program: openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) mprotect(&(0x7f0000006000/0x4000)=nil, 0x4000, 0x8) r0 = open(&(0x7f0000000080)='./bus\x00', 0x400141042, 0x87) syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f0000000040)={[{}]}, 0x1, 0x459, &(0x7f0000000640)="$eJzs3U1sFOUfB/DvbrslAf7/gvEF8a2CShGltjVBEkwkykkuBhPPDS2EWKihNRFCjCYevHkx8exBuXnk4Ml4wKMmePGmnoyRGCLx4kvNbHfpsnRLN7Sd6n4+yew+s/N0n9/M09/M7tMn0wA9a6h4qCRbk3ybZHBh9eYKQwtP169dOP77tQvHK5mfP/ZrpV7vt2sXjjerNn9uS/FQTYarSfW9Sh5Yot3Zc+dfn5ienjrbWB+ZO/3GyOy580+fOj1xcurk1JnRAwefGx89MDY+vmr7+vLFt49teeWFIx9MXvll5uIPnxfxbm1sa92P1TKUoZuPZYsnVruxkt3TUq70lxgIXelLUnRXrZ7/g+nLYucN5qvvSw0OWFPzhU0dN78zD/yHVVJ2BEA5mhf64vtvc1mvzx6U7+rhhS+ARb9fbywLW/pTbdSptX2/X01DSQ5dOvJZsWSNxmEAAAAAetkXh5M8VZTax/+qubelXlG+L8mOJPcn2ZnU5/U8mOShJA8neaQ5n6gL7fXbx38qnSbQsCquHk4ONeZ23Tz+1xz9y7a+xtr/ipXUKidOTU89k+T/SYZT21Ssjy7TxuWv//6m07bW8b9iKdpvjgU24vi5v+3v05MTcxN3ss8suvpusrN/qf6v3JgJVKTgo0l2dfPGtcXij7v2nuxU7fb9z1qa/zjZs2T+N068Vw7Wn5aZnzlSPx+MNM8Kt3p/dOylTu3r/3IV+b95uf5PtlVa5+vOdt/G5R2Xnu+0rfvz/3efFOf/gcqr9QAHGq++NTE3d3Y0GagcvfX1se5j/nfr/KGpeTyax6vo/+HdS1//72p5t91JHkvyeGPu8p76tT/Zm+TJJPuWieavFw+81mmb/C9X0f+TS+b/jakBbfnffeHQ9o+Odmp/Zfn/bP0Xerjxis9/t7fSDio7TgAAAAAAAABWR7V+D7xKdf+NcrW6f//CPfzuzubq9Mzs3L4TM2+emVy4V9621KrNmV6DLfNBR+vlxfWxtvXxJNuTfNj3Z+POAzPTk2XvPPS4LR3yv/BTX9nRAWvO/Vqhd60g/2vrEQewzv6Yd/2HHib/oXfJf+hd8h96l/yH3iX/oXetPP8H1jQOYP25/kNPupP7+m20Qn82RBhLFprzp0oKo/kv+TfI0diYhU+/TNahrb4kG2WXlymUeVYCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2Dj+CQAA//9FI9tS") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x2000000) open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1000000000000000edf1139c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a00400", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) write$cgroup_int(r1, &(0x7f0000000380), 0x1040c) close(r1) socketpair$tipc(0x1e, 0x4, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) connect$tipc(r3, &(0x7f0000000180)=@id={0x1e, 0x3, 0x1, {0x4e21, 0x2}}, 0x10) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x580000a, 0x13, r0, 0x0) [ 67.993484][ T5335] Bluetooth: hci0: command tx timeout [ 68.052450][ T5354] loop0: detected capacity change from 0 to 512 [ 68.097084][ T5354] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.163947][ T5354] loop0: detected capacity change from 512 to 64 [ 68.178325][ T5354] syz.0.0: attempt to access beyond end of device [ 68.178325][ T5354] loop0: rw=2049, sector=386, nr_sectors = 24 limit=64 [ 68.194892][ T5354] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 193) [ 68.199714][ T5354] Buffer I/O error on device loop0, logical block 193 [ 68.202779][ T5354] Buffer I/O error on device loop0, logical block 194 [ 68.205957][ T5354] Buffer I/O error on device loop0, logical block 195 [ 68.208921][ T5354] Buffer I/O error on device loop0, logical block 196 [ 68.230578][ T5354] Buffer I/O error on device loop0, logical block 197 [ 68.233737][ T5354] Buffer I/O error on device loop0, logical block 198 [ 68.236865][ T5354] Buffer I/O error on device loop0, logical block 199 [ 68.239858][ T5354] Buffer I/O error on device loop0, logical block 200 [ 68.244714][ T5354] Buffer I/O error on device loop0, logical block 201 [ 68.247942][ T5354] Buffer I/O error on device loop0, logical block 202 [ 68.353291][ T5354] ------------[ cut here ]------------ [ 68.355846][ T5354] kernel BUG at fs/ext4/mballoc.c:4755! [ 68.358520][ T5354] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 68.361761][ T5354] CPU: 0 UID: 0 PID: 5354 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11129-geacf91b0c78a #0 PREEMPT(full) [ 68.367158][ T5354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 68.371524][ T5354] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 68.374121][ T5354] Code: e8 14 de aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 0c 46 ff 90 0f 0b e8 78 0c 46 ff 90 0f 0b e8 70 0c 46 ff 90 <0f> 0b e8 68 0c 46 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 68.382149][ T5354] RSP: 0018:ffffc9000d256c48 EFLAGS: 00010287 [ 68.384700][ T5354] RAX: ffffffff8279a230 RBX: 00000000fffffffc RCX: 0000000000100000 [ 68.388068][ T5354] RDX: ffffc9000e37a000 RSI: 00000000000057e0 RDI: 00000000000057e1 [ 68.391422][ T5354] RBP: 1ffff1100875c27b R08: ffff888043ae2503 R09: 1ffff1100875c4a0 [ 68.394754][ T5354] R10: dffffc0000000000 R11: ffffed100875c4a1 R12: 0000000000000000 [ 68.398092][ T5354] R13: 000000000000000c R14: 1ffff1100875c4a3 R15: ffff888043ae2518 [ 68.401385][ T5354] FS: 00007fdb1b06a6c0(0000) GS:ffff88808d21f000(0000) knlGS:0000000000000000 [ 68.405216][ T5354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.408156][ T5354] CR2: 00007fdb1b048fc8 CR3: 0000000043030000 CR4: 0000000000352ef0 [ 68.411631][ T5354] Call Trace: [ 68.413116][ T5354] [ 68.414475][ T5354] ext4_mb_use_preallocated+0x660/0x13f0 [ 68.416990][ T5354] ext4_mb_new_blocks+0x5b4/0x4720 [ 68.419429][ T5354] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 68.421961][ T5354] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 68.424255][ T5354] ? ext4_block_to_path+0x297/0x6f0 [ 68.426507][ T5354] ext4_ind_map_blocks+0xe21/0x21b0 [ 68.428679][ T5354] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 68.431018][ T5354] ? __pfx_down_write+0x10/0x10 [ 68.433145][ T5354] ? ext4_es_lookup_extent+0x622/0xa70 [ 68.435485][ T5354] ext4_map_blocks+0x7fe/0x1740 [ 68.437573][ T5354] ? __pfx_ext4_map_blocks+0x10/0x10 [ 68.439733][ T5354] ? rcu_is_watching+0x15/0xb0 [ 68.441850][ T5354] ext4_do_writepages+0x16a1/0x4610 [ 68.444271][ T5354] ? __free_object+0x4e3/0x6d0 [ 68.446311][ T5354] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.448464][ T5354] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 68.450977][ T5354] ? __pfx_ext4_do_writepages+0x10/0x10 [ 68.453403][ T5354] ? __lock_acquire+0xab9/0xd20 [ 68.455635][ T5354] ? __lock_acquire+0xab9/0xd20 [ 68.457971][ T5354] ? rcu_read_lock_any_held+0xb3/0x120 [ 68.460401][ T5354] ext4_writepages+0x205/0x350 [ 68.462407][ T5354] ? __pfx_ext4_writepages+0x10/0x10 [ 68.464867][ T5354] ? __pfx_ext4_writepages+0x10/0x10 [ 68.467094][ T5354] do_writepages+0x32e/0x550 [ 68.468977][ T5354] ? do_raw_spin_lock+0x121/0x290 [ 68.471166][ T5354] __writeback_single_inode+0x145/0xff0 [ 68.473491][ T5354] ? do_raw_spin_unlock+0x4d/0x240 [ 68.475703][ T5354] writeback_single_inode+0x1f3/0x6a0 [ 68.478178][ T5354] write_inode_now+0x160/0x1d0 [ 68.480287][ T5354] ? __pfx_write_inode_now+0x10/0x10 [ 68.482687][ T5354] ? __mutex_unlock_slowpath+0x1a1/0x760 [ 68.485187][ T5354] ? do_raw_spin_unlock+0x4d/0x240 [ 68.487491][ T5354] iput+0x5b9/0x9d0 [ 68.489202][ T5354] __dentry_kill+0x209/0x660 [ 68.491311][ T5354] ? dput+0x37/0x2b0 [ 68.492801][ T5354] dput+0x19f/0x2b0 [ 68.494526][ T5354] __fput+0x68e/0xa70 [ 68.496354][ T5354] fput_close_sync+0x119/0x200 [ 68.498492][ T5354] ? __pfx_fput_close_sync+0x10/0x10 [ 68.500873][ T5354] __x64_sys_close+0x7f/0x110 [ 68.502998][ T5354] do_syscall_64+0xfa/0x3b0 [ 68.505056][ T5354] ? lockdep_hardirqs_on+0x9c/0x150 [ 68.507313][ T5354] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.509840][ T5354] ? clear_bhb_loop+0x60/0xb0 [ 68.511919][ T5354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 68.514682][ T5354] RIP: 0033:0x7fdb1a18eb69 [ 68.516745][ T5354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 68.525228][ T5354] RSP: 002b:00007fdb1b06a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 68.528898][ T5354] RAX: ffffffffffffffda RBX: 00007fdb1a3b5fa0 RCX: 00007fdb1a18eb69 [ 68.532391][ T5354] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 68.535802][ T5354] RBP: 00007fdb1a211df1 R08: 0000000000000000 R09: 0000000000000000 [ 68.539160][ T5354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 68.542611][ T5354] R13: 0000000000000000 R14: 00007fdb1a3b5fa0 R15: 00007ffea66a9e98 [ 68.546230][ T5354] [ 68.547660][ T5354] Modules linked in: [ 68.549869][ T5354] ---[ end trace 0000000000000000 ]--- [ 68.552275][ T5354] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 68.555369][ T5354] Code: e8 14 de aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 0c 46 ff 90 0f 0b e8 78 0c 46 ff 90 0f 0b e8 70 0c 46 ff 90 <0f> 0b e8 68 0c 46 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 68.563982][ T5354] RSP: 0018:ffffc9000d256c48 EFLAGS: 00010287 [ 68.566762][ T5354] RAX: ffffffff8279a230 RBX: 00000000fffffffc RCX: 0000000000100000 [ 68.570314][ T5354] RDX: ffffc9000e37a000 RSI: 00000000000057e0 RDI: 00000000000057e1 [ 68.573872][ T5354] RBP: 1ffff1100875c27b R08: ffff888043ae2503 R09: 1ffff1100875c4a0 [ 68.577204][ T5354] R10: dffffc0000000000 R11: ffffed100875c4a1 R12: 0000000000000000 [ 68.580599][ T5354] R13: 000000000000000c R14: 1ffff1100875c4a3 R15: ffff888043ae2518 [ 68.584087][ T5354] FS: 00007fdb1b06a6c0(0000) GS:ffff88808d21f000(0000) knlGS:0000000000000000 [ 68.587842][ T5354] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.590703][ T5354] CR2: 00007fdb1b048fc8 CR3: 0000000043030000 CR4: 0000000000352ef0 [ 68.594367][ T5354] Kernel panic - not syncing: Fatal exception [ 68.597332][ T5354] Kernel Offset: disabled [ 68.599298][ T5354] Rebooting in 86400 seconds..