program: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000010, &(0x7f0000000280)={[{@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x85, 0x7a5, &(0x7f00000007c0)="$eJzs3c9rXNUeAPDvnfxq0r6XPHjwXl0FBA2UTkyNrYKLigsRLBR0bRsm01AzyZTMpDQh0BYR3AgqLgTddO2PunPrj63+Fy6kpWparLiQkTuZSSbNTJq0mZlgPh+4uefcc2/O+c65P87MvcwEcGCNpn8yEUcj4v0kYri2PImIvmqqN+L02nr3V1dy6ZREpfL6r0l1nXurK7lo2CZ1uJb5f0R8907EsczWektLy7NThUJ+oZYfL89dGi8tLR+/ODc1k5/Jz5+cmJw8ceq5Uyf3Ltbff1w+cvuDV57+8vSfb//v5nvfJ3E6jtTKGuPYK6MxWntN+tKXcJOX97qyLku63QAeSXpo9qwd5XE0hqOnmmphsJMtAwDa5WpEVACAAyZx/QeAA6b+OcC91ZVcferuJxKddeeliDi0Fn/9/uZaSW/tnt2h6n3QoXvJpjsjSUSM7EH9oxHx6ddvfp5O0ab7kADNXLseEedHRree/5Mtzyzs1jPbFVYGqrPRBxY7/0HnfJOOf55vNv7LrI9/osn4Z6DJsfsoHn78Z27tQTUtpeO/FxuebbvfEH/NSE8t96/qmK8vuXCxkE/Pbf+OiLHoG0jzE9VVmz8FNXb3r7ut6m8c//324VufpfWn8401Mrd6BzZvMz1VnnrcuOvuXI94ordZ/Ml6/yctxr9nd1jHqy+8+0mrsjT+NN76tDX+9qrciHiqaf9v9GWy7fOJ49XdYby+UzTx1U8fD7Wqf6P/B6rztP76e4FOSPt/aPv4R5LG5zVLu6/jhxvD37Yqa9z/m8fffP/vT96opvtry65MlcsLExH9yWtbl5/Y2Laer6+fxj/2ZPPjv9X+n6k9G3t+Pbe93tu/fFH7V03jr7rWKv72SuOf3lX/b5Oo1LZ5oOjm/dmeVvXvrP8nq6mx2pKdnP8e0tLH2JsBAAAAAAAAAAAAAAAAAAAAAAAAYPcyEXEkkkx2PZ3JZLNrv+H93xjKFIql8rELxcX56aj+VvZI9GXqX3U53PB9qBO178Ov5088kH82Iv4TER8NDFbz2VyxMN3t4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5vDm3/+/ms6y2bWynwe63ToAoG0OdbsBAEDHuf4DwMGzu+v/YNvaAQB0zq7f/1eS9jQEAOiYHV//z7e3HQBA57j/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQJudPXMmnSp/rK7k0vz05aXF2eLl49P50mx2bjGXzRUXLmVnisWZQj6bK861/EfX1maFYvHSZMwvXhkv50vl8dLS8rm54uJ8+dzFuamZ/Ll8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICdKy0tz04VCvkFiW0Tg/ujGfsm0Rv7ohn/+ER/12pvPEsMdu8EBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDP/R0AAP//aHclQg==") openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) creat(&(0x7f0000000380)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r1, &(0x7f0000000140)='2', 0xfdef, 0xc00) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0xbd01000000000000) [ 93.148177][ T5289] Bluetooth: hci0: command tx timeout [ 93.343350][ T5324] loop0: detected capacity change from 0 to 2048 [ 93.607456][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 93.693705][ T5324] loop0: detected capacity change from 2048 to 64 [ 93.720476][ T5324] EXT4-fs error (device loop0): xattr_find_entry:337: inode #15: comm syz.0.0: corrupted xattr entries [ 93.745929][ T5324] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:74: inode #15: comm syz.0.0: corrupt xattr in inline inode [ 93.775062][ T181] ------------[ cut here ]------------ [ 93.778181][ T181] kernel BUG at fs/ext4/inode.c:2827! [ 93.803186][ T181] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 93.806127][ T181] CPU: 0 UID: 0 PID: 181 Comm: kworker/u4:8 Not tainted syzkaller #0 PREEMPT(full) [ 93.809925][ T181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 93.814056][ T181] Workqueue: writeback wb_workfn (flush-7:0) [ 93.816668][ T181] RIP: 0010:ext4_do_writepages+0x479b/0x47a0 [ 93.819131][ T181] Code: c6 a0 db e4 8b e8 c5 5b 9b fe 90 0f 0b e8 ad be 39 ff 4c 89 f7 48 c7 c6 80 e0 e4 8b e8 ae 5b 9b fe 90 0f 0b e8 96 be 39 ff 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f [ 93.828060][ T181] RSP: 0018:ffffc900017f6c80 EFLAGS: 00010293 [ 93.830552][ T181] RAX: ffffffff828cb37a RBX: 0000004210000000 RCX: ffff888032eda540 [ 93.833769][ T181] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 93.837659][ T181] RBP: ffffc900017f7090 R08: ffff888043e9b897 R09: 1ffff110087d3712 [ 93.841689][ T181] R10: dffffc0000000000 R11: ffffed10087d3713 R12: ffffc900017f7440 [ 93.844983][ T181] R13: 1ffff920002fee88 R14: 0000004000000000 R15: 0000000000000001 [ 93.848282][ T181] FS: 0000000000000000(0000) GS:ffff88808c815000(0000) knlGS:0000000000000000 [ 93.851975][ T181] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 93.854723][ T181] CR2: 0000200000007000 CR3: 000000001200c000 CR4: 0000000000352ef0 [ 93.858775][ T181] Call Trace: [ 93.860748][ T181] [ 93.862337][ T181] ? __lock_acquire+0x683/0x2cf0 [ 93.864895][ T181] ? blk_mq_submit_bio+0x1c62/0x2a80 [ 93.867920][ T181] ? look_up_lock_class+0x57/0x110 [ 93.870352][ T181] ? register_lock_class+0x31/0x2e0 [ 93.872645][ T181] ? __pfx_ext4_do_writepages+0x10/0x10 [ 93.874984][ T181] ? __lock_acquire+0x683/0x2cf0 [ 93.877061][ T181] ? filemap_get_folios_tag+0x118/0x720 [ 93.879648][ T181] ? filemap_get_folios_tag+0x639/0x720 [ 93.882437][ T181] ? filemap_get_folios_tag+0x118/0x720 [ 93.885034][ T181] ? __pfx_filemap_get_folios_tag+0x10/0x10 [ 93.887582][ T181] ? ext4_writepages+0x205/0x3b0 [ 93.889647][ T181] ? ext4_writepages+0x205/0x3b0 [ 93.891724][ T181] ext4_writepages+0x241/0x3b0 [ 93.893845][ T181] ? __pfx_ext4_writepages+0x10/0x10 [ 93.896606][ T181] ? unwind_next_frame+0x8f/0x2550 [ 93.898939][ T181] ? __pfx_ext4_writepages+0x10/0x10 [ 93.901142][ T181] do_writepages+0x338/0x560 [ 93.903195][ T181] ? reacquire_held_locks+0x104/0x190 [ 93.905481][ T181] ? writeback_sb_inodes+0x450/0x1b00 [ 93.907965][ T181] __writeback_single_inode+0x12e/0xf90 [ 93.910511][ T181] writeback_sb_inodes+0x9de/0x1b00 [ 93.912802][ T181] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 93.915280][ T181] ? __pfx_down_read_trylock+0x10/0x10 [ 93.917924][ T181] ? __pfx___up_read+0x10/0x10 [ 93.920108][ T181] __writeback_inodes_wb+0x114/0x240 [ 93.922448][ T181] wb_writeback+0x42f/0xad0 [ 93.924445][ T181] ? queue_io+0x291/0x470 [ 93.926417][ T181] ? __pfx_wb_writeback+0x10/0x10 [ 93.928825][ T181] ? do_raw_spin_lock+0x12b/0x2f0 [ 93.931063][ T181] ? process_scheduled_works+0xa20/0x14e0 [ 93.933394][ T181] wb_workfn+0x980/0x10f0 [ 93.935239][ T181] ? __pfx_wb_workfn+0x10/0x10 [ 93.937560][ T181] ? do_raw_spin_lock+0x12b/0x2f0 [ 93.939982][ T181] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 93.942300][ T181] ? process_scheduled_works+0xa20/0x14e0 [ 93.944689][ T181] ? rcu_is_watching+0x15/0xb0 [ 93.946796][ T181] ? process_scheduled_works+0xa20/0x14e0 [ 93.949593][ T181] process_scheduled_works+0xa8e/0x14e0 [ 93.952095][ T181] ? __pfx_process_scheduled_works+0x10/0x10 [ 93.954646][ T181] ? assign_work+0x3cf/0x5d0 [ 93.956755][ T181] worker_thread+0xa47/0xfb0 [ 93.959529][ T181] ? __kthread_parkme+0x71/0x1f0 [ 93.962793][ T181] kthread+0x388/0x470 [ 93.964816][ T181] ? __pfx_worker_thread+0x10/0x10 [ 93.967132][ T181] ? __pfx_kthread+0x10/0x10 [ 93.969023][ T181] ret_from_fork+0x514/0xb70 [ 93.970967][ T181] ? __pfx_ret_from_fork+0x10/0x10 [ 93.973081][ T181] ? __switch_to+0xc89/0x1420 [ 93.975385][ T181] ? __pfx_kthread+0x10/0x10 [ 93.977992][ T181] ret_from_fork_asm+0x1a/0x30 [ 93.980806][ T181] [ 93.982218][ T181] Modules linked in: [ 93.984751][ T181] ---[ end trace 0000000000000000 ]--- [ 93.987812][ T5324] EXT4-fs error (device loop0): xattr_find_entry:337: inode #15: comm syz.0.0: corrupted xattr entries [ 94.009453][ T5324] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: block 1803188595: comm syz.0.0: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 94.024302][ T5324] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 94.035997][ T5324] EXT4-fs (loop0): This should not happen!! Data will be lost [ 94.035997][ T5324] [ 94.043190][ T181] RIP: 0010:ext4_do_writepages+0x479b/0x47a0