program: syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000740)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, &(0x7f00000006c0), 0x2, 0x246, &(0x7f0000000ac0)="$eJzs3T9oM2UcB/DvXRJf+75BXnURxD8gIloor5vg8rooFKQUEUGFioiL0gq1xa1xcnHQWaWTSxE3q6N0KS6K4FS1Q10ELQ4WBx0iybVS24ja1Jz0Ph+43l3vee73HLnvkyyXBGisq0muJ2klmU7SSVIcb3B3tVw93F2f2l5I+v0nfiqG7ar9ylG/K0l6SR5KslUWeamdrG4+s/fLzmP3vbnSuff9zaenJnqRh/b3dh8/eG/ujY9mH1z94qsf5opcT/dP13X+ihH/axfJLf9Fsf+Jol33CPgn5l/78OtB7m9Ncs8w/52UqV68t5Zv2OrkgXf/qu/bP355+yTHCpy/fr8zeA/s9YHGKZN0U5QzSartspyZqT7Df9O6XL68tPzq9ItLK4sv1D1TAeelm+w++smlj6+cyP/3rSr/wMU1yP+T8xvfDrYPWnWPBpiIO6rVIP/Tz63dH/mHxpF/aC75h+aSf2gu+Yfmkn9oLvmHC6xztNEbeVj+obnkH5pL/qG5jucfAGiW/qW6n0AG6lL3/AMAAAAAAAAAAAAAAAAAAJy2PrW9cLRMquZn7yT7jyRpj6rfGv4ecXLj8O/ln4tBsz8UVbexPHvXmCcY0wc1P31903f11v/8znrrry0mvdeTXGu3T99/xeH9d3Y3/83xzvNjFviXihP7Dz812fon/bZRb/3ZneTTwfxzbdT8U+a24Xr0/NM9/hXLZ/TKr2OeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIn5PQAA//8PK23M") (async) r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) (async, rerun: 64) r1 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 64) sendmsg$netlink(r1, &(0x7f00000011c0)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f00000003c0)={0x18, 0x6a, 0x1, 0x0, 0x0, "", [@typed={0x5, 0x300, 0x0, 0x0, @binary='\x00'}]}, 0x18}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18030000000000000000000000000000851000000600000018100000", @ANYRES32=r0, @ANYBLOB="00000000000000006600000000000000180000000000000000000000000000009500000000000000260300000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x90) r2 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f00000000c0)={@local}) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) (async) r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)={0x48, 0x2, 0x6, 0x401, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}]}, 0x48}}, 0x0) (async, rerun: 64) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0xffffffffffffff15, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x8c}, 0x1, 0x0, 0x0, 0x10000092}, 0x4000080) (async, rerun: 64) r6 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async, rerun: 64) r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64) r8 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r7) (async, rerun: 64) ioctl$IOCTL_GET_NCIDEV_IDX(r6, 0x0, &(0x7f00000000c0)=0x0) (rerun: 64) sendmsg$NFC_CMD_DEV_UP(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r9], 0xfd45}}, 0x0) (async) write$nci(r6, &(0x7f0000000280)=@NCI_OP_RF_INTF_ACTIVATED_NTF={0x1, 0x1, 0x3, 0x5, 0x4, @b={0x9, 0x2, 0x2, 0x1, 0xf8, 0xb, 0xd, {0x1, "1b"}, 0x3, 0x6, 0x5, 0x4, 0x1, "b4"}}, 0x12) (async, rerun: 64) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) (async, rerun: 64) sendmsg$IPSET_CMD_ADD(r4, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0) ioctl$EXT4_IOC_MOVE_EXT(r10, 0x8004587d, &(0x7f0000000080)) (async) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r3, 0x800c6613, &(0x7f0000000140)=@v1={0x0, @adiantum, 0x4, @desc3}) [ 74.193499][ T4702] Bluetooth: hci0: command tx timeout [ 74.285904][ T5352] loop0: detected capacity change from 0 to 128 [ 74.374303][ T5352] __kmem_cache_create_args(ext4_groupinfo_1k) failed with error -22 [ 74.388554][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 74.388576][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.388584][ T5352] Call Trace: [ 74.388589][ T5352] [ 74.388595][ T5352] dump_stack_lvl+0x189/0x250 [ 74.388703][ T5352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 74.388717][ T5352] ? __pfx__printk+0x10/0x10 [ 74.388732][ T5352] ? __kmem_cache_create_args+0x1d8/0x320 [ 74.388781][ T5352] ? kmem_cache_free+0x18f/0x400 [ 74.388796][ T5352] __kmem_cache_create_args+0x237/0x320 [ 74.388811][ T5352] ext4_mb_init+0x2ff/0x2860 [ 74.388827][ T5352] ? __pfx_ext4_mb_init+0x10/0x10 [ 74.388839][ T5352] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 74.388857][ T5352] ? rcu_is_watching+0x15/0xb0 [ 74.388869][ T5352] ? ext4_fill_super+0x515f/0x6090 [ 74.388884][ T5352] ? kfree+0x4d/0x440 [ 74.388897][ T5352] ext4_fill_super+0x5253/0x6090 [ 74.388917][ T5352] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.388932][ T5352] ? set_blocksize+0x21e/0x500 [ 74.388946][ T5352] ? sb_set_blocksize+0x104/0x180 [ 74.388960][ T5352] ? setup_bdev_super+0x4c1/0x5b0 [ 74.388974][ T5352] get_tree_bdev_flags+0x40b/0x4d0 [ 74.388988][ T5352] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.389003][ T5352] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.389019][ T5352] vfs_get_tree+0x92/0x2b0 [ 74.389031][ T5352] do_new_mount+0x2a2/0x9e0 [ 74.389045][ T5352] ? ns_capable+0x8a/0xf0 [ 74.389057][ T5352] ? __pfx_do_new_mount+0x10/0x10 [ 74.389069][ T5352] ? path_mount+0x61c/0xfe0 [ 74.389082][ T5352] ? user_path_at+0x44/0x60 [ 74.389093][ T5352] __se_sys_mount+0x317/0x410 [ 74.389107][ T5352] ? __pfx___se_sys_mount+0x10/0x10 [ 74.389120][ T5352] ? rcu_is_watching+0x15/0xb0 [ 74.389129][ T5352] ? __x64_sys_mount+0x20/0xc0 [ 74.389144][ T5352] do_syscall_64+0xfa/0x3b0 [ 74.389190][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.389202][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 74.389215][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.389224][ T5352] RIP: 0033:0x7f79a579038a [ 74.389235][ T5352] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.389244][ T5352] RSP: 002b:00007f79a656ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.389257][ T5352] RAX: ffffffffffffffda RBX: 00007f79a656eef0 RCX: 00007f79a579038a [ 74.389264][ T5352] RDX: 0000200000000200 RSI: 0000200000000740 RDI: 00007f79a656eeb0 [ 74.389271][ T5352] RBP: 0000200000000200 R08: 00007f79a656eef0 R09: 000000000000c000 [ 74.389278][ T5352] R10: 000000000000c000 R11: 0000000000000246 R12: 0000200000000740 [ 74.389286][ T5352] R13: 00007f79a656eeb0 R14: 0000000000000246 R15: 00002000000006c0 [ 74.389297][ T5352] [ 74.389302][ T5352] EXT4-fs: no memory for groupinfo slab cache [ 74.533396][ T5352] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN NOPTI [ 74.539261][ T5352] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 74.543170][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted 6.17.0-rc2-syzkaller-00028-gbe48bcf004f9 #0 PREEMPT(full) [ 74.548729][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 74.554185][ T5352] RIP: 0010:do_raw_spin_lock+0x78/0x290 [ 74.557736][ T5352] Code: fe 9d 81 48 8d 4c 24 20 48 c1 e9 03 48 b8 f1 f1 f1 f1 04 f3 f3 f3 48 89 4c 24 18 4a 89 04 39 4c 8d 77 04 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 9f 01 00 00 41 8b 06 3d ad 4e ad de 0f [ 74.567843][ T5352] RSP: 0018:ffffc9000d26f700 EFLAGS: 00010047 [ 74.570409][ T5352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff92001a4dee4 [ 74.574307][ T5352] RDX: 0000000000000000 RSI: ffffffff8be348e0 RDI: 0000000000000000 [ 74.578111][ T5352] RBP: ffffc9000d26f7b0 R08: 0000000000000001 R09: 0000000000000000 [ 74.581605][ T5352] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: dffffc0000000000 [ 74.585226][ T5352] R13: ffff888043d12560 R14: 0000000000000004 R15: dffffc0000000000 [ 74.589240][ T5352] FS: 00007f79a656f6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 74.593313][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.596268][ T5352] CR2: 0000555ae74e9970 CR3: 000000003e40e000 CR4: 0000000000352ef0 [ 74.600463][ T5352] Call Trace: [ 74.602246][ T5352] [ 74.603668][ T5352] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 74.606305][ T5352] ? lock_release+0x4b/0x3e0 [ 74.608624][ T5352] _raw_spin_lock_irqsave+0xb3/0xf0 [ 74.610936][ T5352] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 74.613756][ T5352] ? _printk+0xcf/0x120 [ 74.615979][ T5352] xa_destroy+0x59/0x2e0 [ 74.618519][ T5352] ext4_mb_init+0x136a/0x2860 [ 74.620784][ T5352] ? __pfx_ext4_mb_init+0x10/0x10 [ 74.622966][ T5352] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 74.625553][ T5352] ? rcu_is_watching+0x15/0xb0 [ 74.627765][ T5352] ? ext4_fill_super+0x515f/0x6090 [ 74.630163][ T5352] ? kfree+0x4d/0x440 [ 74.632217][ T5352] ext4_fill_super+0x5253/0x6090 [ 74.634764][ T5352] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.637567][ T5352] ? set_blocksize+0x21e/0x500 [ 74.639894][ T5352] ? sb_set_blocksize+0x104/0x180 [ 74.642217][ T5352] ? setup_bdev_super+0x4c1/0x5b0 [ 74.644849][ T5352] get_tree_bdev_flags+0x40b/0x4d0 [ 74.647370][ T5352] ? __pfx_ext4_fill_super+0x10/0x10 [ 74.649936][ T5352] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 74.652466][ T5352] vfs_get_tree+0x92/0x2b0 [ 74.654488][ T5352] do_new_mount+0x2a2/0x9e0 [ 74.656576][ T5352] ? ns_capable+0x8a/0xf0 [ 74.658845][ T5352] ? __pfx_do_new_mount+0x10/0x10 [ 74.661539][ T5352] ? path_mount+0x61c/0xfe0 [ 74.663793][ T5352] ? user_path_at+0x44/0x60 [ 74.666014][ T5352] __se_sys_mount+0x317/0x410 [ 74.668046][ T5352] ? __pfx___se_sys_mount+0x10/0x10 [ 74.670418][ T5352] ? rcu_is_watching+0x15/0xb0 [ 74.672659][ T5352] ? __x64_sys_mount+0x20/0xc0 [ 74.674812][ T5352] do_syscall_64+0xfa/0x3b0 [ 74.677198][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.680420][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 74.682746][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 74.685537][ T5352] RIP: 0033:0x7f79a579038a [ 74.687654][ T5352] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 74.696293][ T5352] RSP: 002b:00007f79a656ee68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 74.700219][ T5352] RAX: ffffffffffffffda RBX: 00007f79a656eef0 RCX: 00007f79a579038a [ 74.703767][ T5352] RDX: 0000200000000200 RSI: 0000200000000740 RDI: 00007f79a656eeb0 [ 74.707381][ T5352] RBP: 0000200000000200 R08: 00007f79a656eef0 R09: 000000000000c000 [ 74.711278][ T5352] R10: 000000000000c000 R11: 0000000000000246 R12: 0000200000000740 [ 74.715452][ T5352] R13: 00007f79a656eeb0 R14: 0000000000000246 R15: 00002000000006c0 [ 74.719080][ T5352] [ 74.720831][ T5352] Modules linked in: [ 74.722652][ T5352] ---[ end trace 0000000000000000 ]--- [ 74.725072][ T5352] RIP: 0010:do_raw_spin_lock+0x78/0x290 [ 74.728032][ T5352] Code: fe 9d 81 48 8d 4c 24 20 48 c1 e9 03 48 b8 f1 f1 f1 f1 04 f3 f3 f3 48 89 4c 24 18 4a 89 04 39 4c 8d 77 04 4c 89 f0 48 c1 e8 03 <42> 0f b6 04 38 84 c0 0f 85 9f 01 00 00 41 8b 06 3d ad 4e ad de 0f [ 74.736839][ T5352] RSP: 0018:ffffc9000d26f700 EFLAGS: 00010047 [ 74.739513][ T5352] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 1ffff92001a4dee4 [ 74.743325][ T5352] RDX: 0000000000000000 RSI: ffffffff8be348e0 RDI: 0000000000000000 [ 74.746998][ T5352] RBP: ffffc9000d26f7b0 R08: 0000000000000001 R09: 0000000000000000 [ 74.750551][ T5352] R10: dffffc0000000000 R11: fffffbfff1f47487 R12: dffffc0000000000 [ 74.754519][ T5352] R13: ffff888043d12560 R14: 0000000000000004 R15: dffffc0000000000 [ 74.758964][ T5352] FS: 00007f79a656f6c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 74.763011][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 74.766110][ T5352] CR2: 0000555ae74e9970 CR3: 000000003e40e000 CR4: 0000000000352ef0 [ 74.769652][ T5352] Kernel panic - not syncing: Fatal exception [ 74.772663][ T5352] Kernel Offset: disabled [ 74.775160][ T5352] Rebooting in 86400 seconds..