program: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) socket$nl_generic(0x10, 0x3, 0x10) rt_sigqueueinfo(0x0, 0x6, &(0x7f0000000240)={0x1d, 0x7, 0x101}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000040)={[{@nobarrier}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4b0, &(0x7f0000000b80)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9cmlzduFIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLOzKT5mjhompGc3w9Oc97zTs/zvhmel3Pec05OAJl1NvknFzEYEZ9GxNFGcfMHzjZ+rN2/OZUsuajXL3+TSz+XlFsfbf2/IxGxGhF9EfH04xEv5LbHrS6vzE6Wy6XFZrlYm1soVpdXLlybm5wpzZTmR8YvTkyMD4+NTuxZX2+/9tLtSx882fv+D6/eu/v6Rx8mzRps1m3sx15qdL0njm/YdigiHn0Ywbqg0OxPf7cbwm+SfH9/iYhzaf4fjUL6bQJZUK/X6z/XD7erXq0DB1Y+PQbO5YciorGezw8NNY7h/xoD+XKlWvvv1crS/HTjWPlY9OSvXiuXhpvnCseiJ5eUR9L1B+XRLeWxiPQY+I1Cf1oemqqUp/d3qAO2ONLM//5m/n9faOQ/kBE7n/K3PSkADhBTfpBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yHzLpqUuXkqXeev59+vry0mzl+oXpUnV2aG5pamiqsrgwNFOpzKTP7Mz92v7KlcrCyP9i6UaxVqrWitXllStzlaX52pX0uf4rpZ596RXQieNn7nyei4jV//enS6K3WSdX4WCr13PR7WeQge4odHsAArrG1B9kl3N8YIc/0btJX7uKhb1vC7A/8t1uANA150+5/gdZZf4fssv8P2SXY3zA/D9kj/l/yK7BNu//+tOGd3cNR8SfI+KzQs/h1ru+gIMg/1UuIp8c/58/+s/BrbW9uR/TSwS9EfHyO5ffujFZqy2OJNu/Xd9ee7u5fbQb7Qc61crTVh4DANm1dv/mVGvZz7hfP9a4CWF7/EPNucm+9BrlwFpu070KuT26d2H1VkSc3Cl+rvm+88aVj4G1wrb4J5o/c41dpO09lL43fX/in9oQ/x8b4p/+3b8VyIY7yfgzvFP+5dOcjvX82zz+DO7RvRPtx7/8+vhXaDP+nekwxovvvvJl2/i3Ik7vGL8Vry+NtTV+0rbznYXP3Xvumb+1q6y/19jPTvHXdxARxdrcQrG6vHIh/TtyM6X5kfGLExPjw2OjE8V0jrrYmqne7pGTn9zdrf8DbeLv1v9k278763/89PePnz27S/x/ndv5+z+xS/z+iPhPh/G/G/3i+XZ1SfzpNv3P7xI/2TbWYfzqm094lzgA/IFUl1dmJ8vl0qIVK1asrK90e2QCHrYHSd/tlgAAAAAAAAAAAACd2o/bibvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg+CXAAAA///8zdZA") r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000002c0)=0x2000000) creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) r2 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) r3 = openat$nci(0xffffffffffffff9c, 0x0, 0x2, 0x0) sendmsg$NFC_CMD_DEV_UP(0xffffffffffffffff, 0x0, 0x0) write$nci(r3, 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0xf, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb9ae6dddfbd1c660e677df701905b9aafab4afaaf75523f6a0040000000000000000b8f373ab58e0f5110000000000000800", "036c47c67808b83e79defd9a4b70cf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e0aef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d61b0000e9fffffffd00", [0x204, 0x7]}) write$cgroup_int(r1, &(0x7f0000000380), 0x1040c) close(r1) socket$inet6_icmp(0xa, 0x2, 0x3a) fsopen(&(0x7f00000000c0)='cifs\x00', 0x1) unshare(0x62040200) openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) syz_open_dev$video4linux(&(0x7f0000001380), 0x800000000005, 0x0) ioctl$VIDIOC_SUBDEV_G_SELECTION(r0, 0xc040564a, &(0x7f0000000000)={0x0, 0x0, 0x3001, 0x0, {0x0, 0xfffffffe}}) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000300)='./binderfs/binder0\x00', 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x40002}, 0x4004040) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r4, 0xc018620c, &(0x7f0000000040)) [ 86.681763][ T4684] Bluetooth: hci0: command tx timeout [ 86.769453][ T5345] loop0: detected capacity change from 0 to 512 [ 86.846163][ T5345] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 86.863154][ T5345] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.915848][ T5345] loop0: detected capacity change from 512 to 64 [ 86.945053][ T5345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory [ 86.953342][ T5345] EXT4-fs error (device loop0): ext4_splice_branch:479: inode #18: comm syz.0.0: mark_inode_dirty error [ 86.960790][ T5345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory [ 86.965183][ T5345] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error [ 87.096030][ T5345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory [ 87.103684][ T5345] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error [ 87.142123][ T5345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory [ 87.168708][ T5345] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error [ 87.184783][ T5345] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory [ 87.211283][ T5345] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error [ 87.242944][ T5345] syz.0.0: attempt to access beyond end of device [ 87.242944][ T5345] loop0: rw=2049, sector=258, nr_sectors = 24 limit=64 [ 87.264356][ T5345] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 129) [ 87.270008][ T5345] Buffer I/O error on device loop0, logical block 129 [ 87.273052][ T5345] Buffer I/O error on device loop0, logical block 130 [ 87.275756][ T5345] Buffer I/O error on device loop0, logical block 131 [ 87.278427][ T5345] Buffer I/O error on device loop0, logical block 132 [ 87.281209][ T5345] Buffer I/O error on device loop0, logical block 133 [ 87.284081][ T5345] Buffer I/O error on device loop0, logical block 134 [ 87.286616][ T5345] Buffer I/O error on device loop0, logical block 135 [ 87.289501][ T5345] Buffer I/O error on device loop0, logical block 136 [ 87.292336][ T5345] Buffer I/O error on device loop0, logical block 137 [ 87.295078][ T5345] Buffer I/O error on device loop0, logical block 138 [ 87.408447][ T5345] ------------[ cut here ]------------ [ 87.411147][ T5345] kernel BUG at fs/ext4/mballoc.c:4787! [ 87.413517][ T5345] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 87.416120][ T5345] CPU: 0 UID: 0 PID: 5345 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 87.419846][ T5345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 87.424259][ T5345] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 87.426905][ T5345] Code: e8 64 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 e0 b6 40 ff 90 0f 0b e8 d8 b6 40 ff 90 0f 0b e8 d0 b6 40 ff 90 <0f> 0b e8 c8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 87.434816][ T5345] RSP: 0018:ffffc9000a9fec28 EFLAGS: 00010283 [ 87.437478][ T5345] RAX: ffffffff828050e0 RBX: 00000000ffffffe4 RCX: 0000000000100000 [ 87.440795][ T5345] RDX: ffffc90020c72000 RSI: 000000000000c115 RDI: 000000000000c116 [ 87.444001][ T5345] RBP: 1ffff11008cef90c R08: ffff88804677d333 R09: 1ffff11008cefa66 [ 87.447715][ T5345] R10: dffffc0000000000 R11: ffffed1008cefa67 R12: 0000000000000000 [ 87.451125][ T5345] R13: 0000000000000028 R14: 1ffff11008cefa69 R15: ffff88804677d348 [ 87.454311][ T5345] FS: 00007f03ebb9a6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 87.457971][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.460727][ T5345] CR2: 00007f00e8b0e5a3 CR3: 00000000118ef000 CR4: 0000000000352ef0 [ 87.463941][ T5345] Call Trace: [ 87.465369][ T5345] [ 87.466597][ T5345] ext4_mb_use_preallocated+0x660/0x13f0 [ 87.469089][ T5345] ext4_mb_new_blocks+0x5a1/0x46a0 [ 87.471305][ T5345] ? __pfx_ext4_new_meta_blocks+0x10/0x10 [ 87.473750][ T5345] ? __pfx_ext4_mb_new_blocks+0x10/0x10 [ 87.476106][ T5345] ? ext4_block_to_path+0x297/0x6f0 [ 87.479271][ T5345] ext4_ind_map_blocks+0xe22/0x2190 [ 87.481914][ T5345] ? stack_trace_save+0x9c/0xe0 [ 87.484104][ T5345] ? __pfx_ext4_ind_map_blocks+0x10/0x10 [ 87.486532][ T5345] ? ext4_map_blocks+0x73f/0x16f0 [ 87.488746][ T5345] ? __pfx_down_write+0x10/0x10 [ 87.490879][ T5345] ? ext4_es_lookup_extent+0x6cd/0xb00 [ 87.493280][ T5345] ext4_map_blocks+0x7d2/0x16f0 [ 87.495347][ T5345] ? __pfx_ext4_map_blocks+0x10/0x10 [ 87.497652][ T5345] ? rcu_is_watching+0x15/0xb0 [ 87.499779][ T5345] ? trace_kmem_cache_alloc+0x1f/0xb0 [ 87.502168][ T5345] ? kmem_cache_alloc_noprof+0x3ce/0x710 [ 87.504556][ T5345] ? __ext4_journal_ensure_credits+0x30/0x450 [ 87.507178][ T5345] ext4_do_writepages+0x18bb/0x4500 [ 87.509531][ T5345] ? __pfx_ext4_do_writepages+0x10/0x10 [ 87.511951][ T5345] ? __lock_acquire+0x6b6/0x2cf0 [ 87.514129][ T5345] ? __free_object+0x442/0x5e0 [ 87.516070][ T5345] ? lockdep_hardirqs_on+0x7b/0x110 [ 87.518271][ T5345] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 87.520735][ T5345] ? ext4_writepages+0x1ca/0x350 [ 87.522895][ T5345] ? ext4_writepages+0x1ca/0x350 [ 87.524900][ T5345] ext4_writepages+0x203/0x350 [ 87.526902][ T5345] ? __pfx_ext4_writepages+0x10/0x10 [ 87.529099][ T5345] ? finish_task_switch+0x23d/0x940 [ 87.531132][ T5345] ? rcu_is_watching+0x15/0xb0 [ 87.533035][ T5345] ? __pfx_ext4_writepages+0x10/0x10 [ 87.535094][ T5345] do_writepages+0x32e/0x550 [ 87.536911][ T5345] __writeback_single_inode+0x133/0x1240 [ 87.539298][ T5345] ? do_raw_spin_unlock+0x4d/0x240 [ 87.541487][ T5345] writeback_single_inode+0x493/0xc70 [ 87.543721][ T5345] write_inode_now+0x160/0x1d0 [ 87.546269][ T5345] ? __pfx_write_inode_now+0x10/0x10 [ 87.549227][ T5345] ? do_raw_spin_unlock+0x4d/0x240 [ 87.551920][ T5345] iput+0xa77/0x1030 [ 87.553561][ T5345] __dentry_kill+0x209/0x660 [ 87.555473][ T5345] ? finish_dput+0xad/0x480 [ 87.557367][ T5345] finish_dput+0xc9/0x480 [ 87.559594][ T5345] __fput+0x68e/0xa70 [ 87.561313][ T5345] fput_close_sync+0x113/0x220 [ 87.563261][ T5345] ? __pfx_fput_close_sync+0x10/0x10 [ 87.565396][ T5345] __x64_sys_close+0x7f/0x110 [ 87.567375][ T5345] do_syscall_64+0xec/0xf80 [ 87.569452][ T5345] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.571894][ T5345] ? trace_irq_disable+0x37/0x100 [ 87.574056][ T5345] ? clear_bhb_loop+0x60/0xb0 [ 87.576053][ T5345] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 87.578628][ T5345] RIP: 0033:0x7f03ead8f7c9 [ 87.580745][ T5345] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 87.588753][ T5345] RSP: 002b:00007f03ebb9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ 87.592366][ T5345] RAX: ffffffffffffffda RBX: 00007f03eafe5fa0 RCX: 00007f03ead8f7c9 [ 87.595620][ T5345] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000009 [ 87.598973][ T5345] RBP: 00007f03eae13f91 R08: 0000000000000000 R09: 0000000000000000 [ 87.602315][ T5345] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 87.605568][ T5345] R13: 00007f03eafe6038 R14: 00007f03eafe5fa0 R15: 00007fff2e397bb8 [ 87.608659][ T5345] [ 87.610017][ T5345] Modules linked in: [ 87.613259][ T5345] ---[ end trace 0000000000000000 ]--- [ 87.615900][ T5345] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720 [ 87.618384][ T5345] Code: e8 64 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 e0 b6 40 ff 90 0f 0b e8 d8 b6 40 ff 90 0f 0b e8 d0 b6 40 ff 90 <0f> 0b e8 c8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1 [ 87.626332][ T5345] RSP: 0018:ffffc9000a9fec28 EFLAGS: 00010283 [ 87.628879][ T5345] RAX: ffffffff828050e0 RBX: 00000000ffffffe4 RCX: 0000000000100000 [ 87.632178][ T5345] RDX: ffffc90020c72000 RSI: 000000000000c115 RDI: 000000000000c116 [ 87.635625][ T5345] RBP: 1ffff11008cef90c R08: ffff88804677d333 R09: 1ffff11008cefa66 [ 87.638788][ T5345] R10: dffffc0000000000 R11: ffffed1008cefa67 R12: 0000000000000000 [ 87.642186][ T5345] R13: 0000000000000028 R14: 1ffff11008cefa69 R15: ffff88804677d348 [ 87.646197][ T5345] FS: 00007f03ebb9a6c0(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 87.650033][ T5345] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 87.652839][ T5345] CR2: 00007f00e8b0e5a3 CR3: 00000000118ef000 CR4: 0000000000352ef0 [ 87.656350][ T5345] Kernel panic - not syncing: Fatal exception [ 87.658975][ T5345] Kernel Offset: disabled [ 87.660727][ T5345] Rebooting in 86400 seconds..