program: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") r0 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$sock_int(r0, 0x10f, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000040)="89000000120081ae08060cdc030ec0007f03e3f70000000000e2ffca1b1f0000000004c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec0812", 0x4c}], 0x1}, 0x0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000002c0), r2) sendmsg$NLBL_UNLABEL_C_STATICADD(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x40, r3, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @rand_addr=0x64010100}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'gre0\x00'}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private=0xa010101}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @loopback}]}, 0x40}, 0x8, 0x3000000000002}, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) r4 = creat(&(0x7f0000000040)='./bus\x00', 0x0) io_setup(0x202, &(0x7f0000000100)=0x0) io_submit(r5, 0x20000000000002c9, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r4, &(0x7f0000000000), 0x4000}]) r6 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r6, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r6, &(0x7f0000000000)={0x1d, r7, 0x0, {0x0, 0x0, 0x4}, 0x1}, 0x18) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4) sendmsg$inet(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000400)="81b641f1f3843704b6", 0x9}], 0x1}, 0x48005) readv(r6, &(0x7f00000004c0)=[{&(0x7f0000002740)=""/4098, 0x1002}], 0x1) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140), 0x200902, 0x0) preadv(r8, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r9 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r9, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r9, 0x0) r10 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) r11 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL802154_CMD_GET_SEC_DEV(r11, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, r10, 0x1, 0x70bd26, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x800}, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000002a40), r11) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000002e40), r11) [ 77.319090][ T5312] Bluetooth: hci0: command tx timeout [ 77.322281][ T1311] ieee802154 phy0 wpan0: encryption failed: -22 [ 77.324792][ T1311] ieee802154 phy1 wpan1: encryption failed: -22 [ 77.407777][ T5327] loop0: detected capacity change from 0 to 2048 [ 77.444682][ T5327] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 77.573600][ T5327] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 78.244938][ T5326] ------------[ cut here ]------------ [ 78.247563][ T5326] kernel BUG at fs/ext4/inode.c:2624! [ 78.254258][ T5326] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 78.256932][ T5326] CPU: 0 UID: 0 PID: 5326 Comm: syz.0.0 Not tainted 6.15.0-rc3-syzkaller-00001-g9d7a0577c9db #0 PREEMPT(full) [ 78.261399][ T5326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 78.265503][ T5326] RIP: 0010:ext4_do_writepages+0x3e44/0x3e50 [ 78.268015][ T5326] Code: f0 8e 4c 89 f2 e8 6c 9d bc 02 e9 83 fb ff ff e8 92 6c 3f ff 90 0f 0b e8 8a 6c 3f ff 90 0f 0b e8 a2 4f ac 09 e8 7d 6c 3f ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 78.275376][ T5326] RSP: 0018:ffffc9000d3ff380 EFLAGS: 00010293 [ 78.277948][ T5326] RAX: ffffffff828350a3 RBX: 0000004000000000 RCX: ffff88801fa08000 [ 78.281196][ T5326] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 78.284452][ T5326] RBP: ffffc9000d3ff790 R08: ffffffff828317d3 R09: 1ffff110088949f2 [ 78.287782][ T5326] R10: dffffc0000000000 R11: ffffed10088949f3 R12: 0000000000000001 [ 78.291063][ T5326] R13: ffffc9000d3ffb20 R14: 0000004a10000000 R15: ffffc9000d3ff800 [ 78.294421][ T5326] FS: 000055556484c500(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000 [ 78.297906][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.300507][ T5326] CR2: 00007f82da5ec440 CR3: 00000000413c4000 CR4: 0000000000352ef0 [ 78.303836][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.307133][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.310419][ T5326] Call Trace: [ 78.311792][ T5326] [ 78.312960][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.314933][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.316917][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.318836][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.320820][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.322775][ T5326] ? __pfx_ext4_do_writepages+0x10/0x10 [ 78.325090][ T5326] ? look_up_lock_class+0x7b/0x170 [ 78.327315][ T5326] ? register_lock_class+0x54/0x330 [ 78.329433][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.331433][ T5326] ? rcu_read_lock_any_held+0xbb/0x160 [ 78.333622][ T5326] ext4_writepages+0x26f/0x450 [ 78.335641][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 78.337760][ T5326] ? do_raw_spin_unlock+0x58/0x8b0 [ 78.339813][ T5326] ? __pfx_ext4_writepages+0x10/0x10 [ 78.341999][ T5326] do_writepages+0x364/0x890 [ 78.343934][ T5326] ? __pfx_do_writepages+0x10/0x10 [ 78.346055][ T5326] ? __lock_acquire+0xad5/0xd80 [ 78.347980][ T5326] ? do_raw_spin_lock+0x151/0x370 [ 78.350062][ T5326] ? do_raw_spin_unlock+0x58/0x8b0 [ 78.352136][ T5326] filemap_flush+0x1d2/0x270 [ 78.354103][ T5326] ? __pfx_filemap_flush+0x10/0x10 [ 78.356235][ T5326] ext4_release_file+0x81/0x300 [ 78.358175][ T5326] ? __pfx_ext4_release_file+0x10/0x10 [ 78.360385][ T5326] __fput+0x3e9/0x9f0 [ 78.362080][ T5326] task_work_run+0x251/0x310 [ 78.364011][ T5326] ? _raw_spin_unlock+0x28/0x50 [ 78.366071][ T5326] ? __pfx_task_work_run+0x10/0x10 [ 78.368242][ T5326] ? syscall_exit_to_user_mode+0xa3/0x340 [ 78.370596][ T5326] syscall_exit_to_user_mode+0x13f/0x340 [ 78.372879][ T5326] do_syscall_64+0x100/0x210 [ 78.374837][ T5326] ? clear_bhb_loop+0x45/0xa0 [ 78.376803][ T5326] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 78.379318][ T5326] RIP: 0033:0x7fdf16b8e169 [ 78.381209][ T5326] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 78.389069][ T5326] RSP: 002b:00007fff782ca248 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 78.392416][ T5326] RAX: 0000000000000000 RBX: 00007fdf16db7ba0 RCX: 00007fdf16b8e169 [ 78.395703][ T5326] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 78.398971][ T5326] RBP: 00007fdf16db7ba0 R08: 0000000000029604 R09: 0000001e782ca53f [ 78.402168][ T5326] R10: 00007fdf16db7ac0 R11: 0000000000000246 R12: 00000000000130f7 [ 78.405476][ T5326] R13: 00007fdf16db5fa0 R14: ffffffffffffffff R15: 00007fff782ca360 [ 78.408736][ T5326] [ 78.410081][ T5326] Modules linked in: [ 78.412507][ T5326] ---[ end trace 0000000000000000 ]--- [ 78.596889][ T5326] RIP: 0010:ext4_do_writepages+0x3e44/0x3e50 [ 78.599289][ T5326] Code: f0 8e 4c 89 f2 e8 6c 9d bc 02 e9 83 fb ff ff e8 92 6c 3f ff 90 0f 0b e8 8a 6c 3f ff 90 0f 0b e8 a2 4f ac 09 e8 7d 6c 3f ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 78.606337][ T5326] RSP: 0018:ffffc9000d3ff380 EFLAGS: 00010293 [ 78.619939][ T5326] RAX: ffffffff828350a3 RBX: 0000004000000000 RCX: ffff88801fa08000 [ 78.623219][ T5326] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 78.626456][ T5326] RBP: ffffc9000d3ff790 R08: ffffffff828317d3 R09: 1ffff110088949f2 [ 78.646659][ T5326] R10: dffffc0000000000 R11: ffffed10088949f3 R12: 0000000000000001 [ 78.649943][ T5326] R13: ffffc9000d3ffb20 R14: 0000004a10000000 R15: ffffc9000d3ff800 [ 78.657343][ T5326] FS: 000055556484c500(0000) GS:ffff88808c59a000(0000) knlGS:0000000000000000 [ 78.660909][ T5326] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 78.673968][ T5326] CR2: 00007f82da5ec440 CR3: 00000000413c4000 CR4: 0000000000352ef0 [ 78.677930][ T5326] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 78.680947][ T5326] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 78.694377][ T5326] Kernel panic - not syncing: Fatal exception [ 78.696529][ T5326] Kernel Offset: disabled [ 78.698178][ T5326] Rebooting in 86400 seconds..