program: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r0, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x0, @empty}}, 0x24) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) r3 = open(&(0x7f0000000040)='./bus\x00', 0x10103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x4002011, r3, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x3, 0x4, &(0x7f0000001580)=ANY=[@ANYBLOB="18020000fc170000000000000000020085000000300000009500000000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) ftruncate(r3, 0x68f9) setsockopt$MRT_FLUSH(r3, 0x0, 0xd4, &(0x7f0000000180)=0x4, 0x4) fcntl$setstatus(r2, 0x4, 0x6000) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) accept4(r2, &(0x7f0000000040)=@in={0x2, 0x0, @private}, &(0x7f0000000100)=0x80, 0x80000) r5 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r5, 0x10e, 0xc, &(0x7f0000000000)={0xfffffffb}, 0x10) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000840)=@getlink={0x2c, 0x12, 0x2fa9ccd93d5c0297, 0x0, 0x0, {0x7}, [@IFLA_ADDRESS={0xa, 0x1, @random="4324a15b37da"}]}, 0x2c}}, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, "ef359f413bb90900f7d6a4ae6dddfbd11000000000000000000ff8ee09e737ff0edf110ff4117639c2eb8f18d2b8f6277dd41905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61ffcf33524bbd9bffbcc2542ded71038232d71e14efbac003000000852f2036dc783800000000e9b49600", "f28359738e229a4c66810000000000f300e6d902000000000000000000000001"}) io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x0, 0x1, 0x0, r2, &(0x7f0000000000), 0x4000000}]) [ 80.669796][ T5095] Bluetooth: hci0: command tx timeout [ 80.782807][ T5110] loop0: detected capacity change from 0 to 512 [ 80.823490][ T5110] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 80.919501][ T5110] loop0: detected capacity change from 512 to 64 [ 80.930036][ T5110] syz.0.0: attempt to access beyond end of device [ 80.930036][ T5110] loop0: rw=2049, sector=386, nr_sectors = 8 limit=64 [ 80.935262][ T5110] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 18 starting block 193) [ 80.959833][ T5110] Buffer I/O error on device loop0, logical block 193 [ 80.962902][ T5110] Buffer I/O error on device loop0, logical block 194 [ 80.965575][ T5110] Buffer I/O error on device loop0, logical block 195 [ 80.968143][ T5110] Buffer I/O error on device loop0, logical block 196 [ 80.982951][ T5110] syz.0.0: attempt to access beyond end of device [ 80.982951][ T5110] loop0: rw=2049, sector=386, nr_sectors = 8 limit=64 [ 80.995073][ T5110] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 18 starting block 193) [ 81.009215][ T5110] Buffer I/O error on device loop0, logical block 193 [ 81.011843][ T5110] Buffer I/O error on device loop0, logical block 194 [ 81.014475][ T5110] Buffer I/O error on device loop0, logical block 195 [ 81.017029][ T5110] Buffer I/O error on device loop0, logical block 196 [ 81.032076][ T5110] syz.0.0: attempt to access beyond end of device [ 81.032076][ T5110] loop0: rw=2049, sector=394, nr_sectors = 16 limit=64 [ 81.041138][ T5110] EXT4-fs warning (device loop0): ext4_end_bio:346: I/O error 10 writing to inode 18 starting block 197) [ 81.050712][ T5110] Buffer I/O error on device loop0, logical block 197 [ 81.053311][ T5110] Buffer I/O error on device loop0, logical block 198 [ 81.170311][ T5110] ------------[ cut here ]------------ [ 81.173172][ T5110] kernel BUG at fs/ext4/mballoc.c:4689! [ 81.175467][ T5110] Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI [ 81.178233][ T5110] CPU: 0 UID: 0 PID: 5110 Comm: syz.0.0 Not tainted 6.11.0-syzkaller-02574-ga430d95c5efa #0 [ 81.182165][ T5110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 81.186363][ T5110] RIP: 0010:ext4_mb_use_inode_pa+0x690/0x700 [ 81.188848][ T5110] Code: 40 48 b0 8e 4c 89 e6 48 89 ea e8 1b c0 8c 02 e9 be fc ff ff e8 41 81 32 ff 90 0f 0b e8 39 81 32 ff 90 0f 0b e8 31 81 32 ff 90 <0f> 0b e8 29 81 32 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 81.196232][ T5110] RSP: 0018:ffffc90002f6e748 EFLAGS: 00010287 [ 81.198630][ T5110] RAX: ffffffff8261256f RBX: 00000000fffffff4 RCX: 0000000000040000 [ 81.201701][ T5110] RDX: ffffc9000b899000 RSI: 0000000000029e1a RDI: 0000000000029e1b [ 81.204823][ T5110] RBP: 0000000000000000 R08: ffffffff8261226f R09: 1ffff11007ead866 [ 81.207838][ T5110] R10: dffffc0000000000 R11: ffffed1007ead867 R12: ffff88803f56c348 [ 81.210936][ T5110] R13: 1ffff11007eacea9 R14: 0000000000000010 R15: 1ffff11007ead869 [ 81.213985][ T5110] FS: 00007fcdff62a6c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 81.217446][ T5110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.220040][ T5110] CR2: 0000000020007000 CR3: 0000000011f18000 CR4: 0000000000350ef0 [ 81.223115][ T5110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.226161][ T5110] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.229259][ T5110] Call Trace: [ 81.230586][ T5110] [ 81.231752][ T5110] ? __die_body+0x88/0xe0 [ 81.233515][ T5110] ? die+0xcf/0x110 [ 81.235035][ T5110] ? do_trap+0x15a/0x3a0 [ 81.236723][ T5110] ? ext4_mb_use_inode_pa+0x690/0x700 [ 81.238656][ T5110] ? do_error_trap+0x1dc/0x2c0 [ 81.240351][ T5110] ? ext4_mb_use_inode_pa+0x690/0x700 [ 81.242273][ T5110] ? __pfx_do_error_trap+0x10/0x10 [ 81.244097][ T5110] ? handle_invalid_op+0x34/0x40 [ 81.246007][ T5110] ? ext4_mb_use_inode_pa+0x690/0x700 [ 81.248100][ T5110] ? exc_invalid_op+0x38/0x50 [ 81.250002][ T5110] ? asm_exc_invalid_op+0x1a/0x20 [ 81.251937][ T5110] ? ext4_mb_use_inode_pa+0x38f/0x700 [ 81.254061][ T5110] ? ext4_mb_use_inode_pa+0x68f/0x700 [ 81.256142][ T5110] ? ext4_mb_use_inode_pa+0x690/0x700 [ 81.258255][ T5110] ? ext4_mb_use_inode_pa+0x68f/0x700 [ 81.260393][ T5110] ext4_mb_use_preallocated+0x680/0x1420 [ 81.262626][ T5110] ext4_mb_new_blocks+0x6ef/0x4e30 [ 81.264700][ T5110] ? __mark_inode_dirty+0x3db/0xe90 [ 81.266770][ T5110] ? ext4_new_meta_blocks+0x33f/0x500 [ 81.268891][ T5110] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 81.271117][ T5110] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 81.273346][ T5110] ext4_ind_map_blocks+0x1084/0x2a10 [ 81.275429][ T5110] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 81.277653][ T5110] ? __pfx_lock_acquire+0x10/0x10 [ 81.279620][ T5110] ? __pfx_lock_release+0x10/0x10 [ 81.281608][ T5110] ? ext4_writepages+0x213/0x3c0 [ 81.283538][ T5110] ? filemap_fdatawrite_wbc+0x125/0x180 [ 81.285753][ T5110] ? ext4_file_write_iter+0x1753/0x19f0 [ 81.287914][ T5110] ? do_syscall_64+0xf3/0x230 [ 81.289798][ T5110] ? __pfx_down_write+0x10/0x10 [ 81.291721][ T5110] ? ext4_es_lookup_extent+0x61a/0xa90 [ 81.293850][ T5110] ext4_map_blocks+0x9f6/0x1d20 [ 81.295734][ T5110] ? __pfx_ext4_map_blocks+0x10/0x10 [ 81.297790][ T5110] ? ext4_alloc_io_end_vec+0x2b/0x160 [ 81.299842][ T5110] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 81.302042][ T5110] ext4_do_writepages+0x1605/0x3d40 [ 81.304060][ T5110] ? __lock_acquire+0x137a/0x2040 [ 81.306115][ T5110] ? __pfx_ext4_do_writepages+0x10/0x10 [ 81.308293][ T5110] ? rcu_read_lock_any_held+0xb7/0x160 [ 81.310458][ T5110] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 81.312839][ T5110] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 81.315302][ T5110] ? prepare_to_wait+0x184/0x210 [ 81.317187][ T5110] ext4_writepages+0x213/0x3c0 [ 81.319021][ T5110] ? __pfx_ext4_writepages+0x10/0x10 [ 81.321073][ T5110] ? __pfx_ext4_writepages+0x10/0x10 [ 81.323126][ T5110] do_writepages+0x35d/0x870 [ 81.324944][ T5110] ? __pfx_do_writepages+0x10/0x10 [ 81.326936][ T5110] ? wbc_attach_and_unlock_inode+0x317/0x580 [ 81.329303][ T5110] ? __pfx_lock_release+0x10/0x10 [ 81.331324][ T5110] ? do_raw_spin_unlock+0x58/0x8b0 [ 81.333408][ T5110] ? wbc_attach_and_unlock_inode+0x369/0x580 [ 81.335759][ T5110] filemap_fdatawrite_wbc+0x125/0x180 [ 81.338070][ T5110] filemap_write_and_wait_range+0x198/0x290 [ 81.340427][ T5110] ? __pfx_filemap_write_and_wait_range+0x10/0x10 [ 81.342894][ T5110] ? ext4_write_checks+0x255/0x2c0 [ 81.344897][ T5110] ? ext4_buffered_write_iter+0x20b/0x350 [ 81.347108][ T5110] ext4_file_write_iter+0x1753/0x19f0 [ 81.349232][ T5110] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 81.351453][ T5110] ? rcu_read_lock_any_held+0xb7/0x160 [ 81.353581][ T5110] ? rw_verify_area+0x1c3/0x6f0 [ 81.355377][ T5110] aio_write+0x56b/0x7c0 [ 81.357085][ T5110] ? __pfx_aio_write+0x10/0x10 [ 81.358976][ T5110] ? __might_fault+0xaa/0x120 [ 81.360828][ T5110] ? __pfx_lock_release+0x10/0x10 [ 81.362785][ T5110] ? __fget_files+0x3f3/0x470 [ 81.364767][ T5110] ? __might_fault+0xaa/0x120 [ 81.366611][ T5110] io_submit_one+0x8a7/0x18a0 [ 81.368421][ T5110] ? __pfx_io_submit_one+0x10/0x10 [ 81.370392][ T5110] ? __might_fault+0xaa/0x120 [ 81.372307][ T5110] ? __pfx_lock_release+0x10/0x10 [ 81.374371][ T5110] ? __might_fault+0xaa/0x120 [ 81.376260][ T5110] ? __might_fault+0xc6/0x120 [ 81.378163][ T5110] __se_sys_io_submit+0x179/0x2f0 [ 81.380143][ T5110] ? __pfx___se_sys_io_submit+0x10/0x10 [ 81.382329][ T5110] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 81.384609][ T5110] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 81.386978][ T5110] ? do_syscall_64+0x100/0x230 [ 81.388855][ T5110] ? do_syscall_64+0xb6/0x230 [ 81.390629][ T5110] do_syscall_64+0xf3/0x230 [ 81.392358][ T5110] ? clear_bhb_loop+0x35/0x90 [ 81.394154][ T5110] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 81.396378][ T5110] RIP: 0033:0x7fcdfe77def9 [ 81.398071][ T5110] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 81.405501][ T5110] RSP: 002b:00007fcdff62a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 81.408786][ T5110] RAX: ffffffffffffffda RBX: 00007fcdfe935f80 RCX: 00007fcdfe77def9 [ 81.411844][ T5110] RDX: 0000000020000540 RSI: 000000000000003b RDI: 00007fcdff5e0000 [ 81.414930][ T5110] RBP: 00007fcdfe7f0b76 R08: 0000000000000000 R09: 0000000000000000 [ 81.418100][ T5110] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 81.421155][ T5110] R13: 0000000000000000 R14: 00007fcdfe935f80 R15: 00007ffd6fdd98b8 [ 81.424203][ T5110] [ 81.425448][ T5110] Modules linked in: [ 81.427719][ T5110] ---[ end trace 0000000000000000 ]--- [ 81.430272][ T5110] RIP: 0010:ext4_mb_use_inode_pa+0x690/0x700 [ 81.432606][ T5110] Code: 40 48 b0 8e 4c 89 e6 48 89 ea e8 1b c0 8c 02 e9 be fc ff ff e8 41 81 32 ff 90 0f 0b e8 39 81 32 ff 90 0f 0b e8 31 81 32 ff 90 <0f> 0b e8 29 81 32 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 81.439883][ T5110] RSP: 0018:ffffc90002f6e748 EFLAGS: 00010287 [ 81.442177][ T5110] RAX: ffffffff8261256f RBX: 00000000fffffff4 RCX: 0000000000040000 [ 81.445090][ T5110] RDX: ffffc9000b899000 RSI: 0000000000029e1a RDI: 0000000000029e1b [ 81.448087][ T5110] RBP: 0000000000000000 R08: ffffffff8261226f R09: 1ffff11007ead866 [ 81.451197][ T5110] R10: dffffc0000000000 R11: ffffed1007ead867 R12: ffff88803f56c348 [ 81.453988][ T5110] R13: 1ffff11007eacea9 R14: 0000000000000010 R15: 1ffff11007ead869 [ 81.456751][ T5110] FS: 00007fcdff62a6c0(0000) GS:ffff88801fe00000(0000) knlGS:0000000000000000 [ 81.459964][ T5110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 81.462274][ T5110] CR2: 0000000020007000 CR3: 0000000011f18000 CR4: 0000000000350ef0 [ 81.465089][ T5110] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 81.468275][ T5110] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 81.471329][ T5110] Kernel panic - not syncing: Fatal exception [ 81.473947][ T5110] Kernel Offset: disabled [ 81.475651][ T5110] Rebooting in 86400 seconds..