syzbot

EXT4-fs error (device loop3): mb_free_blocks:1948: group 0, inode 15: block 433:freeing already freed block (bit 27); block bitmap corrupt.
------------[ cut here ]------------
kernel BUG at fs/ext4/extents.c:2153!
Oops: invalid opcode: 0000 [#1] SMP KASAN PTI
CPU: 0 UID: 0 PID: 6127 Comm: syz.3.19 Not tainted 6.16.0-rc5-syzkaller-00193-g40f92e79b0aa #0 PREEMPT(full) 
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
RIP: 0010:ext4_ext_insert_extent+0x4ab7/0x4af0 fs/ext4/extents.c:2153
Code: 89 d9 80 e1 07 fe c1 38 c1 0f 8c a6 e7 ff ff 48 89 df e8 3c 95 b6 ff e9 99 e7 ff ff e8 a2 3d 55 ff 90 0f 0b e8 9a 3d 55 ff 90 <0f> 0b e8 92 3d 55 ff 90 0f 0b 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90003ceec60 EFLAGS: 00010293
RAX: ffffffff826af7b6 RBX: 0000000000000020 RCX: ffff88802575da00
RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000000000020
RBP: ffffc90003ceee10 R08: ffff88805dbd43a7 R09: 1ffff1100bb7a874
R10: dffffc0000000000 R11: ffffed100bb7a875 R12: 0000000000000020
R13: dffffc0000000000 R14: ffff888070247448 R15: ffff88814c76ca00
FS:  00007eff2ab616c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000020000000e000 CR3: 000000002431c000 CR4: 00000000003526f0
Call Trace:
 <TASK>
 ext4_ext_map_blocks+0x1792/0x6ac0 fs/ext4/extents.c:4404
 ext4_map_create_blocks fs/ext4/inode.c:609 [inline]
 ext4_map_blocks+0x931/0x18d0 fs/ext4/inode.c:813
 _ext4_get_block+0x200/0x4c0 fs/ext4/inode.c:892
 ext4_get_block_unwritten+0x2e/0x100 fs/ext4/inode.c:925
 ext4_block_write_begin+0x6f8/0x14b0 fs/ext4/inode.c:1178
 ext4_write_begin+0xa4f/0x1680 fs/ext4/ext4_jbd2.h:-1
 ext4_da_write_begin+0x449/0xd20 fs/ext4/inode.c:3057
 generic_perform_write+0x2c4/0x910 mm/filemap.c:4112
 ext4_buffered_write_iter+0xce/0x3a0 fs/ext4/file.c:299
 ext4_dio_write_iter fs/ext4/file.c:613 [inline]
 ext4_file_write_iter+0x182a/0x1bc0 fs/ext4/file.c:721
 do_iter_readv_writev+0x56b/0x7f0 fs/read_write.c:-1
 vfs_writev+0x31a/0x960 fs/read_write.c:1057
 do_pwritev fs/read_write.c:1153 [inline]
 __do_sys_pwritev2 fs/read_write.c:1211 [inline]
 __se_sys_pwritev2+0x179/0x290 fs/read_write.c:1202
 do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
 do_syscall_64+0xfa/0x3b0 arch/x86/entry/syscall_64.c:94
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
RIP: 0033:0x7eff29d8e929
Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
RSP: 002b:00007eff2ab61038 EFLAGS: 00000246 ORIG_RAX: 0000000000000148
RAX: ffffffffffffffda RBX: 00007eff29fb6080 RCX: 00007eff29d8e929
RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000007
RBP: 00007eff29e10b39 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000e7b R11: 0000000000000246 R12: 0000000000000000
R13: 0000000000000000 R14: 00007eff29fb6080 R15: 00007ffe89f6d9f8
 </TASK>
Modules linked in:
---[ end trace 0000000000000000 ]---
RIP: 0010:ext4_ext_insert_extent+0x4ab7/0x4af0 fs/ext4/extents.c:2153
Code: 89 d9 80 e1 07 fe c1 38 c1 0f 8c a6 e7 ff ff 48 89 df e8 3c 95 b6 ff e9 99 e7 ff ff e8 a2 3d 55 ff 90 0f 0b e8 9a 3d 55 ff 90 <0f> 0b e8 92 3d 55 ff 90 0f 0b 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c
RSP: 0018:ffffc90003ceec60 EFLAGS: 00010293

RAX: ffffffff826af7b6 RBX: 0000000000000020 RCX: ffff88802575da00
RDX: 0000000000000000 RSI: 0000000000000020 RDI: 0000000000000020
RBP: ffffc90003ceee10 R08: ffff88805dbd43a7 R09: 1ffff1100bb7a874
R10: dffffc0000000000 R11: ffffed100bb7a875 R12: 0000000000000020
R13: dffffc0000000000 R14: ffff888070247448 R15: ffff88814c76ca00
FS:  00007eff2ab616c0(0000) GS:ffff888125c4f000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f2a90941000 CR3: 000000002431c000 CR4: 00000000003526f0