program: syz_mount_image$ext4(&(0x7f0000000500)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000004c0)={[{}]}, 0x1, 0x453, &(0x7f0000001040)="$eJzs3U9sFFUcB/DvbrslAbRg/IP4r4JKEaW2NUESTCTKSS4GE88NLYRYqKE1EUKMJh68eTHx7EG5eeTgyXjAoyZ48aaejJEYIvGk1sx2ly5lt3RD26nu55PM7pud132/mdffzO7ryzRAzxoqHirJ1iTfJxlcWL25wtDC0/VrF47/ee3C8Urm54/9XqnX++PahePNqs2f21I8VJPhalL9oJKH2rQ7e+78mxPT01NnG+sjc6ffGpk9d/7ZU6cnTk6dnDozeuDgC+OjB8bGx1dtX1+9+O6xLa+9dOSjySu/zVz86csi3q2Nba37sVqGMnTzsWzx1Go3VrL7WsqV/hIDoSt9SYruqtXzfzB9Wey8wXzzY6nBAWtqvrCp4+b35oH/sUrKjgAoR/NCX3z/bS7r9dmD8l09vPAFsOj3641lYUt/qo06tSXf71fTUJJDl458USxZo3EYAAAAgF721eEkz7Qb/6vm/pZ6RfmBJDuSPJhkZ1Kf1/NwkkeSPJrkseZ8oi4srb90/KfSaQINq+Lq4eRQY27XzeN/zdG/bOtrrN1VrKRWOXFqeuq5JHcnGU5tU7E+ukwbl7/957tO21rH/4qlaL85FtiI49f+JX+fnpyYm7iTfWbR1feTnf3t+r9yYyZQkYKPJ9nVzRvXFos/79p7slO12/c/a2n+02RP2/xvnHivHKw/LTM/c6R+PhhpnhVu9eHo2Cud2tf/5Sryf/Ny/Z9sq7TO153tvo3LOy692Glb9+f/Hz4rzv8DldfrAQ40Xn1nYm7u7GgyUDl66+tj3cf839b5Q1PzeDSPV9H/w7vbX//vaXm33UmeSPJkY+7ynvq1P9mb5Okk+5aJ5u+XD7zRaZv8L1fR/5Nt8//G1IAl+d994dD2T452an9l+f98/Rd6uPGKz3+3t9IOKjtOAAAAAAAAAFZHtX4PvEp1/41ytbp//8I9/O7N5ur0zOzcvhMzb5+ZXLhX3rbUqs2ZXoMt80FH6+XF9bEl6+NJtif5uO+vxp0HZqYny9556HFbOuR/4Ze+sqMD1pz7tULvWkH+19YjDmD9uf5D75L/0LvkP/Qu+Q+9S/5D75L/0LtWnv8DaxoHsP5c/6En3cl9/TZaoT8bIoy2heb8qZLCaP5L/g1yNDZm4fOvk3Voqy/JRtnlZQplnpUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANo5/AwAA//9EA9s8") r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20fffe82) open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x441, 0x102) fallocate(r3, 0x10, 0x7000, 0x7c27) [ 84.228633][ T5291] Bluetooth: hci0: command tx timeout [ 84.418297][ T5328] loop0: detected capacity change from 0 to 512 [ 84.562414][ T5328] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.630744][ T24] audit: type=1800 audit(1778188326.275:2): pid=5328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 84.697246][ T5328] loop0: detected capacity change from 512 to 64 [ 84.720909][ T5328] syz.0.0: attempt to access beyond end of device [ 84.720909][ T5328] loop0: rw=1, sector=88, nr_sectors = 24 limit=64 [ 84.738828][ T5328] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 15 starting block 44) [ 84.746065][ T5328] Buffer I/O error on device loop0, logical block 44 [ 84.749351][ T5328] Buffer I/O error on device loop0, logical block 45 [ 84.752252][ T5328] Buffer I/O error on device loop0, logical block 46 [ 84.755184][ T5328] Buffer I/O error on device loop0, logical block 47 [ 84.759990][ T5328] Buffer I/O error on device loop0, logical block 48 [ 84.763049][ T5328] Buffer I/O error on device loop0, logical block 49 [ 84.766250][ T5328] Buffer I/O error on device loop0, logical block 50 [ 84.769173][ T5328] Buffer I/O error on device loop0, logical block 51 [ 84.773018][ T5328] Buffer I/O error on device loop0, logical block 52 [ 84.775834][ T5328] Buffer I/O error on device loop0, logical block 53 [ 84.790952][ T68] ------------[ cut here ]------------ [ 84.794718][ T68] kernel BUG at fs/ext4/mballoc.c:4780! [ 84.797836][ T68] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 84.800821][ T68] CPU: 0 UID: 0 PID: 68 Comm: kworker/u4:4 Not tainted syzkaller #0 PREEMPT(full) [ 84.804921][ T68] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 84.809501][ T68] Workqueue: writeback wb_workfn (flush-7:0) [ 84.812368][ T68] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 84.815151][ T68] Code: e8 e4 91 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 c8 37 ff 90 0f 0b e8 78 c8 37 ff 90 0f 0b e8 70 c8 37 ff 90 <0f> 0b e8 68 c8 37 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 84.822831][ T68] RSP: 0018:ffffc90000ace528 EFLAGS: 00010293 [ 84.825521][ T68] RAX: ffffffff828e0670 RBX: 00000000ffffffcc RCX: ffff88800071ca00 [ 84.829255][ T68] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000020 [ 84.832861][ T68] RBP: 1ffff11008fd9329 R08: ffff888047ecdefb R09: 1ffff11008fd9bdf [ 84.836251][ T68] R10: dffffc0000000000 R11: ffffed1008fd9be0 R12: 0000000000000000 [ 84.839810][ T68] R13: 0000000000000054 R14: 1ffff11008fd9be2 R15: ffff888047ecdf10 [ 84.843529][ T68] FS: 0000000000000000(0000) GS:ffff88808c882000(0000) knlGS:0000000000000000 [ 84.847872][ T68] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 84.850671][ T68] CR2: 00007fdeb4b4f000 CR3: 000000000e74a000 CR4: 0000000000352ef0 [ 84.854300][ T68] Call Trace: [ 84.855910][ T68] [ 84.857318][ T68] ext4_mb_use_preallocated+0x660/0x13f0 [ 84.859948][ T68] ext4_mb_new_blocks+0x5e2/0x46c0 [ 84.862331][ T68] ? rcu_is_watching+0x15/0xb0 [ 84.864614][ T68] ? __mark_inode_dirty+0x4cf/0x13b0 [ 84.867100][ T68] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 84.869921][ T68] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 84.872711][ T68] ? ext4_block_to_path+0x297/0x6f0 [ 84.875258][ T68] ext4_ind_map_blocks+0xe96/0x2260 [ 84.877684][ T68] ? __lock_acquire+0x146e/0x2cf0 [ 84.880057][ T68] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 84.882683][ T68] ? ext4_map_blocks+0x7b5/0x11d0 [ 84.885071][ T68] ext4_map_create_blocks+0xc1/0x540 [ 84.887543][ T68] ext4_map_blocks+0x7cd/0x11d0 [ 84.889636][ T68] ? __pfx_ext4_map_blocks+0x10/0x10 [ 84.891984][ T68] ? __ext4_journal_ensure_credits+0x30/0x450 [ 84.894733][ T68] ext4_do_writepages+0x18f3/0x4670 [ 84.897102][ T68] ? __pfx_ext4_do_writepages+0x10/0x10 [ 84.899826][ T68] ? __lock_acquire+0x6b5/0x2cf0 [ 84.902261][ T68] ? filemap_get_folios_tag+0x118/0x720 [ 84.905111][ T68] ? filemap_get_folios_tag+0x61c/0x720 [ 84.907572][ T68] ? filemap_get_folios_tag+0x118/0x720 [ 84.909938][ T68] ? ext4_writepages+0x205/0x3b0 [ 84.912373][ T68] ? ext4_writepages+0x205/0x3b0 [ 84.914328][ T68] ext4_writepages+0x241/0x3b0 [ 84.916530][ T68] ? __pfx_ext4_writepages+0x10/0x10 [ 84.918880][ T68] ? unwind_next_frame+0xa6/0x2550 [ 84.921178][ T68] ? __pfx_ext4_writepages+0x10/0x10 [ 84.923455][ T68] do_writepages+0x32e/0x550 [ 84.925421][ T68] ? reacquire_held_locks+0x104/0x190 [ 84.927749][ T68] ? writeback_sb_inodes+0x463/0x19d0 [ 84.930277][ T68] __writeback_single_inode+0x133/0x10e0 [ 84.933111][ T68] ? do_raw_spin_unlock+0x4d/0x210 [ 84.935487][ T68] writeback_sb_inodes+0x979/0x19d0 [ 84.937870][ T68] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 84.940344][ T68] ? __pfx_down_read_trylock+0x10/0x10 [ 84.942838][ T68] ? __pfx___up_read+0x10/0x10 [ 84.944973][ T68] __writeback_inodes_wb+0x111/0x240 [ 84.947347][ T68] wb_writeback+0x459/0xb00 [ 84.949467][ T68] ? queue_io+0x241/0x470 [ 84.951324][ T68] ? __pfx_wb_writeback+0x10/0x10 [ 84.953623][ T68] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.955919][ T68] wb_workfn+0x921/0xf10 [ 84.957893][ T68] ? __lock_acquire+0x6b5/0x2cf0 [ 84.960181][ T68] ? look_up_lock_class+0x57/0x110 [ 84.962778][ T68] ? __pfx_wb_workfn+0x10/0x10 [ 84.965120][ T68] ? do_raw_spin_lock+0x12b/0x2f0 [ 84.967653][ T68] ? lock_acquire+0x106/0x350 [ 84.969811][ T68] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 84.972233][ T68] ? process_scheduled_works+0xa70/0x1860 [ 84.974802][ T68] ? process_scheduled_works+0xa70/0x1860 [ 84.977249][ T68] ? process_scheduled_works+0xa70/0x1860 [ 84.979873][ T68] process_scheduled_works+0xb5d/0x1860 [ 84.982427][ T68] ? __pfx_process_scheduled_works+0x10/0x10 [ 84.985356][ T68] ? assign_work+0x3d5/0x5e0 [ 84.987554][ T68] worker_thread+0xa53/0xfc0 [ 84.989691][ T68] kthread+0x388/0x470 [ 84.991526][ T68] ? __pfx_worker_thread+0x10/0x10 [ 84.993822][ T68] ? __pfx_kthread+0x10/0x10 [ 84.995910][ T68] ret_from_fork+0x514/0xb70 [ 84.998032][ T68] ? __pfx_ret_from_fork+0x10/0x10 [ 85.000370][ T68] ? __switch_to+0xc79/0x1410 [ 85.002439][ T68] ? __pfx_kthread+0x10/0x10 [ 85.004639][ T68] ret_from_fork_asm+0x1a/0x30 [ 85.006997][ T68] [ 85.008584][ T68] Modules linked in: [ 85.011405][ T68] ---[ end trace 0000000000000000 ]--- [ 85.014296][ T68] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 85.017189][ T68] Code: e8 e4 91 a4 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 80 c8 37 ff 90 0f 0b e8 78 c8 37 ff 90 0f 0b e8 70 c8 37 ff 90 <0f> 0b e8 68 c8 37 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 85.025896][ T68] RSP: 0018:ffffc90000ace528 EFLAGS: 00010293 [ 85.028774][ T68] RAX: ffffffff828e0670 RBX: 00000000ffffffcc RCX: ffff88800071ca00 [ 85.032416][ T68] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000020 [ 85.036757][ T68] RBP: 1ffff11008fd9329 R08: ffff888047ecdefb R09: 1ffff11008fd9bdf [ 85.040527][ T68] R10: dffffc0000000000 R11: ffffed1008fd9be0 R12: 0000000000000000 [ 85.044377][ T68] R13: 0000000000000054 R14: 1ffff11008fd9be2 R15: ffff888047ecdf10 [ 85.048028][ T68] FS: 0000000000000000(0000) GS:ffff88808c882000(0000) knlGS:0000000000000000 [ 85.052286][ T68] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.055233][ T68] CR2: 00007fdeb4b4f000 CR3: 000000000e74a000 CR4: 0000000000352ef0 [ 85.059149][ T68] Kernel panic - not syncing: Fatal exception [ 85.062368][ T68] Kernel Offset: disabled [ 85.064557][ T68] Rebooting in 86400 seconds..