Hi, Syzbot found an issue [1] in fallocate() that looks to me like a loss of precision. The C reproducer [2] calls fallocate() and passes the size 0xffeffeff000ul, and offset 0x1000000ul, which is then used to calculate the first_block and stop_block using ext4_lblk_t type (u32). I think this gets the MSB of the size truncated and leads to invalid calculations, and eventually his BUG() in https://elixir.bootlin.com/linux/v5.16.11/source/fs/ext4/indirect.c#L1244 The issue can be reproduced on 5.17.0-rc5, but I don't think it's a new regression. I spent some time debugging it, but could spot anything obvious. Can someone have a look please. [1] https://syzkaller.appspot.com/bug?id=b80bd9cf348aac724a4f4dff251800106d721331 [2] https://syzkaller.appspot.com/text?tag=ReproC&x=14ba0238700000 -- Thanks, Tadeusz
