program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x200000, &(0x7f0000000500), 0xfc, 0x57c, &(0x7f0000000680)="$eJzs3U1rG9caAOB3xnbifNxrB0K4t4tiyKIpaaTY7kcKXaTL0oYG2n0qbMUEy1Gw5BC7gSaLZtNNCYVSGijtvvsuQ/9Af0WgDYQSTLvoxmXkkaPEki078kei54Gxz5kZ+ZxXM+/xGY2EAuhbY9mPNOL/EfF1EjHSsm0w8o1jq/stP745lS1JrKx88mcSSb6uuX+S/z6SV/4XEb9+GXE6Xd9ubXFptlSplOfzejGSa8Xa4tKZK3OlmfJM+erE5OS5tyYn3n3n7Z7F+vrFv7/7+P4H5746ufztzw+P3U3ifBzNt7XG8RxutVbGYix/Tobi/DM7jvegsf0k2esOsC0DeZ4PRTYGjMRAnvVtrYzsZteAHfZFltZAn0rkP/Sp5jygeW3fo+vgF8aj91cvgNbHP7j62kgMN66NDi8nT10ZZde7oz1oP2vjlz/u3c2W6N3rEACbunU7Is4ODq4f/5J8/Nu+s13s82wbxj/YPfez+c8b7eY/6dr8J9rMf460yd3t2Dz/04c9aKajbP73Xtv579pNq9GBvPafxpxvKLl8pVLOxrb/RsSpGDqY1Te4n/NZuvxgpdPG1vlftmTtN+eCeT8eDh58+jHTpXrpuYJu8eh2xCtt57/J2vFP2hz/7Pm42GUbJ8r3Xu20bfP4d9bKjxGvtT3+T+5oZaVifa7T/cli43woNs+K9f66c+K3Tu3vdfzZ8T+8cfyjSev92trW2/hh+J9yp23bPf8PJJ82ygfydTdK9fr8eMSB5KP16yeePLZZb+6fxX/q5MbjX7vz/1CW2F3Gf+f4ndZdh7cW/87K4p/e0vHfeuHBh59/36n97o7/m43SqXxNN+Nftx18nucOAAAAAAAA9ps0Io5GkhbWymlaKKy+v+N4HE4r1Vr99OXqwtXpaHxWdjSG0uad7pGW90OM5++HbdYnnqlPRsSxiPhm4FCjXpiqVqb3OngAAAAAAAAAAAAAAAAAAADYJ45EDLf7/H/m94G97h2w4zb4ym/gJdc5//MtvfimJ2Bfas3/g3vYD2D3mf9D/+oi/9Pd6Aew+/z/h/4l/6F/yX/oX/If+tdW8v+nCzvYEQAAAAAAAAAAAAAAAAAAAAAAAAAAAHg5XLxwIVtWlh/fnMrq09cXF2ar189Ml2uzhbmFqcJUdf5aYaZanamUC1PVuc3+XqVavTY+EQs3ivVyrV6sLS5dmqsuXK1fujJXmilfKg/tSlQAAAAAAAAAAAAAAAAAAADwYqktLs2WKpXyvILCtgqD+6MbnQppfqLvl/68MIU9HpgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMW/AQAA//+LGzah") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) creat(&(0x7f0000000380)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef35bf413db93852f7bda4ae6dddfbd1ce5d29c2eeee09e737e60edf110f5bcb7639c2eb4b78c6df701905b9aafab4af000055a3f6a00400", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000c700e6d602000000000000080000000001", [0xa, 0x1]}) writev(r0, &(0x7f0000000f00)=[{&(0x7f0000000080)="0263d067af3a8cb95adad205719e8576b63c24c0d18631b204c82e6a5cf0f3532527e7c97a91f884e339f57e34f30e8e5164bcdddfdd92062d9a3025d29c3dfe1c8c8df5b863f50a64509572b0c3e3007fde8c1bce93784694ccfe584e54da92955c93144cb554df8f1e867cbe84832abc", 0x71}, {&(0x7f0000000180)="6a27ef6b83c6cce699aefc6b677d21c3ad9904ec74d50b8a2a1330aa09fd3a46b04308c1584f2e8289551441368bced4aea20b148e407d7c010f76af26c10dfa62e4985e18b0a60d2f6a3d3ea347fa7205e3394c9e6104251e684386", 0x5c}, {&(0x7f00000002c0)="5546d88f882b4e44fdab6ea7dca41497ed1908b7a1a1916d9d7ad8dbbdf79914ba2ef8a8701048419138541260c277f77ecbd925b5b899831241c286f8b30ec8e5dbe9eac1e1a91b9f6dc2cd636e54fc91b182b43267e120b6fa89242d9c0eee6b361217884607ed7e399ace4ed5352deb3cc627f8d2bf5d45092ad4c52196d726a4995851454dd8bca92dcb888f671ab2eadfeeffc13db973831c6573", 0x9d}, {&(0x7f0000000540)="24a617e867344b20692a89c6cfb8f4dde106cbd988ee9a8333605a3c19074d38c8c954b191039f810c907fadb9ebbe42a06b7aa3502ff2b1e17f69c240ac1d584ce6fdea1bf88087a11c838956886b9339a0af787dd5c841fda65599ad8c5ebbe92a034bbab7fdc734ce5a17425407a34c6f8c8e96c9bc9cbba467b503f9542b82a567c5201f7f6937cedb6db257be0b2875e98b8ec3998a1396724d5f28695bf2f0482a7f69b151005890abd5a465542fbee609e4c1357f036f80cd7a93b345f3ab823a55e4f42d08776a0daa", 0xcd}, {&(0x7f0000000c00)="b2c2f304c31cb2ed05472c969c8990b0233bc2f0c8aebd8fdc52619cd728f2fe87603052b22b17524a5a2ea482c4b328eb381b92f3c7efa7156477708b9ae09248b59e9bcba129c9545c3817173474d2bdbe99d206221ebf55cf9e5958a69443f12bbf5f15e1991232d0747f2d9877d91133e3c1371d2e4aff355afb579c4031a5023bdd793a7ffc4525a0ad4614dec7fe60901bfc43a2aedbaba2c0012bae2168832fefc08fc287f147ff0420408f4d5490784de7e6f73f2610b9a9eb8fc828d924b17c53609cfc6a47458a947464b86e0d0d47a43f69a6ba7dd3b1", 0xdc}, {&(0x7f0000000d00)="60d62994c8e06dd76f699c16560342ba9a074d6f353305322b72165d728e2aa05efb6224dbe65291a8e05227054483b40caa6b64140c5e4425595a8d5913810e7bfc6177a96231d0d19ed85a4fe5f1d8da704af2345b47b7bf0c289112d6c144d96eed4ef9d4e8a6a29f88a40d99894cc85acc27e1d38ea803ee2a87ed4d62600e83e691a4c57f64c980a3637bef7ebbe88a8310a462ba55bb609bfc0e95b229c3f022e28275d6a2ce1c9bcdf4206a64d8bceaa211c55ae827ceec70663af2c0ceca39180996c7d50f36e8bcc74f6376ebbd34c0f35f11cf1870", 0xda}, {&(0x7f0000000e00)="822fb9cf33c97cd997d9be8fd2f95508e8150fd7", 0x14}], 0x7) [ 78.716871][ T4665] Bluetooth: hci0: command tx timeout [ 78.842024][ T5319] loop0: detected capacity change from 0 to 1024 [ 78.965106][ T5319] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 79.028382][ T5319] loop0: detected capacity change from 1024 to 64 [ 79.057590][ T5319] EXT4-fs error (device loop0): xattr_find_entry:337: inode #15: comm syz.0.0: corrupted xattr entries [ 79.079197][ T5319] EXT4-fs error (device loop0): get_max_inline_xattr_value_size:74: inode #15: comm syz.0.0: corrupt xattr in inline inode [ 79.112060][ T1042] ------------[ cut here ]------------ [ 79.114890][ T1042] kernel BUG at fs/ext4/inode.c:2803! [ 79.118781][ T5319] EXT4-fs error (device loop0): xattr_find_entry:337: inode #15: comm syz.0.0: corrupted xattr entries [ 79.139017][ T1042] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 79.142351][ T1042] CPU: 0 UID: 0 PID: 1042 Comm: kworker/u4:7 Not tainted syzkaller #0 PREEMPT(full) [ 79.146693][ T1042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 79.151910][ T1042] Workqueue: writeback wb_workfn (flush-7:0) [ 79.154593][ T1042] RIP: 0010:ext4_do_writepages+0x46d6/0x46e0 [ 79.157382][ T1042] Code: c6 a0 1e e4 8b e8 da 20 a0 fe 90 0f 0b e8 b2 b6 3d ff 4c 89 f7 48 c7 c6 80 23 e4 8b e8 c3 20 a0 fe 90 0f 0b e8 9b b6 3d ff 90 <0f> 0b 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 [ 79.166749][ T1042] RSP: 0018:ffffc90005436c80 EFLAGS: 00010293 [ 79.169887][ T1042] RAX: ffffffff8287f9e5 RBX: 0000004210000000 RCX: ffff888036b2c980 [ 79.173908][ T1042] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 79.177551][ T1042] RBP: ffffc90005437090 R08: ffff888047e61d1f R09: 1ffff11008fcc3a3 [ 79.181446][ T1042] R10: dffffc0000000000 R11: ffffed1008fcc3a4 R12: dffffc0000000000 [ 79.185449][ T1042] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff11003e6b8c7 [ 79.189202][ T1042] FS: 0000000000000000(0000) GS:ffff88808ca55000(0000) knlGS:0000000000000000 [ 79.193433][ T1042] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 79.195919][ T1042] CR2: 00007fd75df7a000 CR3: 0000000011c60000 CR4: 0000000000352ef0 [ 79.199328][ T1042] Call Trace: [ 79.200941][ T1042] [ 79.202368][ T1042] ? kasan_quarantine_put+0xbb/0x1f0 [ 79.204787][ T1042] ? lockdep_hardirqs_on+0x7a/0x110 [ 79.207059][ T1042] ? __lock_acquire+0x6b5/0x2cf0 [ 79.209396][ T1042] ? __lock_acquire+0x6b5/0x2cf0 [ 79.211977][ T1042] ? __pfx_ext4_do_writepages+0x10/0x10 [ 79.214559][ T1042] ? __lock_acquire+0x6b5/0x2cf0 [ 79.216630][ T1042] ? unwind_next_frame+0xa5/0x23c0 [ 79.218922][ T1042] ext4_writepages+0x241/0x3b0 [ 79.221233][ T1042] ? __pfx_ext4_writepages+0x10/0x10 [ 79.224108][ T1042] ? update_cfs_rq_load_avg+0x3fb/0x4e0 [ 79.226826][ T1042] ? __pfx_ext4_writepages+0x10/0x10 [ 79.229194][ T1042] do_writepages+0x32e/0x550 [ 79.231308][ T1042] ? reacquire_held_locks+0x104/0x190 [ 79.233716][ T1042] ? writeback_sb_inodes+0x477/0x1a20 [ 79.236718][ T1042] __writeback_single_inode+0x133/0x11a0 [ 79.239930][ T1042] ? do_raw_spin_unlock+0x4d/0x210 [ 79.242315][ T1042] writeback_sb_inodes+0x992/0x1a20 [ 79.244700][ T1042] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 79.247254][ T1042] ? lockdep_hardirqs_on+0x7a/0x110 [ 79.249636][ T1042] ? __pfx_down_read_trylock+0x10/0x10 [ 79.252347][ T1042] ? __pfx_move_expired_inodes+0x10/0x10 [ 79.254741][ T1042] __writeback_inodes_wb+0x111/0x240 [ 79.257029][ T1042] wb_writeback+0x46a/0xb70 [ 79.259168][ T1042] ? queue_io+0x1d1/0x4a0 [ 79.261200][ T1042] ? __pfx_wb_writeback+0x10/0x10 [ 79.263705][ T1042] ? do_raw_spin_lock+0x12b/0x2f0 [ 79.266215][ T1042] wb_workfn+0x95b/0xf50 [ 79.268531][ T1042] ? __pfx_wb_workfn+0x10/0x10 [ 79.270875][ T1042] ? do_raw_spin_lock+0x12b/0x2f0 [ 79.273184][ T1042] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 79.275694][ T1042] ? process_scheduled_works+0xa8d/0x18c0 [ 79.278576][ T1042] ? process_scheduled_works+0xa8d/0x18c0 [ 79.281332][ T1042] process_scheduled_works+0xb6e/0x18c0 [ 79.283785][ T1042] ? __pfx_process_scheduled_works+0x10/0x10 [ 79.286598][ T1042] ? assign_work+0x3d5/0x5e0 [ 79.288994][ T1042] worker_thread+0xa53/0xfc0 [ 79.291585][ T1042] kthread+0x388/0x470 [ 79.293803][ T1042] ? __pfx_worker_thread+0x10/0x10 [ 79.296292][ T1042] ? __pfx_kthread+0x10/0x10 [ 79.298290][ T1042] ret_from_fork+0x51e/0xb90 [ 79.300304][ T1042] ? __pfx_ret_from_fork+0x10/0x10 [ 79.302570][ T1042] ? __switch_to+0xc7d/0x1450 [ 79.305014][ T1042] ? __pfx_kthread+0x10/0x10 [ 79.308222][ T1042] ret_from_fork_asm+0x1a/0x30 [ 79.310763][ T1042] [ 79.312146][ T1042] Modules linked in: [ 79.314783][ T1042] ---[ end trace 0000000000000000 ]--- [ 79.371963][ T5319] EXT4-fs error (device loop0): ext4_map_blocks:818: inode #15: block 1803188595: comm syz.0.0: lblock 0 mapped to illegal pblock 1803188595 (length 1) [ 79.378523][ T5319] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 79.385625][ T5319] EXT4-fs (loop0): This should not happen!! Data will be lost [ 79.385625][ T5319] [ 79.390729][ T1042] RIP: 0010:ext4_do_writepages+0x46d6/0x46e0