program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004cc311ec8500000075000000a70000000800000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) r2 = gettid() r3 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VFAT_IOCTL_READDIR_SHORT(r1, 0x82307202, &(0x7f0000000580)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) r4 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {0x0, 0x2}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x8}}}]}, 0x48}}, 0x0) ioctl$PPPIOCGCHAN(r4, 0x80047437, &(0x7f0000000240)) sendmsg$nl_xfrm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000d80)=@newsa={0xf8, 0x1a, 0x1, 0x0, 0x25dfdbfd, {{@in=@local, @in6=@empty, 0x4000, 0x0, 0x3, 0x3}, {@in=@broadcast, 0x0, 0x33}, @in6=@mcast2, {0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x4}, {}, {}, 0x0, 0x0, 0xa, 0x1}, [@tfcpad={0x8, 0x23, 0xd19}]}, 0xf8}}, 0x20000000) timer_create(0x2, &(0x7f000049efa0)={0x0, 0x7, 0x4, @tid=r2}, &(0x7f0000044000)) timer_settime(0x0, 0x1, &(0x7f00000000c0)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0) syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./file0\x00', 0x200000, &(0x7f0000000440)={[{@nojournal_checksum}, {@delalloc}, {@errors_remount}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@bh}, {@mblk_io_submit}, {@usrquota}, {@noauto_da_alloc}]}, 0xfa, 0x57a, &(0x7f00000013c0)="$eJzs3c9rVNceAPDvnUxiNL5nBBHeWzwCLp7FOjFJf1jowi5LKxXaTVd2SMYgmTiSmYhJheqibropUiilQukf0H2X0k0XXfSvEFpBioR20c2UO7mjEzOTicloxsznA1fPuffOnPOde8/JOXPvcAMYWBPpP7mI/0TEl0nEkZZt+cg2Tqzvt/boxmy6JFGvf/hHEkm2rrl/kv0/1szkI376POJUbnO51ZXVhWK5XFrK8pO1xauT1ZXV05cXi/Ol+dKV6ZmZs6/PTL/15hs9i/WVC39988G9d89+cWLt6x8eHL2TxLk4nG1rjWMXbrZmJmIi+0yG49xTO071oLB+kux1BdiRoaydD0faBxyJoazVA/vfZxFRBwZUov3DgGqOA5pz+x7Ng18aD99ZnwBtjj+//t1IjDbmRofWkg0zo3S+O96D8tMyfvz97p10id59DwHQ1c1bEXEmn9/c/yVZ/7dzZ7axz9NlbOr/fhnbZS2ATu6l459X241/co/HP9Fm/DPWpu3uRNf2H7kHPSimo3T893Zz/Pvzxvgz40NZ7l+NMd9wculyuZT2bf+OiJMxfCDNb3U95+za/Xqnba3jv3RJy2+OBbN6PMgf2PiauWKtuJuYWz28FfHftuPfZv8/miRtjn/6eVzY+Fb1Ax3KOF66+79O5XeP//mqfx/x/7bznydXtJKtr09ONs6HyeZZsdmft4//2qn8vY4/Pf6Hto5/PGm9Xlt99jK+G/271GnbTs//keSjRnokW3e9WKstTUWMJO9vXj/95LXNfHP/NP6TJ7bu/9qd/wcj4pNtxn/72O2Ou/bD8Z97puP/7In77336bafyt3f8X2ukTmZrttP/bbeCu/nsAAAAAAAAoN/kIuJwJLnC43QuVyis399xLA7lypVq7dSlyvKVuWj8VnY8hnPNK91HWu6HmMruh23mp5/Kz0TE0Yj4auhgI1+YrZTn9jp4AAAAAAAAAAAAAAAAAAAA6BNjHX7/n/ptaK9rBzx3Gx757UnuMFC6PvK/F096AvpS1/YP7Fvd2//oC6kH8OL5+w+DS/uHwaX9w+DS/mFwaf8wuLR/AAAAAAAAAAAAAAAAAAAAAAAAAAAA6KkL58+nS33t0Y3ZND93bWV5oXLt9FypulBYXJ4tzFaWrhbmK5X5cqkwW1ns9n7lSuXq1HQsX5+slaq1yerK6sXFyvKV2sXLi8X50sXS8AuJCgAAAAAAAAAAAAAAAAAAAF4u1ZXVhY9H1tMLxXK5tJSu2W+JoSzafqnPfkrk+6MaEj1O7GWvBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb/RMAAP//OCszyw==") r7 = socket(0x15, 0x5, 0x0) connect$netrom(r7, 0x0, 0x0) timer_delete(0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000080)={&(0x7f00000002c0)=@gettaction={0x78, 0x32, 0x820, 0x70bd26, 0x25dfdbfb, {}, [@action_gd=@TCA_ACT_TAB={0x64, 0x1, [{0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x821}}, {0xc, 0x18, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x8000}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x67}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0xf, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0x14, 0x1, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xfffffffe}}]}]}, 0x78}, 0x1, 0x0, 0x0, 0x20000090}, 0x4020) [ 93.181656][ T5317] Bluetooth: hci0: command tx timeout [ 93.203372][ T54] cfg80211: failed to load regulatory.db [ 93.357553][ T4729] udevd[4729]: worker [5312] terminated by signal 33 (Unknown signal 33) [ 93.496866][ T5347] loop0: detected capacity change from 0 to 1024 [ 93.501865][ T5347] EXT4-fs: Ignoring removed bh option [ 93.518948][ T5347] EXT4-fs: Ignoring removed mblk_io_submit option [ 93.540772][ T5347] __kmem_cache_create_args(ext4_groupinfo_1k) failed with error -22 [ 93.549579][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-09014-gd6084bb815c4 #0 PREEMPT(full) [ 93.549601][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.549609][ T5347] Call Trace: [ 93.549615][ T5347] [ 93.549621][ T5347] dump_stack_lvl+0x189/0x250 [ 93.549743][ T5347] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.549758][ T5347] ? __pfx__printk+0x10/0x10 [ 93.549780][ T5347] ? __kmem_cache_create_args+0x1d8/0x320 [ 93.549822][ T5347] ? kmem_cache_free+0x18f/0x400 [ 93.549842][ T5347] __kmem_cache_create_args+0x237/0x320 [ 93.549861][ T5347] ext4_mb_init+0x2ff/0x2860 [ 93.549884][ T5347] ? __pfx_ext4_mb_init+0x10/0x10 [ 93.549894][ T5347] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 93.549912][ T5347] ? rcu_is_watching+0x15/0xb0 [ 93.549930][ T5347] ? ext4_fill_super+0x513d/0x6080 [ 93.549945][ T5347] ? kfree+0x4d/0x440 [ 93.549961][ T5347] ext4_fill_super+0x5231/0x6080 [ 93.549994][ T5347] ? __pfx_ext4_fill_super+0x10/0x10 [ 93.550008][ T5347] ? set_blocksize+0x21e/0x500 [ 93.550031][ T5347] ? sb_set_blocksize+0x104/0x180 [ 93.550049][ T5347] ? setup_bdev_super+0x4c1/0x5b0 [ 93.550064][ T5347] get_tree_bdev_flags+0x40b/0x4d0 [ 93.550077][ T5347] ? __pfx_ext4_fill_super+0x10/0x10 [ 93.550093][ T5347] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 93.550122][ T5347] vfs_get_tree+0x8f/0x2b0 [ 93.550167][ T5347] do_new_mount+0x2a2/0x9e0 [ 93.550186][ T5347] ? ns_capable+0x8a/0xf0 [ 93.550205][ T5347] ? __pfx_do_new_mount+0x10/0x10 [ 93.550218][ T5347] ? path_mount+0x61c/0xfe0 [ 93.550231][ T5347] ? user_path_at+0x44/0x60 [ 93.550256][ T5347] __se_sys_mount+0x317/0x410 [ 93.550276][ T5347] ? __pfx___se_sys_mount+0x10/0x10 [ 93.550296][ T5347] ? do_syscall_64+0xbe/0x3b0 [ 93.550346][ T5347] ? __x64_sys_mount+0x20/0xc0 [ 93.550363][ T5347] do_syscall_64+0xfa/0x3b0 [ 93.550378][ T5347] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.550393][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.550407][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 93.550424][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.550437][ T5347] RIP: 0033:0x7f43cd39030a [ 93.550451][ T5347] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.550461][ T5347] RSP: 002b:00007f43c97d3e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.550475][ T5347] RAX: ffffffffffffffda RBX: 00007f43c97d3ef0 RCX: 00007f43cd39030a [ 93.550484][ T5347] RDX: 00002000000001c0 RSI: 0000200000000200 RDI: 00007f43c97d3eb0 [ 93.550492][ T5347] RBP: 00002000000001c0 R08: 00007f43c97d3ef0 R09: 0000000000200000 [ 93.550501][ T5347] R10: 0000000000200000 R11: 0000000000000246 R12: 0000200000000200 [ 93.550509][ T5347] R13: 00007f43c97d3eb0 R14: 000000000000057a R15: 000000000000002c [ 93.550530][ T5347] [ 93.550536][ T5347] EXT4-fs: no memory for groupinfo slab cache [ 93.798843][ T5347] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] SMP KASAN NOPTI [ 93.804147][ T5347] KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] [ 93.807789][ T5347] CPU: 0 UID: 0 PID: 5347 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-09014-gd6084bb815c4 #0 PREEMPT(full) [ 93.812465][ T5347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 93.816975][ T5347] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 93.819566][ T5347] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 93.827792][ T5347] RSP: 0018:ffffc9000d34f700 EFLAGS: 00010006 [ 93.830286][ T5347] RAX: dffffc0000000000 RBX: ffffffff8b75bca7 RCX: 87faa7fd1592fb00 [ 93.833487][ T5347] RDX: 0000000000000000 RSI: ffffffff8b75bca7 RDI: 0000000000000003 [ 93.836890][ T5347] RBP: ffffffff8b71ee09 R08: 0000000000000001 R09: 0000000000000000 [ 93.840383][ T5347] R10: dffffc0000000000 R11: fffffbfff1f415e7 R12: 0000000000000000 [ 93.843705][ T5347] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001 [ 93.847122][ T5347] FS: 00007f43c97d46c0(0000) GS:ffff88808d26b000(0000) knlGS:0000000000000000 [ 93.850926][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.853473][ T5347] CR2: 00007f43cd372920 CR3: 000000004353c000 CR4: 0000000000352ef0 [ 93.856624][ T5347] Call Trace: [ 93.858003][ T5347] [ 93.859228][ T5347] __kasan_check_byte+0x12/0x40 [ 93.861402][ T5347] lock_acquire+0x8d/0x360 [ 93.863338][ T5347] _raw_spin_lock_irqsave+0xa7/0xf0 [ 93.865568][ T5347] ? xa_destroy+0x59/0x2e0 [ 93.867546][ T5347] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 93.870426][ T5347] ? _printk+0xcf/0x120 [ 93.872637][ T5347] xa_destroy+0x59/0x2e0 [ 93.874827][ T5347] ext4_mb_init+0x136a/0x2860 [ 93.876900][ T5347] ? __pfx_ext4_mb_init+0x10/0x10 [ 93.878981][ T5347] ? ext4_fc_replay_cleanup+0x7d/0xc0 [ 93.881275][ T5347] ? rcu_is_watching+0x15/0xb0 [ 93.883345][ T5347] ? ext4_fill_super+0x513d/0x6080 [ 93.885587][ T5347] ? kfree+0x4d/0x440 [ 93.887453][ T5347] ext4_fill_super+0x5231/0x6080 [ 93.889710][ T5347] ? __pfx_ext4_fill_super+0x10/0x10 [ 93.891996][ T5347] ? set_blocksize+0x21e/0x500 [ 93.894004][ T5347] ? sb_set_blocksize+0x104/0x180 [ 93.896127][ T5347] ? setup_bdev_super+0x4c1/0x5b0 [ 93.898288][ T5347] get_tree_bdev_flags+0x40b/0x4d0 [ 93.900498][ T5347] ? __pfx_ext4_fill_super+0x10/0x10 [ 93.902806][ T5347] ? __pfx_get_tree_bdev_flags+0x10/0x10 [ 93.905294][ T5347] vfs_get_tree+0x8f/0x2b0 [ 93.907299][ T5347] do_new_mount+0x2a2/0x9e0 [ 93.909291][ T5347] ? ns_capable+0x8a/0xf0 [ 93.911172][ T5347] ? __pfx_do_new_mount+0x10/0x10 [ 93.913295][ T5347] ? path_mount+0x61c/0xfe0 [ 93.915257][ T5347] ? user_path_at+0x44/0x60 [ 93.917266][ T5347] __se_sys_mount+0x317/0x410 [ 93.919335][ T5347] ? __pfx___se_sys_mount+0x10/0x10 [ 93.921641][ T5347] ? do_syscall_64+0xbe/0x3b0 [ 93.923740][ T5347] ? __x64_sys_mount+0x20/0xc0 [ 93.925885][ T5347] do_syscall_64+0xfa/0x3b0 [ 93.927826][ T5347] ? lockdep_hardirqs_on+0x9c/0x150 [ 93.929979][ T5347] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.932568][ T5347] ? clear_bhb_loop+0x60/0xb0 [ 93.934625][ T5347] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.937144][ T5347] RIP: 0033:0x7f43cd39030a [ 93.939207][ T5347] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.947369][ T5347] RSP: 002b:00007f43c97d3e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 93.950946][ T5347] RAX: ffffffffffffffda RBX: 00007f43c97d3ef0 RCX: 00007f43cd39030a [ 93.954426][ T5347] RDX: 00002000000001c0 RSI: 0000200000000200 RDI: 00007f43c97d3eb0 [ 93.957926][ T5347] RBP: 00002000000001c0 R08: 00007f43c97d3ef0 R09: 0000000000200000 [ 93.961531][ T5347] R10: 0000000000200000 R11: 0000000000000246 R12: 0000200000000200 [ 93.965035][ T5347] R13: 00007f43c97d3eb0 R14: 000000000000057a R15: 000000000000002c [ 93.968471][ T5347] [ 93.969766][ T5347] Modules linked in: [ 93.971506][ T5347] ---[ end trace 0000000000000000 ]--- [ 93.973834][ T5347] RIP: 0010:kasan_byte_accessible+0x12/0x30 [ 93.976491][ T5347] Code: 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 0f 1f 00 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df <0f> b6 04 07 3c 08 0f 92 c0 c3 cc cc cc cc cc 66 66 66 66 66 66 2e [ 93.984710][ T5347] RSP: 0018:ffffc9000d34f700 EFLAGS: 00010006 [ 93.987370][ T5347] RAX: dffffc0000000000 RBX: ffffffff8b75bca7 RCX: 87faa7fd1592fb00 [ 93.990968][ T5347] RDX: 0000000000000000 RSI: ffffffff8b75bca7 RDI: 0000000000000003 [ 93.994548][ T5347] RBP: ffffffff8b71ee09 R08: 0000000000000001 R09: 0000000000000000 [ 93.998001][ T5347] R10: dffffc0000000000 R11: fffffbfff1f415e7 R12: 0000000000000000 [ 94.001526][ T5347] R13: 0000000000000018 R14: 0000000000000018 R15: 0000000000000001 [ 94.004979][ T5347] FS: 00007f43c97d46c0(0000) GS:ffff88808d26b000(0000) knlGS:0000000000000000 [ 94.008806][ T5347] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 94.011772][ T5347] CR2: 00007f43cd372920 CR3: 000000004353c000 CR4: 0000000000352ef0 [ 94.015507][ T5347] Kernel panic - not syncing: Fatal exception [ 94.019003][ T5347] Kernel Offset: disabled [ 94.020929][ T5347] Rebooting in 86400 seconds..