [ 74.466582][ T5356] ext4_fill_super+0x5253/0x6090 [ 74.468803][ T5356] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.471251][ T5356] ? set_blocksize+0x21e/0x500 [ 74.473306][ T5356] ? sb_set_blocksize+0x104/0x180 [ 74.475575][ T5356] ? setup_bdev_super+0x4c1/0x5b0 [ 74.477806][ T5356] get_tree_bdev_flags+0x40b/0x4d0 [ 74.480068][ T5356] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.482475][ T5356] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.484895][ T5356] vfs_get_tree+0x92/0x2b0 [ 74.486728][ T5356] do_new_mount+0x2a2/0x9e0 [ 74.488601][ T5356] ? ns_capable+0x8a/0xf0 [ 74.490419][ T5356] ? __pfx_do_new_mount+0x10/0x10 [ 74.492463][ T5356] ? path_mount+0x61c/0xfe0 [ 74.494383][ T5356] ? user_path_at+0x44/0x60 [ 74.496415][ T5356] __se_sys_mount+0x317/0x410 [ 74.498512][ T5356] ? __pfx___se_sys_mount+0x10/0x10 [ 74.500864][ T5356] ? do_syscall_64+0xbe/0x3b0 [ 74.503001][ T5356] ? __x64_sys_mount+0x20/0xc0 [ 74.505115][ T5356] do_syscall_64+0xfa/0x3b0 [ 74.507165][ T5356] ? lockdep_hardirqs_on+0x9c/0x150 [ 74.509486][ T5356] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.512206][ T5356] ? clear_bhb_loop+0x60/0xb0 [ 74.514288][ T5356] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.516816][ T5356] RIP: 0033:0x7f9a5239034a [ 74.518778][ T5356] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.526982][ T5356] RSP: 002b:00007f9a5316de68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.530526][ T5356] RAX: ffffffffffffffda RBX: 00007f9a5316def0 RCX: 00007f9a5239034a [ 74.533900][ T5356] RDX: 0000200000000180 RSI: 0000200000000140 RDI: 00007f9a5316deb0 [ 74.537335][ T5356] RBP: 0000200000000180 R08: 00007f9a5316def0 R09: 000000000021081e [ 74.540904][ T5356] R10: 000000000021081e R11: 0000000000000246 R12: 0000200000000140 [ 74.544312][ T5356] R13: 00007f9a5316deb0 R14: 00000000000004fa R15: 00002000000012c0 [ 74.547490][ T5356] [ 74.548828][ T5356] Modules linked in: [ 74.550553][ T5356] ---[ end trace 0000000000000000 ]--- [ 74.552869][ T5356] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 74.555402][ T5356] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 e9 80 83 5a 09 cc 66 66 66 66 66 66 2e [ 74.563488][ T5356] RSP: 0018:ffffc9000d347700 EFLAGS: 00010006 [ 74.565973][ T5356] RAX: dffffc0000000000 RBX: ffffffff8b7edbf7 RCX: 36cb8f2ee3d1cf00 [ 74.569058][ T5356] RDX: 0000000000000000 RSI: ffffffff8b7edbf7 RDI: 0000000000000003 [ 74.572215][ T5356] RBP: ffffffff8b7b0d59 R08: 0000000000000001 R09: 0000000000000000 [ 74.575315][ T5356] R10: dffffc0000000000 R11: fffffbfff1f878c7 R12: 0000000000000000 [ 74.578465][ T5356] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001 [ 74.581581][ T5356] FS: 00007f9a5316e6c0(0000) GS:ffff88808d00a000(0000) knlGS:0000000000000000 [ 74.584838][ T5356] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.587550][ T5356] CR2: 00007f8afcab5492 CR3: 00000000409b2000 CR4: 0000000000352ef0 [ 74.590591][ T5356] Kernel panic - not syncing: Fatal exception [ 74.593530][ T5356] Kernel Offset: disabled [ 74.595368][ T5356] Rebooting in 86400 seconds..