program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x446, &(0x7f0000000080)={[{@stripe={'stripe', 0x3d, 0x2}}, {@journal_dev={'journal_dev', 0x3d, 0x1045}}, {@oldalloc}, {@noquota}, {@minixdf}, {@barrier_val={'barrier', 0x3d, 0x2}}, {@delalloc}, {@nojournal_checksum}, {@orlov}, {@nobh}, {@quota}, {@delalloc}]}, 0x1, 0x559, &(0x7f0000000880)="$eJzs3d9rW+UbAPDnpO1+f7/rYAwVkcIunMyla+uPCV7MS9HhQO9naM/KaLqMJh1rHbhduBtvZAgiDsR7vfdyeC34Vwx0MGQUvfAmctKTLluSNuuypTOfD5zyvuec5D1PznnevidvQgIYWhPZn0LEixHxVRJxMCKSfNto5Bsn1vdbu391NluSqNc//jNp7JfVm8/VfNz+vPJCRPzyRcTxQnu71ZXVhVK5nC7l9cna4qXJ6srqiQuLpfl0Pr04PTNz6s2Z6Xfefqtvsb529u9vP7r9/qkvj65989PdQzeTOB0H8m2tcTyBa62ViZjIX5OxOP3IjlN9aGwnSQZ9AGzLSJ7nY5H1AQdjJM964L/v84ioA0Mqkf8wpJrjgOa9fZ/ug58b995bvwFqj390/b2R2NO4N9q3ljx0Z5Td7473of2sjZ//uHUzW6J/70MAbOna9Yg4OTra3v8lef+3fSd72OfRNvR/8OzczsY/r3ca/xQ2xj/RYfyzv0PubsfW+V+424dmusrGf+92HP9uTFqNj+S1/zXGfGPJ+QvlNOvb/h8Rx2Jsd1bfbD7n1NqderdtreO/bMnab44F8+O4O7r74cfMlWqlJ4m51b3rES91HP8mG+c/6XD+s9fjbKcn/LV91ZH01ivd2t86/qer/kPEqx3P/4MZrWTz+cnJxvUw2bwq2v1148hv3dofdPzZ+d+3efzjSet8bfXx2/h+zz9pt20PxR+9X/+7kk8a5V35uiulWm1pKmJX8mH7+ukHj23Wm/tn8R87unn/1+n63xsRn/YY/43DP77cU/wDOv9zj3X+H79w54PPvuvWfm/93xuN0rF8TS/9X68H+CSvHQAAAAAAAOw0hYg4EEmhuFEuFIrF9c93HI59hXKlWjt+vrJ8cS4a35Udj7FCc6b7YMvnIabyz8M269OP1Gci4lBEfD2yt1EvzlbKc4MOHgAAAAAAAAAAAAAAAAAAAHaI/V2+/5/5fWTQRwc8dX7yG4bXlvnfj196AnYk//9heMl/GF7yH4aX/IfhJf9heMl/GF7yH4aX/AcAAAAAAAAAAAAAAAAAAAAAAAAAAIC+OnvmTLbU1+5fnc3qc5dXlhcql0/MpdWF4uLybHG2snSpOF+pzJfT4mxlcavnK1cql6amY/nKZC2t1iarK6vnFivLF2vnLiyW5tNz6dgziQoAAAAAAAAAAAAAAAAAAACeL9WV1YVSuZwuKShsqzC6Mw5Doc+FQfdMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDAvwEAAP//haM4fQ==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x10) r2 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000440), 0x301880, 0x0) ioctl$SNDCTL_MIDI_PRETIME(r2, 0xc0046d00, &(0x7f0000000480)=0x1) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r1, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x35) pwrite64(r3, &(0x7f0000000140)='2', 0xfdef, 0xfecc) setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000500), &(0x7f0000000180)=ANY=[@ANYRES16=r1, @ANYRES64=r1, @ANYRES64=r1, @ANYRESDEC], 0x841, 0x1) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x130) r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000040)={0x80, 0xa0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, {0x10, 0x8}, {0x8, 0x8}, {0x20}, {0x40000000}, 0x0, 0x10, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6}) r6 = socket(0x10, 0x803, 0x0) sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r6, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={0x0, 0x14}}, 0x0) getsockname$packet(r6, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) recvmsg(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x44, 0x24, 0x10, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0x10}, {0xc, 0xffff}, {0x6, 0xfff1}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_USC={0x10}}}]}, 0x44}}, 0x0) getsockopt$PNPIPE_IFINDEX(r4, 0x113, 0x2, &(0x7f0000000380)=0x0, &(0x7f00000003c0)=0x4) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000009240)={&(0x7f0000000400)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xd, 0x2}, {0xe}, {0xe}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0xb}]}}]}, 0x3c}}, 0x2854) r9 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r9, &(0x7f00000002c0), 0x40000000000009f, 0x0) socket$nl_route(0x10, 0x3, 0x0) r10 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r10, &(0x7f0000000340)={0x1d, r11, 0x0, {0x1, 0xf0, 0x4}, 0xfe}, 0x18) setsockopt$sock_int(r10, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000540)="81b641f1f3843704b6", 0x9}], 0x1}, 0x4048081) setsockopt$SO_J1939_FILTER(r10, 0x6b, 0x1, &(0x7f0000000180)=[{0x0, 0x3, {0x2, 0x0, 0x4}, {0x0, 0xff, 0x4}, 0x1}], 0x20) syz_usb_connect$uac1(0x2, 0xdc, 0x0, 0x0) [ 75.085355][ T4681] Bluetooth: hci0: command tx timeout [ 75.146470][ T5334] loop0: detected capacity change from 0 to 1024 [ 75.184634][ T5334] ======================================================= [ 75.184634][ T5334] WARNING: The mand mount option has been deprecated and [ 75.184634][ T5334] and is ignored by this kernel. Remove the mand [ 75.184634][ T5334] option from the mount to silence this warning. [ 75.184634][ T5334] ======================================================= [ 75.336132][ T5334] EXT4-fs: Ignoring removed oldalloc option [ 75.369417][ T5334] EXT4-fs: Ignoring removed orlov option [ 75.404815][ T5334] EXT4-fs: Ignoring removed nobh option [ 75.427411][ T5334] EXT4-fs (loop0): stripe (2) is not aligned with cluster size (16), stripe is disabled [ 75.509196][ T5334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.661696][ T5333] EXT4-fs error (device loop0): ext4_ext_split:1079: inode #15: comm syz.0.0: p_ext > EXT_MAX_EXTENT! [ 75.688889][ T5333] EXT4-fs error (device loop0): mb_free_blocks:2037: group 0, inode 15: block 289:freeing already freed block (bit 18); block bitmap corrupt. [ 75.927604][ T1115] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 75.947139][ T1115] EXT4-fs (loop0): This should not happen!! Data will be lost [ 75.947139][ T1115] [ 75.970164][ T5334] Zero length message leads to an empty skb [ 75.997536][ T1115] EXT4-fs (loop0): Total free blocks count 0 [ 76.000681][ T1115] EXT4-fs (loop0): Free/Dirty block details [ 76.004150][ T1115] EXT4-fs (loop0): free_blocks=32 [ 76.009052][ T1115] EXT4-fs (loop0): dirty_blocks=0 [ 76.025272][ T1115] EXT4-fs (loop0): Block reservation details [ 76.028626][ T1115] EXT4-fs (loop0): i_reserved_data_blocks=0 [ 76.046039][ T1115] EXT4-fs (loop0): start 0, size 131072, fe_logical 131072 [ 76.056073][ T1115] ------------[ cut here ]------------ [ 76.058483][ T1115] kernel BUG at fs/ext4/mballoc.c:4657! [ 76.079822][ T1115] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 76.082522][ T1115] CPU: 0 UID: 0 PID: 1115 Comm: kworker/u4:10 Not tainted syzkaller #0 PREEMPT(full) [ 76.086382][ T1115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.092316][ T1115] Workqueue: writeback wb_workfn (flush-7:0) [ 76.101417][ T1115] RIP: 0010:ext4_mb_normalize_request+0x1cc9/0x1d00 [ 76.105438][ T1115] Code: 5b a9 ff 48 8b 44 24 38 48 8b 38 48 c7 c6 40 44 7f 8b 48 c7 c2 a0 5a 7f 8b 48 8b 4c 24 28 4d 89 f0 49 89 d9 e8 48 f5 09 00 90 <0f> 0b e8 30 b0 41 ff 90 0f 0b e8 28 b0 41 ff 90 0f 0b e8 20 b0 41 [ 76.117123][ T1115] RSP: 0018:ffffc90003556520 EFLAGS: 00010246 [ 76.120046][ T1115] RAX: 63f3948d54d4bb00 RBX: 0000000000020000 RCX: 63f3948d54d4bb00 [ 76.124861][ T1115] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 76.128661][ T1115] RBP: 0000000000000000 R08: ffffc90003556167 R09: 1ffff920006aac2c [ 76.132810][ T1115] R10: dffffc0000000000 R11: fffff520006aac2d R12: ffffffff00020800 [ 76.149426][ T1115] R13: dffffc0000000000 R14: 0000000000020000 R15: 0000000000020000 [ 76.152787][ T1115] FS: 0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 76.156278][ T1115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.158967][ T1115] CR2: 00007f142bfe22b0 CR3: 000000004484e000 CR4: 0000000000352ef0 [ 76.162222][ T1115] Call Trace: [ 76.180038][ T1115] [ 76.181463][ T1115] ext4_mb_new_blocks+0xc46/0x46a0 [ 76.183642][ T1115] ? rcu_is_watching+0x15/0xb0 [ 76.186047][ T1115] ? trace_ext4_get_implied_cluster_alloc_exit+0x83/0x1e0 [ 76.189718][ T1115] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 76.192375][ T1115] ? ext4_ext_check_overlap+0x438/0x580 [ 76.194841][ T1115] ? ext4_ext_find_goal+0xf0/0x1e0 [ 76.197178][ T1115] ext4_ext_map_blocks+0x1877/0x69c0 [ 76.215757][ T1115] ? stack_trace_save+0x9c/0xe0 [ 76.217963][ T1115] ? stack_depot_save_flags+0x33/0x810 [ 76.220482][ T1115] ? ext4_map_blocks+0x73f/0x16f0 [ 76.233730][ T1115] ? __pfx_ext4_ext_map_blocks+0x10/0x10 [ 76.236757][ T1115] ? ext4_es_lookup_extent+0x6cd/0xb00 [ 76.239445][ T1115] ext4_map_blocks+0x82c/0x16f0 [ 76.241832][ T1115] ? __pfx_ext4_map_blocks+0x10/0x10 [ 76.244268][ T1115] ? rcu_is_watching+0x15/0xb0 [ 76.246481][ T1115] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 76.264377][ T1115] ? kmem_cache_alloc_noprof+0x3ce/0x710 [ 76.267075][ T1115] ? ext4_inode_journal_mode+0x193/0x470 [ 76.270367][ T1115] ext4_do_writepages+0x222f/0x4500 [ 76.273349][ T1115] ? __pfx_ext4_do_writepages+0x10/0x10 [ 76.276251][ T1115] ? __lock_acquire+0x6b6/0x2cf0 [ 76.278271][ T1115] ? filemap_get_folios_tag+0xed/0x630 [ 76.289768][ T1115] ? filemap_get_folios_tag+0x53b/0x630 [ 76.293737][ T1115] ? filemap_get_folios_tag+0xed/0x630 [ 76.296016][ T1115] ? ext4_writepages+0x1ca/0x350 [ 76.298202][ T1115] ? ext4_writepages+0x1ca/0x350 [ 76.332777][ T1115] ext4_writepages+0x203/0x350 [ 76.334927][ T1115] ? __pfx_ext4_writepages+0x10/0x10 [ 76.337211][ T1115] ? __pfx_ext4_writepages+0x10/0x10 [ 76.339370][ T1115] do_writepages+0x32e/0x550 [ 76.348769][ T1115] ? reacquire_held_locks+0x104/0x190 [ 76.363604][ T1115] ? writeback_sb_inodes+0x3bd/0x1870 [ 76.366210][ T1115] __writeback_single_inode+0x133/0x1240 [ 76.368656][ T1115] ? do_raw_spin_unlock+0x4d/0x240 [ 76.370798][ T1115] writeback_sb_inodes+0x93a/0x1870 [ 76.372961][ T1115] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 76.375446][ T1115] ? __pfx_down_read_trylock+0x10/0x10 [ 76.382979][ T1115] ? __pfx___up_read+0x10/0x10 [ 76.392050][ T1115] __writeback_inodes_wb+0x111/0x240 [ 76.395669][ T1115] wb_writeback+0x43f/0xaa0 [ 76.397958][ T1115] ? queue_io+0x261/0x450 [ 76.399959][ T1115] ? __pfx_wb_writeback+0x10/0x10 [ 76.433341][ T1115] ? do_raw_spin_lock+0x121/0x290 [ 76.436107][ T1115] wb_workfn+0x8ee/0xed0 [ 76.439583][ T1115] ? __pfx_wb_workfn+0x10/0x10 [ 76.444355][ T1115] ? finish_task_switch+0x162/0x940 [ 76.447936][ T1115] ? do_raw_spin_lock+0x121/0x290 [ 76.453464][ T1115] ? lock_acquire+0x107/0x340 [ 76.462474][ T1115] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 76.465721][ T1115] ? process_scheduled_works+0x9ef/0x1770 [ 76.470879][ T1115] ? process_scheduled_works+0x9ef/0x1770 [ 76.482026][ T1115] ? process_scheduled_works+0x9ef/0x1770 [ 76.484647][ T1115] process_scheduled_works+0xad1/0x1770 [ 76.510885][ T1115] ? __pfx_process_scheduled_works+0x10/0x10 [ 76.513596][ T1115] ? do_raw_spin_lock+0x121/0x290 [ 76.515819][ T1115] worker_thread+0x8a0/0xda0 [ 76.517933][ T1115] kthread+0x711/0x8a0 [ 76.540967][ T1115] ? __pfx_worker_thread+0x10/0x10 [ 76.543782][ T1115] ? __pfx_kthread+0x10/0x10 [ 76.546758][ T1115] ? _raw_spin_unlock_irq+0x23/0x50 [ 76.549971][ T1115] ? __pfx_kthread+0x10/0x10 [ 76.562292][ T1115] ret_from_fork+0x510/0xa50 [ 76.572603][ T1115] ? __pfx_ret_from_fork+0x10/0x10 [ 76.575660][ T1115] ? __switch_to+0xc9e/0x1480 [ 76.577865][ T1115] ? __pfx_kthread+0x10/0x10 [ 76.580037][ T1115] ret_from_fork_asm+0x1a/0x30 [ 76.600870][ T1115] [ 76.602278][ T1115] Modules linked in: [ 76.606004][ C0] vcan0: j1939_tp_rxtimer: 0xffff888011182c00: rx timeout, send abort [ 76.622600][ T1115] ---[ end trace 0000000000000000 ]--- [ 76.677317][ T1312] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.683682][ T1312] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.727803][ T1115] RIP: 0010:ext4_mb_normalize_request+0x1cc9/0x1d00 [ 76.731059][ C0] vcan0: j1939_tp_rxtimer: 0xffff888011501400: rx timeout, send abort [ 76.743730][ T1115] Code: 5b a9 ff 48 8b 44 24 38 48 8b 38 48 c7 c6 40 44 7f 8b 48 c7 c2 a0 5a 7f 8b 48 8b 4c 24 28 4d 89 f0 49 89 d9 e8 48 f5 09 00 90 <0f> 0b e8 30 b0 41 ff 90 0f 0b e8 28 b0 41 ff 90 0f 0b e8 20 b0 41 [ 76.766302][ T1115] RSP: 0018:ffffc90003556520 EFLAGS: 00010246 [ 76.769716][ T1115] RAX: 63f3948d54d4bb00 RBX: 0000000000020000 RCX: 63f3948d54d4bb00 [ 76.784716][ T1115] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 76.789350][ T1115] RBP: 0000000000000000 R08: ffffc90003556167 R09: 1ffff920006aac2c [ 76.793643][ T1115] R10: dffffc0000000000 R11: fffff520006aac2d R12: ffffffff00020800 [ 76.797862][ T1115] R13: dffffc0000000000 R14: 0000000000020000 R15: 0000000000020000 [ 76.803699][ T1115] FS: 0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 76.808821][ T1115] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.811996][ T1115] CR2: 00007f142be4dad0 CR3: 0000000011107000 CR4: 0000000000352ef0 [ 76.815804][ T1115] Kernel panic - not syncing: Fatal exception [ 76.819222][ T1115] Kernel Offset: disabled [ 76.821968][ T1115] Rebooting in 86400 seconds..