program: syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xed, 0x474, &(0x7f0000000b80)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") open(&(0x7f0000000100)='./bus\x00', 0x14927e, 0x1) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f00000003c0)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000080)=0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11) pwritev2(r1, &(0x7f0000000cc0)=[{&(0x7f0000000240)=';', 0xffffffbc}], 0x1, 0xfff, 0xc, 0x4) (fail_nth: 9) [ 114.592099][ T4650] Bluetooth: hci0: command tx timeout [ 114.650064][ T5323] loop0: detected capacity change from 0 to 512 [ 114.676009][ T5323] EXT4-fs (loop0): invalid journal inode [ 114.699461][ T5323] EXT4-fs (loop0): can't get journal size [ 114.734885][ T5323] EXT4-fs (loop0): 1 truncate cleaned up [ 114.757614][ T5323] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 114.803006][ T5323] loop0: detected capacity change from 512 to 64 [ 114.818464][ T5323] syz.0.0: attempt to access beyond end of device [ 114.818464][ T5323] loop0: rw=2049, sector=72, nr_sectors = 2 limit=64 [ 114.827323][ T5323] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 36) [ 114.833173][ T5323] Buffer I/O error on device loop0, logical block 36 [ 114.836167][ T5323] syz.0.0: attempt to access beyond end of device [ 114.836167][ T5323] loop0: rw=2049, sector=78, nr_sectors = 2 limit=64 [ 114.841751][ T5323] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 39) [ 114.848293][ T5323] Buffer I/O error on device loop0, logical block 39 [ 114.855737][ T5323] syz.0.0: attempt to access beyond end of device [ 114.855737][ T5323] loop0: rw=2049, sector=80, nr_sectors = 16 limit=64 [ 114.873753][ T5323] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 40) [ 114.881055][ T5323] Buffer I/O error on device loop0, logical block 40 [ 114.884103][ T5323] Buffer I/O error on device loop0, logical block 41 [ 114.886820][ T5323] Buffer I/O error on device loop0, logical block 42 [ 114.889879][ T5323] Buffer I/O error on device loop0, logical block 43 [ 114.902714][ T1060] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm kworker/u4:7: corrupted inode contents [ 114.917797][ T1060] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm kworker/u4:7: mark_inode_dirty error [ 114.924555][ T5323] Buffer I/O error on device loop0, logical block 44 [ 114.927563][ T5323] Buffer I/O error on device loop0, logical block 45 [ 114.930366][ T5323] Buffer I/O error on device loop0, logical block 46 [ 114.932987][ T5323] Buffer I/O error on device loop0, logical block 47 [ 114.950460][ T1060] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm kworker/u4:7: corrupted inode contents [ 114.963491][ T1060] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm kworker/u4:7: mark_inode_dirty error [ 114.971714][ T5323] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm syz.0.0: corrupted inode contents [ 114.978367][ T5323] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm syz.0.0: mark_inode_dirty error [ 114.984463][ T5323] ------------[ cut here ]------------ [ 114.986922][ T5323] kernel BUG at fs/ext4/mballoc.c:4780! [ 114.989224][ T5323] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 114.992055][ T5323] CPU: 0 UID: 0 PID: 5323 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 114.996826][ T5323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 115.001089][ T5323] RIP: 0010:ext4_mb_use_inode_pa+0x6bf/0x720 [ 115.005849][ T5323] Code: e8 26 21 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 d7 fa ff ff e8 b2 6b 35 ff 90 0f 0b e8 aa 6b 35 ff 90 0f 0b e8 a2 6b 35 ff 90 <0f> 0b e8 9a 6b 35 ff 90 0f 0b 48 8b 0c 24 48 83 c1 54 80 e1 07 80 [ 115.014651][ T5323] RSP: 0018:ffffc9000e2066a0 EFLAGS: 00010293 [ 115.017757][ T5323] RAX: ffffffff8290c5ee RBX: 00000000ffffffc6 RCX: ffff88803363a540 [ 115.021301][ T5323] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 000000000000001e [ 115.024583][ T5323] RBP: 1ffff11008d6c6ef R08: ffff888046b67efb R09: 1ffff11008d6cfdf [ 115.028589][ T5323] R10: dffffc0000000000 R11: ffffed1008d6cfe0 R12: 0000000000000000 [ 115.033025][ T5323] R13: 0000000000000058 R14: 1ffff11008d6cfe2 R15: ffff888046b67f10 [ 115.036423][ T5323] FS: 00007ffb077246c0(0000) GS:ffff88808c852000(0000) knlGS:0000000000000000 [ 115.040111][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.042940][ T5323] CR2: 00007f5386fe5bf8 CR3: 000000004463d000 CR4: 0000000000352ef0 [ 115.046864][ T5323] Call Trace: [ 115.048639][ T5323] [ 115.050319][ T5323] ext4_mb_use_preallocated+0x638/0x13e0 [ 115.052974][ T5323] ext4_mb_new_blocks+0x5a0/0x4530 [ 115.055922][ T5323] ? do_raw_spin_unlock+0x4d/0x210 [ 115.058763][ T5323] ? _raw_spin_unlock+0x28/0x50 [ 115.061442][ T5323] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 115.064156][ T5323] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 115.067106][ T5323] ? ext4_block_to_path+0x382/0x700 [ 115.069844][ T5323] ext4_ind_map_blocks+0xe96/0x22a0 [ 115.072597][ T5323] ? stack_trace_save+0xa9/0x100 [ 115.074957][ T5323] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 115.077449][ T5323] ? ext4_alloc_io_end_vec+0x2b/0x160 [ 115.079602][ T5323] ? ext4_writepages+0x241/0x3b0 [ 115.081481][ T5323] ? do_writepages+0x338/0x560 [ 115.083548][ T5323] ? down_write+0x16d/0x200 [ 115.085713][ T5323] ext4_map_create_blocks+0xbb/0x530 [ 115.088520][ T5323] ? ext4_fc_track_inode+0xf3/0x3f0 [ 115.090910][ T5323] ext4_map_blocks+0x7e4/0x1240 [ 115.093043][ T5323] ? __pfx_ext4_map_blocks+0x10/0x10 [ 115.095190][ T5323] ? __ext4_journal_ensure_credits+0x30/0x450 [ 115.097717][ T5323] ext4_do_writepages+0x19e3/0x47a0 [ 115.100380][ T5323] ? __pfx_ext4_do_writepages+0x10/0x10 [ 115.103555][ T5323] ? ext4_writepages+0x205/0x3b0 [ 115.106297][ T5323] ? rcu_is_watching+0x15/0xb0 [ 115.108416][ T5323] ? lock_acquire+0x5f/0x350 [ 115.110317][ T5323] ? preempt_count_add+0x91/0x190 [ 115.112348][ T5323] ext4_writepages+0x241/0x3b0 [ 115.114185][ T5323] ? __pfx_ext4_writepages+0x10/0x10 [ 115.116115][ T5323] ? rcu_is_watching+0x15/0xb0 [ 115.118233][ T5323] ? rcu_is_watching+0x15/0xb0 [ 115.120716][ T5323] ? __pfx_ext4_writepages+0x10/0x10 [ 115.123436][ T5323] do_writepages+0x338/0x560 [ 115.125392][ T5323] ? rcu_is_watching+0x15/0xb0 [ 115.127394][ T5323] ? do_raw_spin_unlock+0x4d/0x210 [ 115.129478][ T5323] file_write_and_wait_range+0x36e/0x440 [ 115.131776][ T5323] ? trace_irq_enable+0x3b/0x140 [ 115.133836][ T5323] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 115.136893][ T5323] ? __folio_put+0x4b3/0x590 [ 115.139340][ T5323] ? __pfx_ext4_write_begin+0x10/0x10 [ 115.141880][ T5323] mmb_fsync_noflush+0x73/0x1d0 [ 115.144301][ T5323] ext4_sync_file+0x41a/0xd00 [ 115.146884][ T5323] ? __pfx_ext4_sync_file+0x10/0x10 [ 115.149759][ T5323] ? __pfx_generic_perform_write+0x10/0x10 [ 115.153064][ T5323] ? sync_lazytime+0x5a/0x4c0 [ 115.155436][ T5323] ext4_buffered_write_iter+0x2c7/0x370 [ 115.158581][ T5323] ext4_file_write_iter+0x947/0x1c70 [ 115.161025][ T5323] ? lock_acquire+0x5f/0x350 [ 115.162903][ T5323] ? aa_file_perm+0x18b/0x15f0 [ 115.165063][ T5323] ? __pfx_aa_file_perm+0x10/0x10 [ 115.167249][ T5323] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 115.169614][ T5323] ? kstrtoull+0x12f/0x1d0 [ 115.171605][ T5323] do_iter_readv_writev+0x612/0x8c0 [ 115.174081][ T5323] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 115.176922][ T5323] ? preempt_count_add+0x91/0x190 [ 115.179337][ T5323] vfs_writev+0x343/0x990 [ 115.181263][ T5323] ? __pfx_vfs_writev+0x10/0x10 [ 115.183304][ T5323] ? lock_release+0x4b/0x3c0 [ 115.185281][ T5323] ? __fget_files+0x3a2/0x420 [ 115.187318][ T5323] ? __fget_files+0x2a/0x420 [ 115.189142][ T5323] __se_sys_pwritev2+0x177/0x2a0 [ 115.191366][ T5323] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 115.195147][ T5323] ? rcu_is_watching+0x15/0xb0 [ 115.197889][ T5323] ? __x64_sys_pwritev2+0x20/0xc0 [ 115.200091][ T5323] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.202779][ T5323] do_syscall_64+0x174/0x580 [ 115.204689][ T5323] ? trace_irq_disable+0x3b/0x140 [ 115.206951][ T5323] ? clear_bhb_loop+0x40/0x90 [ 115.208993][ T5323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.211813][ T5323] RIP: 0033:0x7ffb0679ce59 [ 115.214403][ T5323] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 115.223062][ T5323] RSP: 002b:00007ffb07723fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 115.226697][ T5323] RAX: ffffffffffffffda RBX: 00007ffb06a15fa0 RCX: 00007ffb0679ce59 [ 115.230406][ T5323] RDX: 0000000000000001 RSI: 0000200000000cc0 RDI: 0000000000000006 [ 115.234128][ T5323] RBP: 00007ffb07724050 R08: 000000000000000c R09: 0000000000000004 [ 115.237517][ T5323] R10: 0000000000000fff R11: 0000000000000246 R12: 0000000000000001 [ 115.240723][ T5323] R13: 00007ffb06a16038 R14: 00007ffb06a15fa0 R15: 00007ffcdf0e1d68 [ 115.244233][ T5323] [ 115.245860][ T5323] Modules linked in: [ 115.249133][ T5323] ---[ end trace 0000000000000000 ]--- [ 115.251761][ T5323] RIP: 0010:ext4_mb_use_inode_pa+0x6bf/0x720 [ 115.254239][ T5323] Code: e8 26 21 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 d7 fa ff ff e8 b2 6b 35 ff 90 0f 0b e8 aa 6b 35 ff 90 0f 0b e8 a2 6b 35 ff 90 <0f> 0b e8 9a 6b 35 ff 90 0f 0b 48 8b 0c 24 48 83 c1 54 80 e1 07 80 [ 115.263832][ T5323] RSP: 0018:ffffc9000e2066a0 EFLAGS: 00010293 [ 115.266808][ T5323] RAX: ffffffff8290c5ee RBX: 00000000ffffffc6 RCX: ffff88803363a540 [ 115.270671][ T5323] RDX: 0000000000000000 RSI: 0000000000000058 RDI: 000000000000001e [ 115.274628][ T5323] RBP: 1ffff11008d6c6ef R08: ffff888046b67efb R09: 1ffff11008d6cfdf [ 115.279233][ T5323] R10: dffffc0000000000 R11: ffffed1008d6cfe0 R12: 0000000000000000 [ 115.283015][ T5323] R13: 0000000000000058 R14: 1ffff11008d6cfe2 R15: ffff888046b67f10 [ 115.286253][ T5323] FS: 00007ffb077246c0(0000) GS:ffff88808c852000(0000) knlGS:0000000000000000 [ 115.290011][ T5323] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 115.292983][ T5323] CR2: 00007f5386fe5bf8 CR3: 000000004463d000 CR4: 0000000000352ef0 [ 115.297161][ T5323] Kernel panic - not syncing: Fatal exception [ 115.300388][ T5323] Kernel Offset: disabled [ 115.302344][ T5323] Rebooting in 86400 seconds..