EXT4-fs error (device loop0): ext4_get_group_desc:277: comm syz-executor.0: block_group >= groups_count - block_group = 4294963226, groups_count = 1
==================================================================
BUG: KASAN: null-ptr-deref in instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
BUG: KASAN: null-ptr-deref in atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:511 [inline]
BUG: KASAN: null-ptr-deref in queued_spin_lock include/asm-generic/qspinlock.h:82 [inline]
BUG: KASAN: null-ptr-deref in do_raw_spin_lock include/linux/spinlock.h:187 [inline]
BUG: KASAN: null-ptr-deref in __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
BUG: KASAN: null-ptr-deref in _raw_spin_lock+0x97/0x1b0 kernel/locking/spinlock.c:154
Write of size 4 at addr 0000000000000000 by task syz-executor.0/2479

CPU: 1 PID: 2479 Comm: syz-executor.0 Not tainted 5.15.170-syzkaller-1076645-g431fb5556be3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:88 [inline]
 dump_stack_lvl+0x151/0x1c0 lib/dump_stack.c:106
 __kasan_report mm/kasan/report.c:431 [inline]
 kasan_report+0x16f/0x1c0 mm/kasan/report.c:444
 kasan_check_range+0x293/0x2a0 mm/kasan/generic.c:189
 __kasan_check_write+0x14/0x20 mm/kasan/shadow.c:37
 instrument_atomic_read_write include/linux/instrumented.h:101 [inline]
 atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:511 [inline]
 queued_spin_lock include/asm-generic/qspinlock.h:82 [inline]
 do_raw_spin_lock include/linux/spinlock.h:187 [inline]
 __raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
 _raw_spin_lock+0x97/0x1b0 kernel/locking/spinlock.c:154
 spin_lock include/linux/spinlock.h:363 [inline]
 ext4_mb_release_context fs/ext4/mballoc.c:5538 [inline]
 ext4_mb_new_blocks+0x19cc/0x48f0 fs/ext4/mballoc.c:5821
 ext4_ext_map_blocks+0x1aee/0x7450 fs/ext4/extents.c:4339
 ext4_map_blocks+0xa60/0x1c70 fs/ext4/inode.c:673
 _ext4_get_block+0x23b/0x660 fs/ext4/inode.c:816
 ext4_get_block+0x39/0x50 fs/ext4/inode.c:833
 __block_write_begin_int+0x58a/0x1580 fs/buffer.c:2012
 __block_write_begin+0x30/0x40 fs/buffer.c:2062
 ext4_try_to_write_inline_data+0x7bb/0x11d0 fs/ext4/inline.c:756
 ext4_write_begin+0x246/0x13d0 fs/ext4/inode.c:1191
 ext4_da_write_begin+0x4a2/0xc30 fs/ext4/inode.c:2987
 generic_perform_write+0x2de/0x750 mm/filemap.c:3853
 ext4_buffered_write_iter+0x48a/0x610 fs/ext4/file.c:270
 ext4_file_write_iter+0x454/0x1660
 __kernel_write+0x5ab/0xa60 fs/read_write.c:539
 __dump_emit+0x261/0x3a0 fs/coredump.c:875
 dump_emit+0x381/0x3f0 fs/coredump.c:912
 elf_core_dump+0x2ae9/0x3e80 fs/binfmt_elf.c:2240
 do_coredump+0x1834/0x3050 fs/coredump.c:826
 get_signal+0x4c8/0x1630 kernel/signal.c:2893
 arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:214
 irqentry_exit_to_user_mode+0x9/0x10 kernel/entry/common.c:320
 irqentry_exit+0x12/0x40 kernel/entry/common.c:411
 exc_page_fault+0x47a/0x7f0 arch/x86/mm/fault.c:1568
 asm_exc_page_fault+0x27/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0033:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 002b:0000000020000473 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 0000000000000058 RCX: 00007f4a6f12c959
RDX: 00007f4a6ecaefb0 RSI: 0000000000000058 RDI: 00007f4a6ecaefb0
RBP: 00007f4a6f188c88 R08: 0000000000000000 R09: 0000000000000058
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f4a6f24bf80 R15: 00007ffecda4bf58
 </TASK>
==================================================================
BUG: kernel NULL pointer dereference, address: 0000000000000000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 120217067 P4D 120217067 PUD 1222dd067 PMD 0 
Oops: 0002 [#1] PREEMPT SMP KASAN
CPU: 1 PID: 2479 Comm: syz-executor.0 Tainted: G    B             5.15.170-syzkaller-1076645-g431fb5556be3 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
RIP: 0010:atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:513 [inline]
RIP: 0010:queued_spin_lock include/asm-generic/qspinlock.h:82 [inline]
RIP: 0010:do_raw_spin_lock include/linux/spinlock.h:187 [inline]
RIP: 0010:__raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
RIP: 0010:_raw_spin_lock+0xba/0x1b0 kernel/locking/spinlock.c:154
Code: 00 00 e8 99 75 cb fc 4c 89 ff be 04 00 00 00 e8 8c 75 cb fc 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 <f0> 41 0f b1 4d 00 75 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00
RSP: 0018:ffffc900011a5c20 EFLAGS: 00010297
RAX: 0000000000000000 RBX: 1ffff92000234b84 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc900011a5c40
RBP: ffffc900011a5cb0 R08: dffffc0000000000 R09: 0000000000000003
R10: fffff52000234b88 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 1ffff92000234b88 R15: ffffc900011a5c40
FS:  00007f4a6ecaf6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000123007000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
 <TASK>
 spin_lock include/linux/spinlock.h:363 [inline]
 ext4_mb_release_context fs/ext4/mballoc.c:5538 [inline]
 ext4_mb_new_blocks+0x19cc/0x48f0 fs/ext4/mballoc.c:5821
 ext4_ext_map_blocks+0x1aee/0x7450 fs/ext4/extents.c:4339
 ext4_map_blocks+0xa60/0x1c70 fs/ext4/inode.c:673
 _ext4_get_block+0x23b/0x660 fs/ext4/inode.c:816
 ext4_get_block+0x39/0x50 fs/ext4/inode.c:833
 __block_write_begin_int+0x58a/0x1580 fs/buffer.c:2012
 __block_write_begin+0x30/0x40 fs/buffer.c:2062
 ext4_try_to_write_inline_data+0x7bb/0x11d0 fs/ext4/inline.c:756
 ext4_write_begin+0x246/0x13d0 fs/ext4/inode.c:1191
 ext4_da_write_begin+0x4a2/0xc30 fs/ext4/inode.c:2987
 generic_perform_write+0x2de/0x750 mm/filemap.c:3853
 ext4_buffered_write_iter+0x48a/0x610 fs/ext4/file.c:270
 ext4_file_write_iter+0x454/0x1660
 __kernel_write+0x5ab/0xa60 fs/read_write.c:539
 __dump_emit+0x261/0x3a0 fs/coredump.c:875
 dump_emit+0x381/0x3f0 fs/coredump.c:912
 elf_core_dump+0x2ae9/0x3e80 fs/binfmt_elf.c:2240
 do_coredump+0x1834/0x3050 fs/coredump.c:826
 get_signal+0x4c8/0x1630 kernel/signal.c:2893
 arch_do_signal_or_restart+0xbd/0x1680 arch/x86/kernel/signal.c:867
 handle_signal_work kernel/entry/common.c:154 [inline]
 exit_to_user_mode_loop+0xa0/0xe0 kernel/entry/common.c:178
 exit_to_user_mode_prepare+0x5a/0xa0 kernel/entry/common.c:214
 irqentry_exit_to_user_mode+0x9/0x10 kernel/entry/common.c:320
 irqentry_exit+0x12/0x40 kernel/entry/common.c:411
 exc_page_fault+0x47a/0x7f0 arch/x86/mm/fault.c:1568
 asm_exc_page_fault+0x27/0x30 arch/x86/include/asm/idtentry.h:606
RIP: 0033:0x0
Code: Unable to access opcode bytes at RIP 0xffffffffffffffd6.
RSP: 002b:0000000020000473 EFLAGS: 00010217
RAX: 0000000000000000 RBX: 0000000000000058 RCX: 00007f4a6f12c959
RDX: 00007f4a6ecaefb0 RSI: 0000000000000058 RDI: 00007f4a6ecaefb0
RBP: 00007f4a6f188c88 R08: 0000000000000000 R09: 0000000000000058
R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
R13: 000000000000000b R14: 00007f4a6f24bf80 R15: 00007ffecda4bf58
 </TASK>
Modules linked in:
CR2: 0000000000000000
---[ end trace 4bf83d1606af39b1 ]---
RIP: 0010:atomic_try_cmpxchg_acquire include/linux/atomic/atomic-instrumented.h:513 [inline]
RIP: 0010:queued_spin_lock include/asm-generic/qspinlock.h:82 [inline]
RIP: 0010:do_raw_spin_lock include/linux/spinlock.h:187 [inline]
RIP: 0010:__raw_spin_lock include/linux/spinlock_api_smp.h:143 [inline]
RIP: 0010:_raw_spin_lock+0xba/0x1b0 kernel/locking/spinlock.c:154
Code: 00 00 e8 99 75 cb fc 4c 89 ff be 04 00 00 00 e8 8c 75 cb fc 43 0f b6 04 26 84 c0 0f 85 aa 00 00 00 8b 44 24 20 b9 01 00 00 00 <f0> 41 0f b1 4d 00 75 33 48 c7 04 24 0e 36 e0 45 49 c7 04 1c 00 00
RSP: 0018:ffffc900011a5c20 EFLAGS: 00010297
RAX: 0000000000000000 RBX: 1ffff92000234b84 RCX: 0000000000000001
RDX: 0000000000000001 RSI: 0000000000000004 RDI: ffffc900011a5c40
RBP: ffffc900011a5cb0 R08: dffffc0000000000 R09: 0000000000000003
R10: fffff52000234b88 R11: dffffc0000000001 R12: dffffc0000000000
R13: 0000000000000000 R14: 1ffff92000234b88 R15: ffffc900011a5c40
FS:  00007f4a6ecaf6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 0000000123007000 CR4: 00000000003506a0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
----------------
Code disassembly (best guess):
   0:	00 00                	add    %al,(%rax)
   2:	e8 99 75 cb fc       	call   0xfccb75a0
   7:	4c 89 ff             	mov    %r15,%rdi
   a:	be 04 00 00 00       	mov    $0x4,%esi
   f:	e8 8c 75 cb fc       	call   0xfccb75a0
  14:	43 0f b6 04 26       	movzbl (%r14,%r12,1),%eax
  19:	84 c0                	test   %al,%al
  1b:	0f 85 aa 00 00 00    	jne    0xcb
  21:	8b 44 24 20          	mov    0x20(%rsp),%eax
  25:	b9 01 00 00 00       	mov    $0x1,%ecx
* 2a:	f0 41 0f b1 4d 00    	lock cmpxchg %ecx,0x0(%r13) <-- trapping instruction
  30:	75 33                	jne    0x65
  32:	48 c7 04 24 0e 36 e0 	movq   $0x45e0360e,(%rsp)
  39:	45
  3a:	49                   	rex.WB
  3b:	c7                   	.byte 0xc7
  3c:	04 1c                	add    $0x1c,%al