program: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = socket(0x2, 0x80805, 0x0) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, &(0x7f0000003140)=""/4095, &(0x7f0000000000)=0xfff) (async) getsockopt$bt_hci(r0, 0x84, 0x82, &(0x7f0000000000)=""/4087, &(0x7f0000001080)=0xff7) (async, rerun: 64) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) (rerun: 64) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x2000000) (async) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) (async, rerun: 32) write$cgroup_int(r1, &(0x7f0000000380), 0x1040c) (async, rerun: 32) close(r1) (async) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) (async, rerun: 32) r5 = socket$inet_udp(0x2, 0x2, 0x0) (rerun: 32) close(r5) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r7, @ANYBLOB="fd00000000000000300012800b00010065727370616e000020000280040012000500160002000000060018000028"], 0x50}}, 0x44080) write$binfmt_misc(r4, &(0x7f0000000000), 0xfffffecc) (async) splice(r3, 0x0, r5, 0x0, 0x6b, 0xe) (async, rerun: 32) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='net_prio.prioidx\x00', 0x275a, 0x0) (async, rerun: 32) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f00000000c0)=""/83) [ 68.461452][ T4707] Bluetooth: hci0: command tx timeout [ 68.503894][ T5359] loop0: detected capacity change from 0 to 512 [ 68.568511][ T5359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.670834][ T5359] loop0: detected capacity change from 512 to 64 [ 68.676378][ T5360] syz.0.0: attempt to access beyond end of device [ 68.676378][ T5360] loop0: rw=1, sector=258, nr_sectors = 24 limit=64 [ 68.691965][ T5360] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 129) [ 68.705422][ T5360] Buffer I/O error on device loop0, logical block 129 [ 68.708478][ T5360] Buffer I/O error on device loop0, logical block 130 [ 68.711356][ T5360] Buffer I/O error on device loop0, logical block 131 [ 68.714349][ T5360] Buffer I/O error on device loop0, logical block 132 [ 68.718768][ T5360] Buffer I/O error on device loop0, logical block 133 [ 68.721537][ T5360] Buffer I/O error on device loop0, logical block 134 [ 68.724356][ T5360] Buffer I/O error on device loop0, logical block 135 [ 68.727228][ T5360] Buffer I/O error on device loop0, logical block 136 [ 68.733354][ T5360] Buffer I/O error on device loop0, logical block 137 [ 68.736246][ T5360] Buffer I/O error on device loop0, logical block 138 [ 68.759312][ T5360] ------------[ cut here ]------------ [ 68.763019][ T5360] kernel BUG at fs/ext4/mballoc.c:4755! [ 68.765485][ T5360] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 68.767790][ T5360] CPU: 0 UID: 0 PID: 5360 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.771251][ T5360] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.775794][ T5360] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 68.778393][ T5360] Code: e8 04 ba aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 20 be 45 ff 90 0f 0b e8 18 be 45 ff 90 0f 0b e8 10 be 45 ff 90 <0f> 0b e8 08 be 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 68.786943][ T5360] RSP: 0018:ffffc9000d356868 EFLAGS: 00010293 [ 68.789804][ T5360] RAX: ffffffff8279ff30 RBX: 00000000ffffffdc RCX: ffff888000214880 [ 68.793413][ T5360] RDX: 0000000000000000 RSI: 000000000000002c RDI: 0000000000000008 [ 68.796819][ T5360] RBP: 1ffff1100881d07b R08: ffff8880440e9503 R09: 1ffff1100881d2a0 [ 68.800174][ T5360] R10: dffffc0000000000 R11: ffffed100881d2a1 R12: 0000000000000000 [ 68.803641][ T5360] R13: 000000000000002c R14: 1ffff1100881d2a3 R15: ffff8880440e9518 [ 68.807005][ T5360] FS: 0000000000000000(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 68.810876][ T5360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.813758][ T5360] CR2: 00007fceab582000 CR3: 00000000516ae000 CR4: 0000000000352ef0 [ 68.817217][ T5360] Call Trace: [ 68.818703][ T5360] [ 68.819958][ T5360] ext4_mb_use_preallocated+0x660/0x13f0 [ 68.822382][ T5360] ext4_mb_new_blocks+0x5b4/0x4720 [ 68.824529][ T5360] ? rcu_is_watching+0x15/0xb0 [ 68.826506][ T5360] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 68.828880][ T5360] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 68.831186][ T5360] ? ext4_block_to_path+0x297/0x6f0 [ 68.833437][ T5360] ext4_ind_map_blocks+0xe42/0x21c0 [ 68.835638][ T5360] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 68.837960][ T5360] ? __pfx_down_write+0x10/0x10 [ 68.839965][ T5360] ? ext4_es_lookup_extent+0x622/0xa70 [ 68.842192][ T5360] ext4_map_blocks+0x7fe/0x1740 [ 68.844264][ T5360] ? __pfx_ext4_map_blocks+0x10/0x10 [ 68.846401][ T5360] ? rcu_is_watching+0x15/0xb0 [ 68.848256][ T5360] ext4_do_writepages+0x16a1/0x4610 [ 68.850377][ T5360] ? __pfx_ext4_do_writepages+0x10/0x10 [ 68.852690][ T5360] ? __lock_acquire+0xab9/0xd20 [ 68.854681][ T5360] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.857008][ T5360] ext4_writepages+0x205/0x350 [ 68.858985][ T5360] ? __pfx_ext4_writepages+0x10/0x10 [ 68.861167][ T5360] ? __pfx_ext4_writepages+0x10/0x10 [ 68.863338][ T5360] do_writepages+0x32e/0x550 [ 68.865272][ T5360] ? do_raw_spin_lock+0x121/0x290 [ 68.867361][ T5360] __writeback_single_inode+0x145/0xff0 [ 68.869695][ T5360] ? do_raw_spin_unlock+0x4d/0x240 [ 68.871910][ T5360] writeback_single_inode+0x1f3/0x6a0 [ 68.874177][ T5360] write_inode_now+0x160/0x1d0 [ 68.876225][ T5360] ? __pfx_write_inode_now+0x10/0x10 [ 68.878466][ T5360] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 68.880892][ T5360] ? do_raw_spin_unlock+0x4d/0x240 [ 68.883072][ T5360] iput+0x5b9/0x9d0 [ 68.884740][ T5360] __dentry_kill+0x209/0x660 [ 68.886705][ T5360] ? dput+0x37/0x2b0 [ 68.888392][ T5360] dput+0x19f/0x2b0 [ 68.890052][ T5360] __fput+0x68e/0xa70 [ 68.891844][ T5360] task_work_run+0x1d1/0x260 [ 68.893869][ T5360] ? __pfx_task_work_run+0x10/0x10 [ 68.896132][ T5360] do_exit+0x6b5/0x2300 [ 68.897896][ T5360] ? do_raw_spin_lock+0x121/0x290 [ 68.900125][ T5360] ? __pfx_do_exit+0x10/0x10 [ 68.902149][ T5360] do_group_exit+0x21c/0x2d0 [ 68.904251][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.906601][ T5360] get_signal+0x1286/0x1340 [ 68.908626][ T5360] arch_do_signal_or_restart+0x9a/0x750 [ 68.910987][ T5360] ? __pfx___fput_deferred+0x10/0x10 [ 68.913213][ T5360] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 68.915750][ T5360] ? exit_to_user_mode_loop+0x40/0x110 [ 68.917897][ T5360] exit_to_user_mode_loop+0x75/0x110 [ 68.920029][ T5360] do_syscall_64+0x2bd/0x3b0 [ 68.922001][ T5360] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.924653][ T5360] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.927087][ T5360] ? clear_bhb_loop+0x60/0xb0 [ 68.929039][ T5360] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.931435][ T5360] RIP: 0033:0x7fdf7158ec29 [ 68.933345][ T5360] Code: Unable to access opcode bytes at 0x7fdf7158ebff. [ 68.936221][ T5360] RSP: 002b:00007fdf72383038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 68.939551][ T5360] RAX: 000000000000e000 RBX: 00007fdf717d6090 RCX: 00007fdf7158ec29 [ 68.942910][ T5360] RDX: 000000000001040c RSI: 0000200000000380 RDI: 0000000000000005 [ 68.946214][ T5360] RBP: 00007fdf71611e41 R08: 0000000000000000 R09: 0000000000000000 [ 68.949484][ T5360] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.952688][ T5360] R13: 00007fdf717d6128 R14: 00007fdf717d6090 R15: 00007ffc3ef39458 [ 68.955993][ T5360] [ 68.957372][ T5360] Modules linked in: [ 68.959572][ T5360] ---[ end trace 0000000000000000 ]--- [ 68.962200][ T5360] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 68.964657][ T5360] Code: e8 04 ba aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 20 be 45 ff 90 0f 0b e8 18 be 45 ff 90 0f 0b e8 10 be 45 ff 90 <0f> 0b e8 08 be 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 68.972620][ T5360] RSP: 0018:ffffc9000d356868 EFLAGS: 00010293 [ 68.975201][ T5360] RAX: ffffffff8279ff30 RBX: 00000000ffffffdc RCX: ffff888000214880 [ 68.978412][ T5360] RDX: 0000000000000000 RSI: 000000000000002c RDI: 0000000000000008 [ 68.982008][ T5360] RBP: 1ffff1100881d07b R08: ffff8880440e9503 R09: 1ffff1100881d2a0 [ 68.985300][ T5360] R10: dffffc0000000000 R11: ffffed100881d2a1 R12: 0000000000000000 [ 68.988589][ T5360] R13: 000000000000002c R14: 1ffff1100881d2a3 R15: ffff8880440e9518 [ 68.992033][ T5360] FS: 0000000000000000(0000) GS:ffff88808d007000(0000) knlGS:0000000000000000 [ 68.995739][ T5360] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.998440][ T5360] CR2: 00007fceab582000 CR3: 00000000516ae000 CR4: 0000000000352ef0 [ 69.001903][ T5360] Kernel panic - not syncing: Fatal exception [ 69.004855][ T5360] Kernel Offset: disabled [ 69.006786][ T5360] Rebooting in 86400 seconds..