program: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x102) fallocate(r3, 0x10, 0x7000, 0x7c27) (fail_nth: 7) [ 83.947487][ T44] Bluetooth: hci0: command tx timeout [ 84.069733][ T5324] loop0: detected capacity change from 0 to 512 [ 84.231184][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.287104][ T24] audit: type=1800 audit(1778145259.128:2): pid=5324 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 84.350696][ T5324] loop0: detected capacity change from 512 to 64 [ 84.381963][ T5324] syz.0.0: attempt to access beyond end of device [ 84.381963][ T5324] loop0: rw=1, sector=88, nr_sectors = 24 limit=64 [ 84.394468][ T5324] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 44) [ 84.400105][ T5324] Buffer I/O error on device loop0, logical block 44 [ 84.403423][ T5324] Buffer I/O error on device loop0, logical block 45 [ 84.406711][ T5324] Buffer I/O error on device loop0, logical block 46 [ 84.409656][ T5324] Buffer I/O error on device loop0, logical block 47 [ 84.413716][ T5324] Buffer I/O error on device loop0, logical block 48 [ 84.417539][ T5324] Buffer I/O error on device loop0, logical block 49 [ 84.420655][ T5324] Buffer I/O error on device loop0, logical block 50 [ 84.423508][ T5324] Buffer I/O error on device loop0, logical block 51 [ 84.430013][ T5324] Buffer I/O error on device loop0, logical block 52 [ 84.433346][ T5324] Buffer I/O error on device loop0, logical block 53 [ 84.460150][ T5324] ------------[ cut here ]------------ [ 84.464677][ T5324] kernel BUG at fs/ext4/mballoc.c:4780! [ 84.467541][ T5324] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 84.470395][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 84.474256][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.478928][ T5324] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 84.482195][ T5324] Code: e8 e4 91 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 c8 37 ff 90 0f 0b e8 78 c8 37 ff 90 0f 0b e8 70 c8 37 ff 90 <0f> 0b e8 68 c8 37 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 84.490751][ T5324] RSP: 0018:ffffc9000e33ec88 EFLAGS: 00010293 [ 84.493417][ T5324] RAX: ffffffff828e0670 RBX: 00000000ffffffcc RCX: ffff88801fbaa500 [ 84.496793][ T5324] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000020 [ 84.500119][ T5324] RBP: 1ffff11008cce580 R08: ffff888046677163 R09: 1ffff11008ccee2c [ 84.503525][ T5324] R10: dffffc0000000000 R11: ffffed1008ccee2d R12: 0000000000000000 [ 84.506847][ T5324] R13: 0000000000000054 R14: 1ffff11008ccee2f R15: ffff888046677178 [ 84.510043][ T5324] FS: 00007f70bb2a16c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 84.513830][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.516923][ T5324] CR2: 00007fd8e3177000 CR3: 0000000035f4d000 CR4: 0000000000352ef0 [ 84.520776][ T5324] Call Trace: [ 84.522230][ T5324] [ 84.523533][ T5324] ext4_mb_use_preallocated+0x660/0x13f0 [ 84.526122][ T5324] ext4_mb_new_blocks+0x5e2/0x46c0 [ 84.528345][ T5324] ? do_raw_spin_unlock+0x4d/0x210 [ 84.530626][ T5324] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 84.533138][ T5324] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 84.535566][ T5324] ? ext4_block_to_path+0x297/0x6f0 [ 84.537937][ T5324] ext4_ind_map_blocks+0xe96/0x2260 [ 84.540265][ T5324] ? __lock_acquire+0x6b5/0x2cf0 [ 84.542575][ T5324] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 84.545034][ T5324] ? stack_depot_save_flags+0x33/0x810 [ 84.547389][ T5324] ? __kasan_slab_alloc+0x6c/0x80 [ 84.549478][ T5324] ? ext4_inode_journal_mode+0x193/0x470 [ 84.551851][ T5324] ? ext4_map_blocks+0x7b5/0x11d0 [ 84.554181][ T5324] ext4_map_create_blocks+0xc1/0x540 [ 84.556573][ T5324] ext4_map_blocks+0x7cd/0x11d0 [ 84.558785][ T5324] ? __pfx_ext4_map_blocks+0x10/0x10 [ 84.561157][ T5324] ? __ext4_journal_ensure_credits+0x30/0x450 [ 84.563786][ T5324] ext4_do_writepages+0x18f3/0x4670 [ 84.566370][ T5324] ? __pfx_ext4_do_writepages+0x10/0x10 [ 84.568876][ T5324] ? ext4_writepages+0x205/0x3b0 [ 84.571000][ T5324] ? ext4_writepages+0x205/0x3b0 [ 84.573152][ T5324] ext4_writepages+0x241/0x3b0 [ 84.575372][ T5324] ? __lock_acquire+0x6b5/0x2cf0 [ 84.577817][ T5324] ? __pfx_ext4_writepages+0x10/0x10 [ 84.580128][ T5324] ? check_path+0x21/0x40 [ 84.582155][ T5324] ? __lock_acquire+0x146e/0x2cf0 [ 84.584350][ T5324] ? __pfx_ext4_writepages+0x10/0x10 [ 84.587075][ T5324] do_writepages+0x32e/0x550 [ 84.589031][ T5324] ? do_raw_spin_unlock+0x4d/0x210 [ 84.591545][ T5324] filemap_flush+0x1e1/0x2e0 [ 84.593816][ T5324] ? _parse_integer_limit+0x1ae/0x1f0 [ 84.596401][ T5324] ? __pfx_filemap_flush+0x10/0x10 [ 84.598814][ T5324] ? ext4_fallocate+0x1da/0x3d0 [ 84.601464][ T5324] ? ext4_fallocate+0x1da/0x3d0 [ 84.604187][ T5324] ext4_convert_inline_data+0x18e/0x600 [ 84.606563][ T5324] ? __pfx_ext4_convert_inline_data+0x10/0x10 [ 84.609057][ T5324] ? down_write+0x16d/0x200 [ 84.611085][ T5324] ? __pfx_down_write+0x10/0x10 [ 84.613337][ T5324] ? vfs_fallocate+0x5f0/0x7e0 [ 84.615614][ T5324] ext4_fallocate+0x1e2/0x3d0 [ 84.617772][ T5324] vfs_fallocate+0x669/0x7e0 [ 84.619988][ T5324] ? __fget_files+0x2a/0x420 [ 84.622294][ T5324] ? __pfx_vfs_fallocate+0x10/0x10 [ 84.624769][ T5324] ? __fget_files+0x2a/0x420 [ 84.626980][ T5324] __x64_sys_fallocate+0xc0/0x110 [ 84.629448][ T5324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.632256][ T5324] do_syscall_64+0x15f/0xf80 [ 84.634421][ T5324] ? trace_irq_disable+0x3b/0x140 [ 84.636801][ T5324] ? clear_bhb_loop+0x40/0x90 [ 84.638862][ T5324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 84.641499][ T5324] RIP: 0033:0x7f70ba39cdd9 [ 84.643520][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 84.652309][ T5324] RSP: 002b:00007f70bb2a0fe8 EFLAGS: 00000246 ORIG_RAX: 000000000000011d [ 84.656033][ T5324] RAX: ffffffffffffffda RBX: 00007f70ba615fa0 RCX: 00007f70ba39cdd9 [ 84.659539][ T5324] RDX: 0000000000007000 RSI: 0000000000000010 RDI: 0000000000000008 [ 84.663196][ T5324] RBP: 00007f70bb2a1050 R08: 0000000000000000 R09: 0000000000000000 [ 84.667035][ T5324] R10: 0000000000007c27 R11: 0000000000000246 R12: 0000000000000001 [ 84.670500][ T5324] R13: 00007f70ba616038 R14: 00007f70ba615fa0 R15: 00007ffff3b57b48 [ 84.673911][ T5324] [ 84.675354][ T5324] Modules linked in: [ 84.677943][ T5324] ---[ end trace 0000000000000000 ]--- [ 84.680720][ T5324] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 84.683667][ T5324] Code: e8 e4 91 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 c8 37 ff 90 0f 0b e8 78 c8 37 ff 90 0f 0b e8 70 c8 37 ff 90 <0f> 0b e8 68 c8 37 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 84.692724][ T5324] RSP: 0018:ffffc9000e33ec88 EFLAGS: 00010293 [ 84.695315][ T5324] RAX: ffffffff828e0670 RBX: 00000000ffffffcc RCX: ffff88801fbaa500 [ 84.698529][ T5324] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000020 [ 84.701771][ T5324] RBP: 1ffff11008cce580 R08: ffff888046677163 R09: 1ffff11008ccee2c [ 84.705335][ T5324] R10: dffffc0000000000 R11: ffffed1008ccee2d R12: 0000000000000000 [ 84.709411][ T5324] R13: 0000000000000054 R14: 1ffff11008ccee2f R15: ffff888046677178 [ 84.712928][ T5324] FS: 00007f70bb2a16c0(0000) GS:ffff88808c885000(0000) knlGS:0000000000000000 [ 84.716884][ T5324] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.719758][ T5324] CR2: 00007fd8e3177000 CR3: 0000000035f4d000 CR4: 0000000000352ef0 [ 84.723302][ T5324] Kernel panic - not syncing: Fatal exception [ 84.726558][ T5324] Kernel Offset: disabled [ 84.728505][ T5324] Rebooting in 86400 seconds..