program: openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socketpair(0x28, 0x80000, 0x8e, &(0x7f0000000000)) r1 = io_uring_setup(0x177f, &(0x7f00000002c0)) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) bind$bt_sco(r2, &(0x7f0000000000)={0x1f, @none}, 0x8) listen(r2, 0x0) accept(r2, 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) accept4(r3, 0x0, 0x0, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1900000004000000040000000d"], 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f0000000540)='P', &(0x7f0000000000)=""/7, 0x2}, 0x20) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r4, &(0x7f0000000100), &(0x7f0000000000)=""/2, 0x2}, 0x20) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000040)={[{@nobarrier}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4b0, &(0x7f0000000b80)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9cmlzduFIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLOzKT5mjhompGc3w9Oc97zTs/zvhmel3Pec05OAJl1NvknFzEYEZ9GxNFGcfMHzjZ+rN2/OZUsuajXL3+TSz+XlFsfbf2/IxGxGhF9EfH04xEv5LbHrS6vzE6Wy6XFZrlYm1soVpdXLlybm5wpzZTmR8YvTkyMD4+NTuxZX2+/9tLtSx882fv+D6/eu/v6Rx8mzRps1m3sx15qdL0njm/YdigiHn0Ywbqg0OxPf7cbwm+SfH9/iYhzaf4fjUL6bQJZUK/X6z/XD7erXq0DB1Y+PQbO5YciorGezw8NNY7h/xoD+XKlWvvv1crS/HTjWPlY9OSvXiuXhpvnCseiJ5eUR9L1B+XRLeWxiPQY+I1Cf1oemqqUp/d3qAO2ONLM//5m/n9faOQ/kBE7n/K3PSkADhBTfpBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yHzLpqUuXkqXeev59+vry0mzl+oXpUnV2aG5pamiqsrgwNFOpzKTP7Mz92v7KlcrCyP9i6UaxVqrWitXllStzlaX52pX0uf4rpZ596RXQieNn7nyei4jV//enS6K3WSdX4WCr13PR7WeQge4odHsAArrG1B9kl3N8YIc/0btJX7uKhb1vC7A/8t1uANA150+5/gdZZf4fssv8P2SXY3zA/D9kj/l/yK7BNu//+tOGd3cNR8SfI+KzQs/h1ru+gIMg/1UuIp8c/58/+s/BrbW9uR/TSwS9EfHyO5ffujFZqy2OJNu/Xd9ee7u5fbQb7Qc61crTVh4DANm1dv/mVGvZz7hfP9a4CWF7/EPNucm+9BrlwFpu070KuT26d2H1VkSc3Cl+rvm+88aVj4G1wrb4J5o/c41dpO09lL43fX/in9oQ/x8b4p/+3b8VyIY7yfgzvFP+5dOcjvX82zz+DO7RvRPtx7/8+vhXaDP+nekwxovvvvJl2/i3Ik7vGL8Vry+NtTV+0rbznYXP3Xvumb+1q6y/19jPTvHXdxARxdrcQrG6vHIh/TtyM6X5kfGLExPjw2OjE8V0jrrYmqne7pGTn9zdrf8DbeLv1v9k278763/89PePnz27S/x/ndv5+z+xS/z+iPhPh/G/G/3i+XZ1SfzpNv3P7xI/2TbWYfzqm094lzgA/IFUl1dmJ8vl0qIVK1asrK90e2QCHrYHSd/tlgAAAAAAAAAAAACd2o/bibvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg+CXAAAA///8zdZA") r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r5, 0x40086602, &(0x7f00000002c0)=0x2000000) creat(&(0x7f0000000040)='./bus\x00', 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9a, 0x1, 0x0, 0x0, 0x0, 0x5, 0x205, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x9, 0xffffffffffffff83}, 0x4480, 0x0, 0x0, 0x3, 0x3, 0x0, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x5) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) write$cgroup_int(r5, &(0x7f0000000380)=0x3, 0x7480) close(r5) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000400)=ANY=[@ANYBLOB="7a0af8ff75257075bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000071000000b7000000000000009500000000000000b2595285faa6ead0169191d54f8196217fc560e2fc91f6da4dad4fdc2eb1b257183fa3bcd48666d1ddd73f3047d248df061222193165274bc7f2382f6cda4bfdd45be583823c0f09601f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000000db453620ce7243d1aebd00000000000000005839c77edf2d34b12cd48a0c20fb7dd843267e0331759f4ec6b5b0af58e604f4942eb613eff289026d5045ef76d7d864409eb2dcc718a09f4886afc26abba34635d0e8b54bc76be40d435aa8b5202db761014b1b999a12df6bee431a666100"/296], &(0x7f0000000100)='GPL\x00'}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r4}, &(0x7f0000000200)=0x2000000, &(0x7f0000000140)=r7}, 0x20) [ 75.730310][ T5297] Bluetooth: hci0: command tx timeout [ 75.909560][ T5318] loop0: detected capacity change from 0 to 512 [ 75.991351][ T5318] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 75.996310][ T5318] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.041349][ T5317] loop0: detected capacity change from 512 to 64 [ 76.060895][ T5317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Out of memory [ 76.068807][ T5317] EXT4-fs error (device loop0): ext4_splice_branch:479: inode #18: comm syz.0.0: mark_inode_dirty error [ 76.089027][ T5317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Out of memory [ 76.094767][ T5317] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #18: comm syz.0.0: mark_inode_dirty error [ 76.210318][ T5317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Out of memory [ 76.214915][ T5317] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #18: comm syz.0.0: mark_inode_dirty error [ 76.220973][ T5317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Out of memory [ 76.225463][ T5317] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #18: comm syz.0.0: mark_inode_dirty error [ 76.231604][ T5317] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6313: Out of memory [ 76.235855][ T5317] EXT4-fs error (device loop0): ext4_dirty_inode:6517: inode #18: comm syz.0.0: mark_inode_dirty error [ 76.243848][ T5317] syz.0.0: attempt to access beyond end of device [ 76.243848][ T5317] loop0: rw=2049, sector=386, nr_sectors = 24 limit=64 [ 76.250256][ T5317] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 193) [ 76.256087][ T5317] Buffer I/O error on device loop0, logical block 193 [ 76.259279][ T5317] Buffer I/O error on device loop0, logical block 194 [ 76.262129][ T5317] Buffer I/O error on device loop0, logical block 195 [ 76.264900][ T5317] Buffer I/O error on device loop0, logical block 196 [ 76.267691][ T5317] Buffer I/O error on device loop0, logical block 197 [ 76.270581][ T5317] Buffer I/O error on device loop0, logical block 198 [ 76.273576][ T5317] Buffer I/O error on device loop0, logical block 199 [ 76.276480][ T5317] Buffer I/O error on device loop0, logical block 200 [ 76.279426][ T5317] Buffer I/O error on device loop0, logical block 201 [ 76.282244][ T5317] Buffer I/O error on device loop0, logical block 202 [ 76.391677][ T5317] ------------[ cut here ]------------ [ 76.394553][ T5317] kernel BUG at fs/ext4/mballoc.c:4765! [ 76.397000][ T5317] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 76.399749][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.403616][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.408032][ T5317] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 76.410670][ T5317] Code: e8 24 e7 a9 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 d0 a6 42 ff 90 0f 0b e8 c8 a6 42 ff 90 0f 0b e8 c0 a6 42 ff 90 <0f> 0b e8 b8 a6 42 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 76.418679][ T5317] RSP: 0018:ffffc9000d3e6c28 EFLAGS: 00010283 [ 76.421237][ T5317] RAX: ffffffff827d7cb0 RBX: 00000000fffffffe RCX: 0000000000100000 [ 76.424606][ T5317] RDX: ffffc9000de22000 RSI: 000000000000c266 RDI: 000000000000c267 [ 76.428068][ T5317] RBP: 1ffff110085b730c R08: ffff888042dba24b R09: 1ffff110085b7449 [ 76.431584][ T5317] R10: dffffc0000000000 R11: ffffed10085b744a R12: 0000000000000000 [ 76.435150][ T5317] R13: 0000000000000012 R14: 1ffff110085b744c R15: ffff888042dba260 [ 76.438582][ T5317] FS: 00007f53d439e6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 76.442337][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.445066][ T5317] CR2: 00007f4721593000 CR3: 000000000035b000 CR4: 0000000000352ef0 [ 76.448488][ T5317] Call Trace: [ 76.449967][ T5317] [ 76.451276][ T5317] ext4_mb_use_preallocated+0x660/0x13f0 [ 76.453650][ T5317] ext4_mb_new_blocks+0x5b4/0x4720 [ 76.455772][ T5317] ? rcu_is_watching+0x15/0xb0 [ 76.457960][ T5317] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 76.460406][ T5317] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 76.463077][ T5317] ? ext4_block_to_path+0x297/0x6f0 [ 76.465544][ T5317] ext4_ind_map_blocks+0xe42/0x21c0 [ 76.467906][ T5317] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 76.470381][ T5317] ? __pfx_down_write+0x10/0x10 [ 76.472914][ T5317] ? ext4_es_lookup_extent+0x622/0xa70 [ 76.475639][ T5317] ext4_map_blocks+0x7fe/0x1740 [ 76.478204][ T5317] ? __pfx_ext4_map_blocks+0x10/0x10 [ 76.480671][ T5317] ? rcu_is_watching+0x15/0xb0 [ 76.482786][ T5317] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 76.485139][ T5317] ? kmem_cache_alloc_noprof+0x3b8/0x6e0 [ 76.487563][ T5317] ext4_do_writepages+0x16a1/0x4610 [ 76.489820][ T5317] ? __free_object+0x4e3/0x6d0 [ 76.491808][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.494222][ T5317] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 76.497278][ T5317] ? __pfx_ext4_do_writepages+0x10/0x10 [ 76.500082][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.502240][ T5317] ? __lock_acquire+0xab9/0xd20 [ 76.504438][ T5317] ? rcu_read_lock_any_held+0xb3/0x120 [ 76.506903][ T5317] ext4_writepages+0x205/0x350 [ 76.509004][ T5317] ? __pfx_ext4_writepages+0x10/0x10 [ 76.511326][ T5317] ? __pfx_ext4_writepages+0x10/0x10 [ 76.513706][ T5317] do_writepages+0x32e/0x550 [ 76.515839][ T5317] ? do_raw_spin_lock+0x121/0x290 [ 76.518006][ T5317] __writeback_single_inode+0x145/0xff0 [ 76.520329][ T5317] ? do_raw_spin_unlock+0x4d/0x240 [ 76.522519][ T5317] writeback_single_inode+0x1f9/0x6a0 [ 76.524836][ T5317] write_inode_now+0x160/0x1d0 [ 76.526960][ T5317] ? __pfx_write_inode_now+0x10/0x10 [ 76.529287][ T5317] ? do_raw_spin_unlock+0x4d/0x240 [ 76.531424][ T5317] iput+0x830/0xc50 [ 76.533059][ T5317] __dentry_kill+0x209/0x660 [ 76.534952][ T5317] ? dput+0x37/0x2b0 [ 76.536566][ T5317] dput+0x19f/0x2b0 [ 76.538150][ T5317] __fput+0x68e/0xa70 [ 76.539801][ T5317] fput_close_sync+0x119/0x200 [ 76.541705][ T5317] ? dnotify_flush+0x1db/0x5e0 [ 76.543575][ T5317] ? __pfx_fput_close_sync+0x10/0x10 [ 76.545644][ T5317] ? do_raw_spin_unlock+0x4d/0x240 [ 76.547791][ T5317] __x64_sys_close+0x7f/0x110 [ 76.549890][ T5317] do_syscall_64+0xfa/0xfa0 [ 76.551920][ T5317] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.554252][ T5317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.556901][ T5317] ? clear_bhb_loop+0x60/0xb0 [ 76.558952][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.561490][ T5317] RIP: 0033:0x7f53d358f6c9 [ 76.563405][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.571452][ T5317] RSP: 002b:00007f53d439e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 76.575059][ T5317] RAX: ffffffffffffffda RBX: 00007f53d37e5fa0 RCX: 00007f53d358f6c9 [ 76.578410][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 000000000000000a [ 76.581827][ T5317] RBP: 00007f53d3611f91 R08: 0000000000000000 R09: 0000000000000000 [ 76.585305][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.588710][ T5317] R13: 00007f53d37e6038 R14: 00007f53d37e5fa0 R15: 00007fffb4d01688 [ 76.592160][ T5317] [ 76.593607][ T5317] Modules linked in: [ 76.596486][ T5317] ---[ end trace 0000000000000000 ]--- [ 76.598822][ T5317] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 76.601594][ T5317] Code: e8 24 e7 a9 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 d0 a6 42 ff 90 0f 0b e8 c8 a6 42 ff 90 0f 0b e8 c0 a6 42 ff 90 <0f> 0b e8 b8 a6 42 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 76.609618][ T5317] RSP: 0018:ffffc9000d3e6c28 EFLAGS: 00010283 [ 76.612286][ T5317] RAX: ffffffff827d7cb0 RBX: 00000000fffffffe RCX: 0000000000100000 [ 76.615620][ T5317] RDX: ffffc9000de22000 RSI: 000000000000c266 RDI: 000000000000c267 [ 76.620413][ T5317] RBP: 1ffff110085b730c R08: ffff888042dba24b R09: 1ffff110085b7449 [ 76.623862][ T5317] R10: dffffc0000000000 R11: ffffed10085b744a R12: 0000000000000000 [ 76.627243][ T5317] R13: 0000000000000012 R14: 1ffff110085b744c R15: ffff888042dba260 [ 76.630535][ T5317] FS: 00007f53d439e6c0(0000) GS:ffff88808d730000(0000) knlGS:0000000000000000 [ 76.634093][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.636673][ T5317] CR2: 00007f4721593000 CR3: 000000000035b000 CR4: 0000000000352ef0 [ 76.639990][ T5317] Kernel panic - not syncing: Fatal exception [ 76.642723][ T5317] Kernel Offset: disabled [ 76.644676][ T5317] Rebooting in 86400 seconds..