program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x444, &(0x7f0000000980)="$eJzs3MtvG8UfAPDv2nHS5y/5lfJoaCFQEBGPpEkf9MAFBBIHkJC4FHEKSVqFpg1qgkSrCAKHcESVuCOOSPwFnOCCgBMSV7ijShXKpYWT0dq7qZvYaZw4del+PtLGM96xZr67O/bsjJ0ACmso/ZNE7IuI3yOiv569vcBQ/eHmyuLk3yuLk0lUq2//ldTK3VhZnMyL5q/bW89Uq1m+r0m9y+9GTMzOTl/K8qMLFz4Ynb985YWZCxPnps9NXxw/ffrE8SO9p8ZPdiTONK4bgx/PHT70+jtX35w8c/W9n79N27sv298YR6cM1Y9uU09XOl1bd+1vSCc9XWwIbSlHRHq6KrX+3x/l2L26rz9e+6yrjQN2VLVarTb7fM4sVYH7WBLdbgHQHfkHfXr/m293aehxT7j+cv0GKI37ZrbV9/REKStTWXN/20lDEXFm6Z+v0i12aB4CAKDR9+n45/lm479SPNRQ7n/ZGspARPw/Ig5ExAMRcTAiHoyolX04Ih5ps/61KyTrxz+la1sKbJPS8d9L2drW7eO/fPQXA+Ust78WfyU5OzM7fSw7JsNR6UvzYxvU8cOrv33Ral/j+C/d0vrzsWDWjms9aybopiYWJrYTc6Prn0YM9jSLP4l8GSeJiEMRMbjFOmae/eZwq313jn8DHVhnqn4d8Uz9/C/FmvhzScv1ybEXT42fHN0Vs9PHRvOrYr1ffl1+q1X924q/A9Lzv6fp9b8a/0CyK2L+8pXztfXa+fbrWP7j85b3NFu7/mdWG9ebPX40sbBwaSyiN3lj/fPjt16b5/PyafzDR5v3/wNx60g8GhHpRXwkIh6LiMeztj8REU9GxNEN4v/plafebz/+DWblOyiNf+pO5z8az3/7ifL5H79rP/5cev5P1FLD2TObef/bbAO3c+wAAADgv6JU+w58UhpZTZdKIyP17/AfjD1LMTe/8NzZuQ8vTtW/Kz8QlVI+09XfMB86ls0N5/nxNfnj2bzxl+XdtfzI5NzsVLeDh4Lb26L/p/4sd7t1wI7zey0oLv0fikv/h+LS/6G49H8ormb9/5MutAO4+3z+Q3Hp/1Bc+j8Ul/4PhdTyt/Glbf3kf7uJpBuVSrSTiNI90Yz7P9Gz6X9mscVEX9Nd3X5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6Ix/AwAA//+UFuN0") r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000200)=0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]}) io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x100000, 0x301f}]) [ 72.750389][ T5332] Bluetooth: hci0: command tx timeout [ 72.838881][ T5352] loop0: detected capacity change from 0 to 512 [ 72.884052][ T5352] EXT4-fs: Ignoring removed bh option [ 72.907590][ T5352] EXT4-fs error (device loop0): __ext4_iget:5464: inode #15: block 1803188595: comm syz.0.0: invalid block [ 72.915329][ T5352] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.0: couldn't read orphan inode 15 (err -117) [ 72.927928][ T5352] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 72.956770][ T5352] loop0: detected capacity change from 512 to 64 [ 72.973859][ T25] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm kworker/u4:2: corrupted inode contents [ 72.979801][ T25] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 72.985079][ T25] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm kworker/u4:2: corrupted inode contents [ 72.991649][ T25] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 72.997521][ T5352] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm syz.0.0: corrupted inode contents [ 73.002989][ T5352] EXT4-fs error (device loop0): ext4_write_end:1472: inode #18: comm syz.0.0: mark_inode_dirty error [ 73.009287][ T5352] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm syz.0.0: corrupted inode contents [ 73.014887][ T5352] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm syz.0.0: mark_inode_dirty error [ 73.020114][ T5352] ------------[ cut here ]------------ [ 73.022404][ T5352] kernel BUG at fs/ext4/mballoc.c:4755! [ 73.024614][ T5352] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 73.027516][ T5352] CPU: 0 UID: 0 PID: 5352 Comm: syz.0.0 Not tainted 6.17.0-rc1-syzkaller-00211-g90d970cade8e #0 PREEMPT(full) [ 73.032665][ T5352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 73.037353][ T5352] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 73.040105][ T5352] Code: e8 d4 c7 aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 10 e0 45 ff 90 0f 0b e8 08 e0 45 ff 90 0f 0b e8 00 e0 45 ff 90 <0f> 0b e8 f8 df 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 73.048323][ T5352] RSP: 0018:ffffc9000d3d67e8 EFLAGS: 00010283 [ 73.051058][ T5352] RAX: ffffffff8279db40 RBX: 00000000ffffff98 RCX: 0000000000100000 [ 73.054541][ T5352] RDX: ffffc9000e092000 RSI: 000000000000e6eb RDI: 000000000000e6ec [ 73.058035][ T5352] RBP: 1ffff1100875f8b5 R08: ffff888043afd5eb R09: 1ffff1100875fabd [ 73.061575][ T5352] R10: dffffc0000000000 R11: ffffed100875fabe R12: 0000000000000000 [ 73.064991][ T5352] R13: 0000000000000074 R14: 1ffff1100875fac0 R15: ffff888043afd600 [ 73.068391][ T5352] FS: 00007f0e239f56c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 73.072248][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.075122][ T5352] CR2: 000020000001d000 CR3: 00000000434b3000 CR4: 0000000000352ef0 [ 73.078502][ T5352] Call Trace: [ 73.080015][ T5352] [ 73.081332][ T5352] ext4_mb_use_preallocated+0x660/0x13f0 [ 73.083798][ T5352] ext4_mb_new_blocks+0x5b4/0x4720 [ 73.085939][ T5352] ? _raw_spin_unlock+0x28/0x50 [ 73.088216][ T5352] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 73.090602][ T5352] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 73.093021][ T5352] ? ext4_block_to_path+0x297/0x6f0 [ 73.095265][ T5352] ext4_ind_map_blocks+0xe21/0x21b0 [ 73.097504][ T5352] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 73.100217][ T5352] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 73.102723][ T5352] ? __pfx_down_write+0x10/0x10 [ 73.104871][ T5352] ? ext4_es_lookup_extent+0x622/0xa70 [ 73.107318][ T5352] ext4_map_blocks+0x7fe/0x1740 [ 73.109537][ T5352] ? __pfx_ext4_map_blocks+0x10/0x10 [ 73.112216][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.114687][ T5352] ext4_do_writepages+0x16a1/0x4610 [ 73.117435][ T5352] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 73.120651][ T5352] ? __pfx_ext4_do_writepages+0x10/0x10 [ 73.123577][ T5352] ? schedule+0x16f/0x360 [ 73.125557][ T5352] ? io_schedule+0x80/0xd0 [ 73.127605][ T5352] ? __wait_on_bit+0xfa/0x310 [ 73.129548][ T5352] ? __pfx_bit_wait_io+0x10/0x10 [ 73.131568][ T5352] ? __pfx_bit_wait_io+0x10/0x10 [ 73.133521][ T5352] ? out_of_line_wait_on_bit+0x123/0x170 [ 73.135671][ T5352] ? ext4_writepages+0x1cc/0x350 [ 73.137857][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.139989][ T5352] ? lock_acquire+0x5f/0x360 [ 73.142500][ T5352] ? preempt_count_add+0x91/0x1a0 [ 73.144903][ T5352] ext4_writepages+0x205/0x350 [ 73.147117][ T5352] ? __pfx_ext4_writepages+0x10/0x10 [ 73.149249][ T5352] ? __pfx_ext4_writepages+0x10/0x10 [ 73.153247][ T5352] do_writepages+0x32b/0x550 [ 73.155343][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.157447][ T5352] ? do_raw_spin_unlock+0x4d/0x240 [ 73.159722][ T5352] file_write_and_wait_range+0x23e/0x340 [ 73.162247][ T5352] ? __pfx_file_write_and_wait_range+0x10/0x10 [ 73.164878][ T5352] ? generic_perform_write+0x809/0x900 [ 73.167296][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.169440][ T5352] generic_buffers_fsync_noflush+0x6c/0x180 [ 73.172016][ T5352] ext4_sync_file+0x332/0xb20 [ 73.174193][ T5352] ext4_buffered_write_iter+0x2ca/0x3a0 [ 73.176726][ T5352] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 73.179442][ T5352] ext4_file_write_iter+0x298/0x1bc0 [ 73.181846][ T5352] ? stack_depot_save_flags+0x41b/0x860 [ 73.184363][ T5352] ? io_submit_one+0x78b/0x1310 [ 73.186563][ T5352] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 73.189613][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.191930][ T5352] ? lock_release+0x4b/0x3e0 [ 73.194037][ T5352] ? rw_verify_area+0x255/0x4d0 [ 73.196350][ T5352] aio_write+0x532/0x7a0 [ 73.198415][ T5352] ? __pfx_aio_write+0x10/0x10 [ 73.200543][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.202781][ T5352] ? lock_release+0x4b/0x3e0 [ 73.204853][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.207130][ T5352] ? lock_release+0x4b/0x3e0 [ 73.209208][ T5352] io_submit_one+0x78b/0x1310 [ 73.211430][ T5352] ? __pfx_io_submit_one+0x10/0x10 [ 73.213864][ T5352] ? __might_fault+0xb0/0x130 [ 73.215927][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.218109][ T5352] ? lock_acquire+0x5f/0x360 [ 73.220182][ T5352] ? lock_release+0x4b/0x3e0 [ 73.222394][ T5352] ? __might_fault+0xcc/0x130 [ 73.224440][ T5352] __se_sys_io_submit+0x185/0x2f0 [ 73.226684][ T5352] ? __pfx___se_sys_io_submit+0x10/0x10 [ 73.229093][ T5352] ? rcu_is_watching+0x15/0xb0 [ 73.231191][ T5352] do_syscall_64+0xfa/0x3b0 [ 73.233110][ T5352] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.235975][ T5352] ? clear_bhb_loop+0x60/0xb0 [ 73.238273][ T5352] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 73.241598][ T5352] RIP: 0033:0x7f0e2758ebe9 [ 73.243949][ T5352] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 73.253636][ T5352] RSP: 002b:00007f0e239f5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 73.256961][ T5352] RAX: ffffffffffffffda RBX: 00007f0e277b5fa0 RCX: 00007f0e2758ebe9 [ 73.260323][ T5352] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007f0e282f1000 [ 73.263710][ T5352] RBP: 00007f0e27611e19 R08: 0000000000000000 R09: 0000000000000000 [ 73.267139][ T5352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 73.270559][ T5352] R13: 00007f0e277b6038 R14: 00007f0e277b5fa0 R15: 00007ffe71e37a88 [ 73.274030][ T5352] [ 73.275370][ T5352] Modules linked in: [ 73.277584][ T5352] ---[ end trace 0000000000000000 ]--- [ 73.280004][ T5352] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 73.282672][ T5352] Code: e8 d4 c7 aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 10 e0 45 ff 90 0f 0b e8 08 e0 45 ff 90 0f 0b e8 00 e0 45 ff 90 <0f> 0b e8 f8 df 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 73.291422][ T5352] RSP: 0018:ffffc9000d3d67e8 EFLAGS: 00010283 [ 73.294130][ T5352] RAX: ffffffff8279db40 RBX: 00000000ffffff98 RCX: 0000000000100000 [ 73.297689][ T5352] RDX: ffffc9000e092000 RSI: 000000000000e6eb RDI: 000000000000e6ec [ 73.301138][ T5352] RBP: 1ffff1100875f8b5 R08: ffff888043afd5eb R09: 1ffff1100875fabd [ 73.304631][ T5352] R10: dffffc0000000000 R11: ffffed100875fabe R12: 0000000000000000 [ 73.308167][ T5352] R13: 0000000000000074 R14: 1ffff1100875fac0 R15: ffff888043afd600 [ 73.311691][ T5352] FS: 00007f0e239f56c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 73.315627][ T5352] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 73.318769][ T5352] CR2: 000020000001d000 CR3: 00000000434b3000 CR4: 0000000000352ef0 [ 73.322412][ T5352] Kernel panic - not syncing: Fatal exception [ 73.325494][ T5352] Kernel Offset: disabled [ 73.327406][ T5352] Rebooting in 86400 seconds..