program: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x44, 0x2, 0x6, 0x201, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x2}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_NETMASK={0x5, 0x14, 0x6}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x50}}, 0x28040060) (async) syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000180)={[{}]}, 0x1, 0x45c, &(0x7f0000000640)="$eJzs3U1sFGUYB/D/bj9IAC0YPxC/KqgUUWpbEyTBRKKc5GIw8dzQQoiFGloTIcRo4sGbFxPPHpSbRw6ejAc8aoIXb+rJGIkhEk9qzWx32m3plja0ner+fsnsvvPBvs/Mu8/M7MubaYCO1V+81JLtSb5P0jc7u3CD/tm3mzcunfzzxqWTtczMnPi91tjujxuXTpablv9uW/FSTwbqSf2DWh5aot6pCxffHJ2YGD/fnB+cPvvW4NSFi8+eOTt6evz0+LmhQ4dfGBk6NDwysmb7+urld09se+2lYx+NXftt8vJPXxbxbm+ua92PtdKf/oXHssVTa11Zxe5rKde6KwyEVelKUjRXTyP/+9KV+cbryzc/VhocsK5mClvarn5vBvgfq6XqCIBqlBf64vdvOW3UvQfVu3509gdg0e43m9Psmu7Um9v0LPp9v5b6kxy5cuyLYso69cMAAAAAdLKvjiZ5Zqn+v3rub9muKD+QZFeSB5PsThrjeh5O8kiSR5M8Vo4nWoXF2y/u/6m1G0DDmrh+NDnSHNu1sP+v7P3Ljq7m3F3FTHpqp85MjD+X5O4kA+nZUswPLVPH1W//+a7dutb+v2Iq6i/7Aptx/Nq96P+nx0anR+9kn5l3/f1kd/dS7V+bGwlUpODjSfas5oN75os/79l/ut1mt29/1tPMp8m+JfO/eeK9drjxtsz4zMHG+WCwPCvc6sOh4Vfa1a/9q1Xk/9bl2j/ZUWsdrzu1+jqu7rryYrt1C9s/9duf/3/4rDj/99ZebwTY21z6zuj09PmhpLd2/Nblw6uP+b+t/U1TeTzK41W0/8Depa//97R82t4kTyR5sjl2eV/j2p/sT/J0kgPLRPP3y4feaLdO/leraP+xJfN/bmjAovxffeHIzk+Ot6t/Zfd/zze+0APNJe7/bm+lDVR1nAAAAAAAAACsjXrjGXi1+sG5cr1+8ODsM/zuzdb6xOTU9IFTk2+fG5t9Vt6O9NTLkV59LeNBhxrl+fnhRfMjSXYm+bjrr+aTByYnxqreeehw29rkf+GXrqqjA9ad57VC51pB/vdsRBzAxnP9h84l/6FzyX/oXPIfOpf8h84l/6FzrTz/e9c1DmDjuf5DR7qT5/pttkJ3NkUYc4Xy7+AXS8rxUxXFU4ayGQ7Lpi18/nWyAXV1Nb8Sm2GXlylUdkoCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2FT+DQAA//+JZ9bb") r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r2, 0x40086602, &(0x7f00000002c0)=0x2000000) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) recvmsg(r3, &(0x7f00000004c0)={&(0x7f0000000200)=@ax25={{0x3, @netrom}, [@bcast, @rose, @netrom, @netrom, @bcast, @netrom, @rose]}, 0x80, &(0x7f0000000100)=[{&(0x7f00000014c0)=""/4096, 0x1000}, {&(0x7f00000024c0)=""/4096, 0x1000}, {&(0x7f0000000300)=""/74, 0x4a}, {&(0x7f00000003c0)=""/84, 0x54}], 0x4, &(0x7f0000000440)=""/50, 0x32}, 0x40000165) (async) write$cgroup_int(r2, &(0x7f0000000380), 0x1040c) (async) close(r2) (async) perf_event_open(&(0x7f0000000180)={0x2, 0x80, 0xbe, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2040, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, @perf_bp={0x0, 0x8}, 0x2086, 0x8, 0x0, 0x5, 0x3fe, 0x7fffffff, 0x80, 0x0, 0x0, 0x0, 0x8000000000000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) (async) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000100)=0x6) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) [ 75.518738][ T4683] Bluetooth: hci0: command tx timeout [ 75.592147][ T5338] loop0: detected capacity change from 0 to 512 [ 75.620629][ T5338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 75.696225][ T5338] loop0: detected capacity change from 512 to 64 [ 75.745576][ T5338] syz.0.0: attempt to access beyond end of device [ 75.745576][ T5338] loop0: rw=2049, sector=258, nr_sectors = 24 limit=64 [ 75.769845][ T5338] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 129) [ 75.774820][ T5338] Buffer I/O error on device loop0, logical block 129 [ 75.777920][ T5338] Buffer I/O error on device loop0, logical block 130 [ 75.780724][ T5338] Buffer I/O error on device loop0, logical block 131 [ 75.783524][ T5338] Buffer I/O error on device loop0, logical block 132 [ 75.791612][ T5338] Buffer I/O error on device loop0, logical block 133 [ 75.794556][ T5338] Buffer I/O error on device loop0, logical block 134 [ 75.797583][ T5338] Buffer I/O error on device loop0, logical block 135 [ 75.800552][ T5338] Buffer I/O error on device loop0, logical block 136 [ 75.804182][ T5338] Buffer I/O error on device loop0, logical block 137 [ 75.807026][ T5338] Buffer I/O error on device loop0, logical block 138 [ 75.916266][ T5338] ------------[ cut here ]------------ [ 75.919317][ T5338] kernel BUG at fs/ext4/mballoc.c:4787! [ 75.921903][ T5338] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 75.924489][ T5338] CPU: 0 UID: 0 PID: 5338 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 75.928083][ T5338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 75.932283][ T5338] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 75.935235][ T5338] Code: e8 84 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 c0 b6 40 ff 90 0f 0b e8 b8 b6 40 ff 90 0f 0b e8 b0 b6 40 ff 90 <0f> 0b e8 a8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 75.943617][ T5338] RSP: 0018:ffffc9000854e9c8 EFLAGS: 00010293 [ 75.946330][ T5338] RAX: ffffffff82804e70 RBX: 00000000ffffffe4 RCX: ffff888034f1c980 [ 75.949866][ T5338] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 000000000000000c [ 75.953413][ T5338] RBP: 1ffff11008ee0a98 R08: ffff8880477066d3 R09: 1ffff11008ee0cda [ 75.956912][ T5338] R10: dffffc0000000000 R11: ffffed1008ee0cdb R12: 0000000000000000 [ 75.960320][ T5338] R13: 0000000000000028 R14: 1ffff11008ee0cdd R15: ffff8880477066e8 [ 75.963736][ T5338] FS: 00007f938e97b6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 75.967658][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 75.970815][ T5338] CR2: 000020000000e000 CR3: 000000003b6a8000 CR4: 0000000000352ef0 [ 75.974373][ T5338] Call Trace: [ 75.975809][ T5338] [ 75.977164][ T5338] ext4_mb_use_preallocated+0x660/0x13f0 [ 75.979537][ T5338] ext4_mb_new_blocks+0x5a1/0x46a0 [ 75.981551][ T5338] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 75.984128][ T5338] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 75.986501][ T5338] ? ext4_block_to_path+0x297/0x6f0 [ 75.988725][ T5338] ext4_ind_map_blocks+0xe22/0x2190 [ 75.990873][ T5338] ? stack_trace_save+0x9c/0xe0 [ 75.992900][ T5338] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 75.995343][ T5338] ? ext4_map_blocks+0x73f/0x16f0 [ 75.997581][ T5338] ? __pfx_down_write+0x10/0x10 [ 75.999791][ T5338] ? ext4_es_lookup_extent+0x6cd/0xb00 [ 76.002016][ T5338] ext4_map_blocks+0x7d2/0x16f0 [ 76.004118][ T5338] ? __pfx_ext4_map_blocks+0x10/0x10 [ 76.006264][ T5338] ? rcu_is_watching+0x15/0xb0 [ 76.008389][ T5338] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 76.010643][ T5338] ? kmem_cache_alloc_noprof+0x3ce/0x710 [ 76.013070][ T5338] ? __ext4_journal_ensure_credits+0x30/0x450 [ 76.015652][ T5338] ext4_do_writepages+0x18bb/0x4500 [ 76.017916][ T5338] ? __pfx_ext4_do_writepages+0x10/0x10 [ 76.020377][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 76.022426][ T5338] ? __free_object+0x442/0x5e0 [ 76.024361][ T5338] ? lockdep_hardirqs_on+0x7b/0x110 [ 76.026472][ T5338] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 76.029154][ T5338] ? ext4_writepages+0x1ca/0x350 [ 76.031283][ T5338] ? ext4_writepages+0x1ca/0x350 [ 76.033350][ T5338] ext4_writepages+0x203/0x350 [ 76.035578][ T5338] ? __pfx_ext4_writepages+0x10/0x10 [ 76.037987][ T5338] ? __lock_acquire+0x6b6/0x2cf0 [ 76.040216][ T5338] ? __pfx_ext4_writepages+0x10/0x10 [ 76.042586][ T5338] do_writepages+0x32e/0x550 [ 76.045350][ T5338] __writeback_single_inode+0x133/0x1240 [ 76.047848][ T5338] ? do_raw_spin_unlock+0x4d/0x240 [ 76.050189][ T5338] writeback_single_inode+0x493/0xc70 [ 76.052742][ T5338] write_inode_now+0x160/0x1d0 [ 76.055049][ T5338] ? __pfx_write_inode_now+0x10/0x10 [ 76.057484][ T5338] ? do_raw_spin_unlock+0x4d/0x240 [ 76.060112][ T5338] iput+0xa77/0x1030 [ 76.062364][ T5338] __dentry_kill+0x209/0x660 [ 76.064975][ T5338] ? finish_dput+0xad/0x480 [ 76.067519][ T5338] finish_dput+0xc9/0x480 [ 76.069814][ T5338] __fput+0x68e/0xa70 [ 76.071952][ T5338] task_work_run+0x1d4/0x260 [ 76.074362][ T5338] ? __pfx_task_work_run+0x10/0x10 [ 76.076910][ T5338] get_signal+0x11ec/0x1340 [ 76.079491][ T5338] ? task_work_add+0x391/0x440 [ 76.082163][ T5338] ? __mutex_unlock_slowpath+0x1a1/0x730 [ 76.085144][ T5338] ? __pfx_vfs_write+0x10/0x10 [ 76.087597][ T5338] arch_do_signal_or_restart+0x9a/0x7a0 [ 76.090119][ T5338] ? __pfx___fput_deferred+0x10/0x10 [ 76.092490][ T5338] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 76.095249][ T5338] ? ksys_write+0x22a/0x250 [ 76.097320][ T5338] exit_to_user_mode_loop+0x87/0x4e0 [ 76.099796][ T5338] ? rcu_is_watching+0x15/0xb0 [ 76.101964][ T5338] do_syscall_64+0x2b7/0xf80 [ 76.104090][ T5338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.106883][ T5338] ? trace_irq_disable+0x37/0x100 [ 76.109218][ T5338] ? clear_bhb_loop+0x60/0xb0 [ 76.111466][ T5338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.114270][ T5338] RIP: 0033:0x7f938db8f7c9 [ 76.116261][ T5338] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.124239][ T5338] RSP: 002b:00007f938e97b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.127791][ T5338] RAX: 000000000000d000 RBX: 00007f938dde5fa0 RCX: 00007f938db8f7c9 [ 76.131218][ T5338] RDX: 000000000001040c RSI: 0000200000000380 RDI: 0000000000000006 [ 76.134568][ T5338] RBP: 00007f938dc13f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.138097][ T5338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.141583][ T5338] R13: 00007f938dde6038 R14: 00007f938dde5fa0 R15: 00007fff24580c48 [ 76.145020][ T5338] [ 76.146339][ T5338] Modules linked in: [ 76.150595][ T5338] ---[ end trace 0000000000000000 ]--- [ 76.152820][ T5338] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 76.155163][ T5338] Code: e8 84 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 c0 b6 40 ff 90 0f 0b e8 b8 b6 40 ff 90 0f 0b e8 b0 b6 40 ff 90 <0f> 0b e8 a8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 76.163707][ T5338] RSP: 0018:ffffc9000854e9c8 EFLAGS: 00010293 [ 76.166460][ T5338] RAX: ffffffff82804e70 RBX: 00000000ffffffe4 RCX: ffff888034f1c980 [ 76.169740][ T5338] RDX: 0000000000000000 RSI: 0000000000000028 RDI: 000000000000000c [ 76.173570][ T5338] RBP: 1ffff11008ee0a98 R08: ffff8880477066d3 R09: 1ffff11008ee0cda [ 76.177095][ T5338] R10: dffffc0000000000 R11: ffffed1008ee0cdb R12: 0000000000000000 [ 76.180941][ T5338] R13: 0000000000000028 R14: 1ffff11008ee0cdd R15: ffff8880477066e8 [ 76.185192][ T5338] FS: 00007f938e97b6c0(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 76.189454][ T5338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.192377][ T5338] CR2: 000020000000e000 CR3: 000000003b6a8000 CR4: 0000000000352ef0 [ 76.195856][ T5338] Kernel panic - not syncing: Fatal exception [ 76.198778][ T5338] Kernel Offset: disabled [ 76.200622][ T5338] Rebooting in 86400 seconds..