program: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000180)={[{@delalloc}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e") r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@multicast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@empty, 0x0, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0x5}}}, 0x24}}, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x242, 0x11) truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd) sendfile(r3, r3, 0x0, 0xe3aa6ea) r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r4, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) link(&(0x7f0000000000)='./file1\x00', &(0x7f00000000c0)='./file1\x00') getsockopt$inet_tcp_int(r5, 0x6, 0x25, 0x0, 0x0) [ 88.295128][ T4667] Bluetooth: hci0: command tx timeout [ 88.533563][ T5322] loop0: detected capacity change from 0 to 2048 [ 88.597643][ T5322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 88.695053][ T5323] netlink: 4 bytes leftover after parsing attributes in process `syz.0.0'. [ 88.856879][ T12] ------------[ cut here ]------------ [ 88.859418][ T12] kernel BUG at fs/ext4/inode.c:2810! [ 88.861590][ T12] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 88.864398][ T12] CPU: 0 UID: 0 PID: 12 Comm: kworker/u4:0 Not tainted syzkaller #0 PREEMPT(full) [ 88.868354][ T12] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 88.872734][ T12] Workqueue: writeback wb_workfn (flush-7:0) [ 88.875398][ T12] RIP: 0010:ext4_do_writepages+0x45f4/0x4600 [ 88.878128][ T12] Code: c6 40 df c3 8b e8 9c 01 a5 fe 90 0f 0b e8 44 78 41 ff 4c 89 f7 48 c7 c6 20 e4 c3 8b e8 85 01 a5 fe 90 0f 0b e8 2d 78 41 ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 88.886327][ T12] RSP: 0018:ffffc900001e6c40 EFLAGS: 00010293 [ 88.888884][ T12] RAX: ffffffff82830ec3 RBX: 0000004a10000000 RCX: ffff88801c6ac980 [ 88.892117][ T12] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 88.895475][ T12] RBP: ffffc900001e7050 R08: ffff88801243ba17 R09: 1ffff11002487742 [ 88.898915][ T12] R10: dffffc0000000000 R11: ffffed1002487743 R12: dffffc0000000000 [ 88.902333][ T12] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110000468c7 [ 88.905741][ T12] FS: 0000000000000000(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 88.910738][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 88.914154][ T12] CR2: 00007f3ef4003410 CR3: 000000003787c000 CR4: 0000000000352ef0 [ 88.918498][ T12] Call Trace: [ 88.920384][ T12] [ 88.922196][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 88.924751][ T12] ? blk_mq_submit_bio+0x34f/0x2770 [ 88.927008][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 88.929109][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 88.931217][ T12] ? __pfx_ext4_do_writepages+0x10/0x10 [ 88.933688][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 88.935847][ T12] ? filemap_get_folios_tag+0x10a/0x660 [ 88.938273][ T12] ? filemap_get_folios_tag+0x558/0x660 [ 88.940688][ T12] ? filemap_get_folios_tag+0x10a/0x660 [ 88.943083][ T12] ? ext4_writepages+0x205/0x3b0 [ 88.945096][ T12] ? ext4_writepages+0x205/0x3b0 [ 88.947137][ T12] ext4_writepages+0x241/0x3b0 [ 88.949095][ T12] ? __pfx_ext4_writepages+0x10/0x10 [ 88.951457][ T12] ? ret_from_fork_asm+0x1a/0x30 [ 88.953481][ T12] ? __pfx_ext4_writepages+0x10/0x10 [ 88.955703][ T12] do_writepages+0x32e/0x550 [ 88.957721][ T12] ? reacquire_held_locks+0x104/0x190 [ 88.960067][ T12] ? writeback_sb_inodes+0x42a/0x1940 [ 88.962439][ T12] __writeback_single_inode+0x133/0x1230 [ 88.964931][ T12] ? do_raw_spin_unlock+0x4d/0x210 [ 88.967249][ T12] writeback_sb_inodes+0x92e/0x1940 [ 88.969526][ T12] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 88.971884][ T12] ? __pfx_down_read_trylock+0x10/0x10 [ 88.974185][ T12] ? __pfx___up_read+0x10/0x10 [ 88.976381][ T12] __writeback_inodes_wb+0x111/0x240 [ 88.978805][ T12] wb_writeback+0x459/0xad0 [ 88.980757][ T12] ? queue_io+0x2a1/0x450 [ 88.982429][ T12] ? __pfx_wb_writeback+0x10/0x10 [ 88.984448][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 88.986457][ T12] wb_workfn+0x8fd/0xef0 [ 88.988133][ T12] ? __lock_acquire+0x6b5/0x2cf0 [ 88.990181][ T12] ? look_up_lock_class+0x57/0x110 [ 88.992411][ T12] ? __pfx_wb_workfn+0x10/0x10 [ 88.994429][ T12] ? finish_task_switch+0x161/0x920 [ 88.996601][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 88.998811][ T12] ? lock_acquire+0x106/0x330 [ 89.000667][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 89.002816][ T12] ? process_scheduled_works+0xa0f/0x17a0 [ 89.005259][ T12] ? process_scheduled_works+0xa0f/0x17a0 [ 89.007644][ T12] ? process_scheduled_works+0xa0f/0x17a0 [ 89.010158][ T12] process_scheduled_works+0xaec/0x17a0 [ 89.012585][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 89.015138][ T12] ? do_raw_spin_lock+0x12b/0x2f0 [ 89.017247][ T12] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 89.019489][ T12] ? schedule+0x90/0x360 [ 89.021280][ T12] worker_thread+0xda6/0x1360 [ 89.023374][ T12] kthread+0x726/0x8b0 [ 89.025404][ T12] ? __pfx_worker_thread+0x10/0x10 [ 89.027881][ T12] ? __pfx_kthread+0x10/0x10 [ 89.029750][ T12] ? _raw_spin_unlock_irq+0x23/0x50 [ 89.032028][ T12] ? __pfx_kthread+0x10/0x10 [ 89.034012][ T12] ret_from_fork+0x51b/0xa40 [ 89.036053][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 89.038262][ T12] ? __switch_to+0xc82/0x1410 [ 89.040362][ T12] ? __pfx_kthread+0x10/0x10 [ 89.042255][ T12] ret_from_fork_asm+0x1a/0x30 [ 89.044265][ T12] [ 89.045580][ T12] Modules linked in: [ 89.047777][ T12] ---[ end trace 0000000000000000 ]--- [ 89.100664][ T5322] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 89.119798][ T5322] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 89.130532][ T5322] EXT4-fs (loop0): This should not happen!! Data will be lost [ 89.130532][ T5322] [ 89.147390][ T5322] EXT4-fs (loop0): Total free blocks count 0 [ 89.150194][ T5322] EXT4-fs (loop0): Free/Dirty block details [ 89.163041][ T5322] EXT4-fs (loop0): free_blocks=2415919504 [ 89.165843][ T5322] EXT4-fs (loop0): dirty_blocks=1088 [ 89.168112][ T5322] EXT4-fs (loop0): Block reservation details [ 89.170649][ T5322] EXT4-fs (loop0): i_reserved_data_blocks=68 [ 89.214608][ T12] RIP: 0010:ext4_do_writepages+0x45f4/0x4600 [ 89.217246][ T12] Code: c6 40 df c3 8b e8 9c 01 a5 fe 90 0f 0b e8 44 78 41 ff 4c 89 f7 48 c7 c6 20 e4 c3 8b e8 85 01 a5 fe 90 0f 0b e8 2d 78 41 ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 89.239522][ T12] RSP: 0018:ffffc900001e6c40 EFLAGS: 00010293 [ 89.245614][ T12] RAX: ffffffff82830ec3 RBX: 0000004a10000000 RCX: ffff88801c6ac980 [ 89.252101][ T12] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 89.258808][ T12] RBP: ffffc900001e7050 R08: ffff88801243ba17 R09: 1ffff11002487742 [ 89.265823][ T12] R10: dffffc0000000000 R11: ffffed1002487743 R12: dffffc0000000000 [ 89.272774][ T12] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110000468c7 [ 89.281453][ T12] FS: 0000000000000000(0000) GS:ffff88808ccea000(0000) knlGS:0000000000000000 [ 89.292380][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 89.297949][ T12] CR2: 0000000000000000 CR3: 000000003787c000 CR4: 0000000000352ef0 [ 89.306307][ T12] Kernel panic - not syncing: Fatal exception [ 89.308940][ T12] Kernel Offset: disabled [ 89.310719][ T12] Rebooting in 86400 seconds..