program: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000180)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x2000000) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) write$cgroup_int(r0, &(0x7f0000000380), 0x1040c) close(r0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) r3 = dup(r2) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) r4 = socket(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x4c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x1c, 0x2, {{0x9, 0x3, 0x1, 0x6, 0xfffffffa, 0x22}}}}]}, 0x4c}}, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000180)={0x0, 0xa6, 0x10}, 0xc) sendmsg$inet6(r2, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r7 = dup(r2) setsockopt$SO_BINDTODEVICE(r7, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r3, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RSETATTR(r9, &(0x7f0000000000)={0x7, 0x1b, 0x2}, 0xffffff9a) splice(r8, 0x0, r2, 0x0, 0xfff, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x6, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) r10 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) [ 75.765760][ T5297] Bluetooth: hci0: command tx timeout [ 75.838955][ T5318] loop0: detected capacity change from 0 to 512 [ 75.863108][ T5318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.915962][ T5318] loop0: detected capacity change from 512 to 64 [ 75.929822][ T1055] kworker/u4:8: attempt to access beyond end of device [ 75.929822][ T1055] loop0: rw=1, sector=386, nr_sectors = 24 limit=64 [ 75.948983][ T1055] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 193) [ 75.955085][ T1055] Buffer I/O error on device loop0, logical block 193 [ 75.958260][ T1055] Buffer I/O error on device loop0, logical block 194 [ 75.961328][ T1055] Buffer I/O error on device loop0, logical block 195 [ 75.964255][ T1055] Buffer I/O error on device loop0, logical block 196 [ 75.997992][ T1055] Buffer I/O error on device loop0, logical block 197 [ 76.001065][ T1055] Buffer I/O error on device loop0, logical block 198 [ 76.004098][ T1055] Buffer I/O error on device loop0, logical block 199 [ 76.007348][ T1055] Buffer I/O error on device loop0, logical block 200 [ 76.043386][ T1055] Buffer I/O error on device loop0, logical block 201 [ 76.047214][ T1055] Buffer I/O error on device loop0, logical block 202 [ 76.058041][ T5318] ------------[ cut here ]------------ [ 76.060761][ T5318] kernel BUG at fs/ext4/mballoc.c:4765! [ 76.063096][ T5318] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 76.065808][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.069657][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.074310][ T5318] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 76.077064][ T5318] Code: e8 b4 ec a9 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 00 ae 42 ff 90 0f 0b e8 f8 ad 42 ff 90 0f 0b e8 f0 ad 42 ff 90 <0f> 0b e8 e8 ad 42 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 76.085136][ T5318] RSP: 0018:ffffc9000d3de9e8 EFLAGS: 00010283 [ 76.087864][ T5318] RAX: ffffffff827da580 RBX: 00000000fffffff4 RCX: 0000000000100000 [ 76.091403][ T5318] RDX: ffffc9000e14a000 RSI: 000000000000369d RDI: 000000000000369e [ 76.094813][ T5318] RBP: 1ffff11008633c7b R08: ffff88804319f5eb R09: 1ffff11008633ebd [ 76.098092][ T5318] R10: dffffc0000000000 R11: ffffed1008633ebe R12: 0000000000000000 [ 76.101566][ T5318] R13: 0000000000000010 R14: 1ffff11008633ec0 R15: ffff88804319f600 [ 76.105005][ T5318] FS: 00007f6f9bfac6c0(0000) GS:ffff88808d2fb000(0000) knlGS:0000000000000000 [ 76.108792][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.112200][ T5318] CR2: 00007f9b3441a000 CR3: 00000000122c1000 CR4: 0000000000352ef0 [ 76.116605][ T5318] Call Trace: [ 76.118558][ T5318] [ 76.120143][ T5318] ext4_mb_use_preallocated+0x660/0x13f0 [ 76.122565][ T5318] ext4_mb_new_blocks+0x5b4/0x4720 [ 76.124746][ T5318] ? _raw_spin_unlock+0x28/0x50 [ 76.126981][ T5318] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 76.129430][ T5318] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 76.131613][ T5318] ? ext4_block_to_path+0x297/0x6f0 [ 76.133984][ T5318] ext4_ind_map_blocks+0xe42/0x21c0 [ 76.136233][ T5318] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 76.138688][ T5318] ? __pfx_down_write+0x10/0x10 [ 76.140857][ T5318] ? ext4_es_lookup_extent+0x622/0xa70 [ 76.143131][ T5318] ext4_map_blocks+0x7fe/0x1740 [ 76.145205][ T5318] ? __pfx_ext4_map_blocks+0x10/0x10 [ 76.147347][ T5318] ? rcu_is_watching+0x15/0xb0 [ 76.149426][ T5318] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 76.151765][ T5318] ? kmem_cache_alloc_noprof+0x3b8/0x6e0 [ 76.153994][ T5318] ext4_do_writepages+0x16a1/0x4610 [ 76.156163][ T5318] ? __lock_acquire+0xab9/0xd20 [ 76.158341][ T5318] ? __pfx_ext4_do_writepages+0x10/0x10 [ 76.160956][ T5318] ? __lock_acquire+0xab9/0xd20 [ 76.163127][ T5318] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.165615][ T5318] ext4_writepages+0x205/0x350 [ 76.167589][ T5318] ? __pfx_ext4_writepages+0x10/0x10 [ 76.169624][ T5318] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 76.171987][ T5318] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 76.174472][ T5318] ? __pfx_ext4_writepages+0x10/0x10 [ 76.176406][ T5318] do_writepages+0x32e/0x550 [ 76.178319][ T5318] ? __pfx_inode_wait_for_writeback+0x10/0x10 [ 76.180781][ T5318] ? do_raw_spin_lock+0x121/0x290 [ 76.182880][ T5318] __writeback_single_inode+0x145/0xff0 [ 76.185246][ T5318] ? do_raw_spin_unlock+0x4d/0x240 [ 76.187586][ T5318] writeback_single_inode+0x1f9/0x6a0 [ 76.189934][ T5318] write_inode_now+0x160/0x1d0 [ 76.192142][ T5318] ? __pfx_write_inode_now+0x10/0x10 [ 76.194437][ T5318] ? do_raw_spin_unlock+0x4d/0x240 [ 76.196646][ T5318] iput+0x830/0xc50 [ 76.198407][ T5318] __dentry_kill+0x209/0x660 [ 76.200478][ T5318] ? dput+0x37/0x2b0 [ 76.202206][ T5318] dput+0x19f/0x2b0 [ 76.203910][ T5318] __fput+0x68e/0xa70 [ 76.205648][ T5318] task_work_run+0x1d4/0x260 [ 76.207704][ T5318] ? __pfx_task_work_run+0x10/0x10 [ 76.209996][ T5318] get_signal+0x11ec/0x1340 [ 76.211969][ T5318] ? task_work_add+0x281/0x420 [ 76.214035][ T5318] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 76.216477][ T5318] ? __pfx_vfs_write+0x10/0x10 [ 76.218576][ T5318] arch_do_signal_or_restart+0xa0/0x790 [ 76.220970][ T5318] ? __pfx___fput_deferred+0x10/0x10 [ 76.223217][ T5318] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 76.225886][ T5318] ? exit_to_user_mode_loop+0x40/0x130 [ 76.228169][ T5318] exit_to_user_mode_loop+0x72/0x130 [ 76.230501][ T5318] do_syscall_64+0x2bd/0xfa0 [ 76.232571][ T5318] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.234826][ T5318] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.237379][ T5318] ? clear_bhb_loop+0x60/0xb0 [ 76.239418][ T5318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.241999][ T5318] RIP: 0033:0x7f6f9b18efc9 [ 76.244008][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.252327][ T5318] RSP: 002b:00007f6f9bfac038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.255967][ T5318] RAX: 0000000000007000 RBX: 00007f6f9b3e5fa0 RCX: 00007f6f9b18efc9 [ 76.259402][ T5318] RDX: 000000000001040c RSI: 0000200000000380 RDI: 0000000000000004 [ 76.262768][ T5318] RBP: 00007f6f9b211f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.266018][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.269299][ T5318] R13: 00007f6f9b3e6038 R14: 00007f6f9b3e5fa0 R15: 00007ffdff805878 [ 76.272773][ T5318] [ 76.274105][ T5318] Modules linked in: [ 76.276439][ T5318] ---[ end trace 0000000000000000 ]--- [ 76.278764][ T5318] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 76.281490][ T5318] Code: e8 b4 ec a9 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 00 ae 42 ff 90 0f 0b e8 f8 ad 42 ff 90 0f 0b e8 f0 ad 42 ff 90 <0f> 0b e8 e8 ad 42 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 76.290017][ T5318] RSP: 0018:ffffc9000d3de9e8 EFLAGS: 00010283 [ 76.292629][ T5318] RAX: ffffffff827da580 RBX: 00000000fffffff4 RCX: 0000000000100000 [ 76.296294][ T5318] RDX: ffffc9000e14a000 RSI: 000000000000369d RDI: 000000000000369e [ 76.299631][ T5318] RBP: 1ffff11008633c7b R08: ffff88804319f5eb R09: 1ffff11008633ebd [ 76.303044][ T5318] R10: dffffc0000000000 R11: ffffed1008633ebe R12: 0000000000000000 [ 76.306637][ T5318] R13: 0000000000000010 R14: 1ffff11008633ec0 R15: ffff88804319f600 [ 76.310014][ T5318] FS: 00007f6f9bfac6c0(0000) GS:ffff88808d2fb000(0000) knlGS:0000000000000000 [ 76.313852][ T5318] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.316668][ T5318] CR2: 00007f9b3441a000 CR3: 00000000122c1000 CR4: 0000000000352ef0 [ 76.320505][ T5318] Kernel panic - not syncing: Fatal exception [ 76.323491][ T5318] Kernel Offset: disabled [ 76.325411][ T5318] Rebooting in 86400 seconds..