program: syz_mount_image$ext4(&(0x7f00000003c0)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x10, &(0x7f0000000140)={[{@norecovery}]}, 0xed, 0x474, &(0x7f0000000b80)="$eJzs3EtsG0UfAPD/rvNo+viSr5RHSwuBgqh4JE36oAcuIJA4gIQEhyJOIUmrUrdBTZBoVUHhUI6oEnfEEYk7Eie4IOCAkLjCHVWqql5aOBmtvZs6jp06tRu3+PeT1p7ZXWfm79mxxzN2Auhb49lNErE1Iv6IiNFaduUJ47W7G9fOz/597fxsEpXKm1eT6nnXr52fLU4tHrellqlUIoaz5HCTci++EzFTLs+fyfOTS6fen1w8e+65E6dmjs8fnz89feTIwQN7hg5PH+oovjS/z+K6vuujhd07X3370uuzRy+9+/M3WX235sfr47gtWbQNxmvPbqNHs5snOyrsrvJrdrOtbkcy0PrkiQ2oEO0rRUTWXIPV/j8apRhZPjYar3za08oBd1SlUqk0e3/OXagA/2FJ9LoGQG8Ub/TZ599i26Chx13hyou1D0BZ3DfyrXZkYHnuYLDh8203jUfE0Qv/fJlt0Y15CACAW/g+G/8822z8l8YDdef9L19DGYuI/0fE9oi4LyJ2RMT9EdVzH4yIh9ZZfuMKyerxT3r5tgJrUzb+eyFf21o5/itGfzFWynPbqvEPJsdOlOf358/JvhgczvJTa5Txw8u/f16kNzUcqx//ZVtWfjEWzOtxeaBhgm5uZmmm07gLVz6J2DXQLP4kimWcJCJ2RsSu2yzjxNNf72517Nbxr2GNdaZ2Vb6KeKrW/hdiRfw3myppuT459fzh6UOTm6I8v3+yuCpW++W3i2+0Kr+j+Lsga//NTa//5VXgsWRTxOLZcyer67WL6y/j4p+f1fXpFavLWfzptxHrvv6Hkreq6aF834czS0tnpiKGktdW75+++dgiX5yfxb9vb/P+v72uxg9HRHYR74mIR/JF3KztHouIxyNi7xrx//TSE++1Oraq/UeK+NeYle+iLP65W7V/1Lf/+hOlkz9+13b8Tdv/YDW1L9/TzutfuxXs5LkDAACAe0Va/Q58kk4sp9N0YqL2Hf4dsTktLywuPXNs4YPTc7Xvyo/FYFrMdI3WzYdO5XPDRX66IX8gnzf+ojRSzU/MLpTneh089LktLfp/5q9Sr2sH3HFdWEcD7lH6P/Qv/R/6l/4P/Uv/h/7VrP9/3IN6ABvP+z/0L/0f+pf+D/1L/4e+1PK38WlHP/nvcaL43wkd/J2rvY+i48TInSwi0t4H2BeJgU4u43YSw00P9fiFCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoEv+DQAA//9L2OJW") open(&(0x7f0000000100)='./bus\x00', 0x14927e, 0x1) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f00000003c0)='./bus\x00', 0x0, 0x5000, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x13, 0x8, 0x8, 0x0, 0x0, 0x1, 0x3}, 0x50) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00'}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRES32=r2], 0x20) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000200)={r1, &(0x7f0000000100)="160e16b2", 0x0}, 0x20) r3 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11) pwritev2(r4, &(0x7f0000000cc0)=[{&(0x7f0000000240)=';', 0xffffffbc}], 0x1, 0xfff, 0xc, 0x4) [ 68.267495][ T5281] Bluetooth: hci0: command tx timeout [ 68.347557][ T5316] loop0: detected capacity change from 0 to 512 [ 68.356957][ T5316] EXT4-fs (loop0): invalid journal inode [ 68.370495][ T5316] EXT4-fs (loop0): can't get journal size [ 68.391590][ T5316] EXT4-fs (loop0): 1 truncate cleaned up [ 68.404498][ T5316] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 68.456360][ T5316] loop0: detected capacity change from 512 to 64 [ 68.494352][ T5316] syz.0.0: attempt to access beyond end of device [ 68.494352][ T5316] loop0: rw=2049, sector=72, nr_sectors = 2 limit=64 [ 68.518746][ T5316] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 36) [ 68.527766][ T5316] Buffer I/O error on device loop0, logical block 36 [ 68.540104][ T5316] syz.0.0: attempt to access beyond end of device [ 68.540104][ T5316] loop0: rw=2049, sector=78, nr_sectors = 2 limit=64 [ 68.563407][ T5316] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 39) [ 68.574128][ T5316] Buffer I/O error on device loop0, logical block 39 [ 68.577894][ T5316] syz.0.0: attempt to access beyond end of device [ 68.577894][ T5316] loop0: rw=2049, sector=80, nr_sectors = 16 limit=64 [ 68.583406][ T5316] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 40) [ 68.596174][ T5316] Buffer I/O error on device loop0, logical block 40 [ 68.598831][ T5316] Buffer I/O error on device loop0, logical block 41 [ 68.601375][ T5316] Buffer I/O error on device loop0, logical block 42 [ 68.604388][ T5316] Buffer I/O error on device loop0, logical block 43 [ 68.622086][ T12] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm kworker/u4:0: corrupted inode contents [ 68.627943][ T5316] Buffer I/O error on device loop0, logical block 44 [ 68.630580][ T5316] Buffer I/O error on device loop0, logical block 45 [ 68.633397][ T5316] Buffer I/O error on device loop0, logical block 46 [ 68.636230][ T5316] Buffer I/O error on device loop0, logical block 47 [ 68.647858][ T12] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm kworker/u4:0: mark_inode_dirty error [ 68.661246][ T12] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm kworker/u4:0: corrupted inode contents [ 68.671387][ T12] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm kworker/u4:0: mark_inode_dirty error [ 68.776391][ T5316] EXT4-fs error (device loop0): ext4_do_update_inode:5742: inode #15: comm syz.0.0: corrupted inode contents [ 68.783223][ T5316] EXT4-fs error (device loop0): ext4_dirty_inode:6639: inode #15: comm syz.0.0: mark_inode_dirty error [ 68.788999][ T5316] ------------[ cut here ]------------ [ 68.791666][ T5316] kernel BUG at fs/ext4/mballoc.c:4780! [ 68.794590][ T5316] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 68.797663][ T5316] CPU: 0 UID: 0 PID: 5316 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 68.801481][ T5316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 68.806220][ T5316] RIP: 0010:ext4_mb_use_inode_pa+0x6bf/0x720 [ 68.809432][ T5316] Code: e8 36 be a3 ff 48 ba 00 00 00 00 00 fc ff df e9 d7 fa ff ff e8 92 95 34 ff 90 0f 0b e8 8a 95 34 ff 90 0f 0b e8 82 95 34 ff 90 <0f> 0b e8 7a 95 34 ff 90 0f 0b 48 8b 0c 24 48 83 c1 54 80 e1 07 80 [ 68.818035][ T5316] RSP: 0018:ffffc9000e5c66a0 EFLAGS: 00010283 [ 68.820752][ T5316] RAX: ffffffff8291abbe RBX: 00000000ffffffc6 RCX: 0000000000100000 [ 68.824501][ T5316] RDX: ffffc9000f282000 RSI: 000000000000ff24 RDI: 000000000000ff25 [ 68.828197][ T5316] RBP: 1ffff110089132b5 R08: ffff88804489defb R09: 1ffff11008913bdf [ 68.831702][ T5316] R10: dffffc0000000000 R11: ffffed1008913be0 R12: 0000000000000000 [ 68.835177][ T5316] R13: 0000000000000058 R14: 1ffff11008913be2 R15: ffff88804489df10 [ 68.839002][ T5316] FS: 00007fb4d18a06c0(0000) GS:ffff88808c821000(0000) knlGS:0000000000000000 [ 68.843548][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 68.846806][ T5316] CR2: 00007fb4d0bee6b8 CR3: 00000000438c0000 CR4: 0000000000352ef0 [ 68.850952][ T5316] Call Trace: [ 68.852550][ T5316] [ 68.853882][ T5316] ext4_mb_use_preallocated+0x638/0x13e0 [ 68.856657][ T5316] ext4_mb_new_blocks+0x5a0/0x4530 [ 68.859724][ T5316] ? do_raw_spin_unlock+0x4d/0x210 [ 68.862571][ T5316] ? _raw_spin_unlock+0x28/0x50 [ 68.865051][ T5316] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 68.867454][ T5316] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 68.869614][ T5316] ? ext4_block_to_path+0x382/0x700 [ 68.871702][ T5316] ext4_ind_map_blocks+0xe96/0x22a0 [ 68.873792][ T5316] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 68.876132][ T5316] ? kasan_save_track+0x4f/0x80 [ 68.878353][ T5316] ? file_write_and_wait_range+0x36e/0x440 [ 68.881175][ T5316] ? mmb_fsync_noflush+0x73/0x1d0 [ 68.883280][ T5316] ? down_write+0x16d/0x200 [ 68.885004][ T5316] ext4_map_create_blocks+0xbb/0x530 [ 68.886965][ T5316] ? ext4_fc_track_inode+0xf3/0x3f0 [ 68.888995][ T5316] ext4_map_blocks+0x7e4/0x1240 [ 68.891236][ T5316] ? __pfx_ext4_map_blocks+0x10/0x10 [ 68.893913][ T5316] ? __ext4_journal_ensure_credits+0x30/0x450 [ 68.896450][ T5316] ext4_do_writepages+0x19e3/0x47a0 [ 68.898547][ T5316] ? __pfx_ext4_do_writepages+0x10/0x10 [ 68.900810][ T5316] ? rcu_is_watching+0x15/0xb0 [ 68.902788][ T5316] ? trace_irq_enable+0x3b/0x140 [ 68.905194][ T5316] ? trace_irq_enable+0x3b/0x140 [ 68.907862][ T5316] ? debug_object_free+0x29c/0x340 [ 68.910177][ T5316] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 68.912521][ T5316] ? do_raw_spin_lock+0x12b/0x2f0 [ 68.914524][ T5316] ? ext4_writepages+0x205/0x3b0 [ 68.916617][ T5316] ? rcu_is_watching+0x15/0xb0 [ 68.918594][ T5316] ? lock_acquire+0x5f/0x350 [ 68.920699][ T5316] ? preempt_count_add+0x91/0x190 [ 68.923244][ T5316] ext4_writepages+0x241/0x3b0 [ 68.925505][ T5316] ? __pfx_ext4_writepages+0x10/0x10 [ 68.927739][ T5316] ? rcu_is_watching+0x15/0xb0 [ 68.929592][ T5316] ? rcu_is_watching+0x15/0xb0 [ 68.931433][ T5316] ? __pfx_ext4_writepages+0x10/0x10 [ 68.933630][ T5316] do_writepages+0x338/0x560 [ 68.935859][ T5316] ? rcu_is_watching+0x15/0xb0 [ 68.938621][ T5316] ? do_raw_spin_unlock+0x4d/0x210 [ 68.940789][ T5316] file_write_and_wait_range+0x36e/0x440 [ 68.943138][ T5316] ? trace_irq_enable+0x3b/0x140 [ 68.945163][ T5316] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 68.947680][ T5316] ? __folio_put+0x4b3/0x590 [ 68.949869][ T5316] ? __pfx_ext4_write_begin+0x10/0x10 [ 68.952521][ T5316] mmb_fsync_noflush+0x73/0x1d0 [ 68.954622][ T5316] ext4_sync_file+0x41a/0xd00 [ 68.956616][ T5316] ? __pfx_ext4_sync_file+0x10/0x10 [ 68.958872][ T5316] ? __pfx_generic_perform_write+0x10/0x10 [ 68.961739][ T5316] ? sync_lazytime+0x5a/0x4c0 [ 68.964186][ T5316] ext4_buffered_write_iter+0x2c7/0x370 [ 68.966835][ T5316] ext4_file_write_iter+0x947/0x1c70 [ 68.968987][ T5316] ? futex_unqueue+0x22/0x240 [ 68.970915][ T5316] ? futex_unqueue+0x211/0x240 [ 68.972947][ T5316] ? __futex_wait+0x1e1/0x400 [ 68.975042][ T5316] ? __futex_wait+0x358/0x400 [ 68.977395][ T5316] ? __pfx_aa_file_perm+0x10/0x10 [ 68.979861][ T5316] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 68.982481][ T5316] ? __pfx___futex_wait+0x10/0x10 [ 68.984690][ T5316] do_iter_readv_writev+0x612/0x8c0 [ 68.986836][ T5316] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 68.989349][ T5316] ? preempt_count_add+0x91/0x190 [ 68.991697][ T5316] vfs_writev+0x343/0x990 [ 68.994170][ T5316] ? __pfx_vfs_writev+0x10/0x10 [ 68.997082][ T5316] ? lock_release+0x4b/0x3c0 [ 68.999550][ T5316] ? __fget_files+0x3a2/0x420 [ 69.001680][ T5316] ? __fget_files+0x2a/0x420 [ 69.003735][ T5316] __se_sys_pwritev2+0x177/0x2a0 [ 69.005906][ T5316] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 69.008159][ T5316] ? rcu_is_watching+0x15/0xb0 [ 69.010246][ T5316] ? __x64_sys_pwritev2+0x20/0xc0 [ 69.012537][ T5316] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.015170][ T5316] do_syscall_64+0x174/0x580 [ 69.017354][ T5316] ? trace_irq_disable+0x3b/0x140 [ 69.019727][ T5316] ? clear_bhb_loop+0x40/0x90 [ 69.021802][ T5316] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 69.024230][ T5316] RIP: 0033:0x7fb4d099ce59 [ 69.026206][ T5316] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 69.035522][ T5316] RSP: 002b:00007fb4d189ffe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 69.039063][ T5316] RAX: ffffffffffffffda RBX: 00007fb4d0c15fa0 RCX: 00007fb4d099ce59 [ 69.042792][ T5316] RDX: 0000000000000001 RSI: 0000200000000cc0 RDI: 0000000000000008 [ 69.046987][ T5316] RBP: 00007fb4d0a32e6f R08: 000000000000000c R09: 0000000000000004 [ 69.050413][ T5316] R10: 0000000000000fff R11: 0000000000000246 R12: 0000000000000000 [ 69.053677][ T5316] R13: 00007fb4d0c16038 R14: 00007fb4d0c15fa0 R15: 00007fffe183d598 [ 69.057177][ T5316] [ 69.058754][ T5316] Modules linked in: [ 69.061597][ T5316] ---[ end trace 0000000000000000 ]--- [ 69.064676][ T5316] RIP: 0010:ext4_mb_use_inode_pa+0x6bf/0x720 [ 69.067407][ T5316] Code: e8 36 be a3 ff 48 ba 00 00 00 00 00 fc ff df e9 d7 fa ff ff e8 92 95 34 ff 90 0f 0b e8 8a 95 34 ff 90 0f 0b e8 82 95 34 ff 90 <0f> 0b e8 7a 95 34 ff 90 0f 0b 48 8b 0c 24 48 83 c1 54 80 e1 07 80 [ 69.076769][ T5316] RSP: 0018:ffffc9000e5c66a0 EFLAGS: 00010283 [ 69.079536][ T5316] RAX: ffffffff8291abbe RBX: 00000000ffffffc6 RCX: 0000000000100000 [ 69.082999][ T5316] RDX: ffffc9000f282000 RSI: 000000000000ff24 RDI: 000000000000ff25 [ 69.086452][ T5316] RBP: 1ffff110089132b5 R08: ffff88804489defb R09: 1ffff11008913bdf [ 69.089965][ T5316] R10: dffffc0000000000 R11: ffffed1008913be0 R12: 0000000000000000 [ 69.094058][ T5316] R13: 0000000000000058 R14: 1ffff11008913be2 R15: ffff88804489df10 [ 69.098233][ T5316] FS: 00007fb4d18a06c0(0000) GS:ffff88808c821000(0000) knlGS:0000000000000000 [ 69.102151][ T5316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 69.104963][ T5316] CR2: 00007fb4d0bee6b8 CR3: 00000000438c0000 CR4: 0000000000352ef0 [ 69.108605][ T5316] Kernel panic - not syncing: Fatal exception [ 69.112168][ T5316] Kernel Offset: disabled [ 69.114263][ T5316] Rebooting in 86400 seconds..