program: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./control\x00', 0x480, &(0x7f0000000000), 0x1, 0x7a8, &(0x7f0000000740)="$eJzs3c1rXFUbAPDn3uajb9r3bV4QtK4CggZqJ6bGVsVFxYUIFgq6tg2TaaiZZEpmUpoQsEUEEQQVF4JuurZaV7r1Y6v/hYK0VE2LERcSuZOZdJrM5DuZan4/uMk5996Zc5455957Zu5hJoA9qy/7k0Ycjoj3kohDtfVJRHRWUx0RJxf3m5+bzWdLEgsLr/yaVPe5Mzebj4bHZA7UMg9FxLdvRRxJV5Zbnp4ZGy4WC5O1/EBl/MJAeXrm6Pnx4dHCaGHi+ODQ0LETT504vn2x/v7DzMGb77/42Ocn/3zzwevvfpfEyThY29YYx3bpi77aa9KZvYT3eCHe2O7i2ippdwXYlOzQ3Ld4lMfhJEt3tLtKAMAOy0ahCwDAHpOsef3v3p2KAAC7pP45wJ252Xx9ae8nErvr1vMRsX8x/vr9zcUtHbV7dvur90F77iT33BlJIqJ3G8rvi4hPvnrtWrbEDt2HBGjm8pWIONvbt/L8n6yYs7BRT6xjn75l+aXyv9xi4cCavs7GP083G/+lS+OfaDL+6W5y7G5Gy+N/SXpjG4ppKRv/Pdcwt22+If6a3n213H+rY77O5Nz5YiE7t/0vIvqjszvLD65SRv/tv2632tY4/vvtg9c/zcrP/t/dI73R0X3vY0aGK8NbibnRrSsRD3c0iz9Zav+kxfj39DrLeOmZtz9utS2LP4u3vqyMP2ozlHbGwtWIR5u2/90Zbcmq8xMHqt1hoN4pmvjix496WpXf2P7ZMj83u5BEXNv+SJvL2r9nWfzp49EYf2/SOF+zvPEyvr966JtW25rEn6+/F1rUvP93Ja9W0121dZeGK5XJwYiu5OWV64/dfWw9X98/i7//kebH/2r9P3tPeHad8Xfc/OWzzce/s7L4R1bv/8vaf+OJ6/NjLQ/g9bX/UDXVX1uznvPfeiu4ldcOAAAAAAAAAAAAAAAAAAAAAAAAANYrjYiDkaS5pXSa5nKLv+H9QPSkxVK5cuRcaWpiJKq/ld0bnWn9qy4PNXwf6mDt+/Dr+WPL8k9GxP8j4sPu/1TzuXypONLu4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3//P/Nzd7toBADtmf7srAADsOtd/ANh7XP8BYO9x/QeAvcf1HwD2Htd/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdtjpU6eyZeGPudl8lh+5OD01Vrp4dKRQHsuNT+Vz+dLkhdxoqTRaLOTypfG1nq9YKl0YiompSwOVQrkyUJ6eOTNempqonDk/PjxaOFPo3JWoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBjytMzY8PFYmHy3524HBH3QTW2muiotdr9Up+ViZ/W7lFpPYjdqljXTjxzutke9c6z90EzLSXSlu3VxpMSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwD/I3wEAAP//O7UeSg==") r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="3080", 0x2, r0) (async) add_key(&(0x7f0000000440)='asymmetric\x00', 0x0, &(0x7f0000000000)="3080", 0x2, r0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) r1 = open(&(0x7f0000000340)='./file1\x00', 0x185982, 0x3c) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1000002, 0x28011, r1, 0x0) pipe2$9p(&(0x7f0000000180), 0x800) (async) pipe2$9p(&(0x7f0000000180), 0x800) ioctl$EXT4_IOC_MOVE_EXT(0xffffffffffffffff, 0x40305829, 0x0) [ 86.152150][ T5344] loop0: detected capacity change from 0 to 2048 [ 86.267402][ T5344] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.287167][ T5345] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 86.327527][ T2952] ------------[ cut here ]------------ [ 86.330515][ T2952] kernel BUG at fs/ext4/inode.c:2805! [ 86.333845][ T2952] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 86.336811][ T2952] CPU: 0 UID: 0 PID: 2952 Comm: kworker/u4:13 Not tainted syzkaller #0 PREEMPT(full) [ 86.340952][ T2952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 86.345007][ T2952] Workqueue: writeback wb_workfn (flush-7:0) [ 86.347411][ T2952] RIP: 0010:ext4_do_writepages+0x45b0/0x45c0 [ 86.349664][ T2952] Code: c6 80 1c 7f 8b e8 e0 55 ad fe 90 0f 0b e8 c8 ad 46 ff 4c 89 f7 48 c7 c6 60 20 7f 8b e8 c9 55 ad fe 90 0f 0b e8 b1 ad 46 ff 90 <0f> 0b 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 [ 86.356930][ T2952] RSP: 0018:ffffc9000d436c00 EFLAGS: 00010293 [ 86.359563][ T2952] RAX: ffffffff827aac4f RBX: 0000004210000000 RCX: ffff888031e5c980 [ 86.362871][ T2952] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 86.366235][ T2952] RBP: ffffc9000d437030 R08: ffff8880437009e7 R09: 1ffff110086e013c [ 86.369527][ T2952] R10: dffffc0000000000 R11: ffffed10086e013d R12: 0000000000000001 [ 86.372918][ T2952] R13: ffffc9000d437080 R14: 0000004000000000 R15: dffffc0000000000 [ 86.376136][ T2952] FS: 0000000000000000(0000) GS:ffff88808d69f000(0000) knlGS:0000000000000000 [ 86.379635][ T2952] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.382507][ T2952] CR2: 00007fa5a2ba8ad8 CR3: 0000000011e47000 CR4: 0000000000352ef0 [ 86.386007][ T2952] Call Trace: [ 86.387376][ T2952] [ 86.388534][ T2952] ? blk_mq_submit_bio+0xd5b/0x26b0 [ 86.390552][ T2952] ? blk_mq_submit_bio+0x46a/0x26b0 [ 86.392627][ T2952] ? __lock_acquire+0x6b6/0x2cf0 [ 86.394666][ T2952] ? __lock_acquire+0x6b6/0x2cf0 [ 86.396685][ T2952] ? __lock_acquire+0x6b6/0x2cf0 [ 86.398720][ T2952] ? look_up_lock_class+0x74/0x150 [ 86.400777][ T2952] ? register_lock_class+0x51/0x320 [ 86.402708][ T2952] ? __pfx_ext4_do_writepages+0x10/0x10 [ 86.404877][ T2952] ? __lock_acquire+0x6b6/0x2cf0 [ 86.406718][ T2952] ? filemap_get_folios_tag+0xed/0x630 [ 86.408680][ T2952] ? rcu_read_lock_any_held+0xb3/0x120 [ 86.410637][ T2952] ext4_writepages+0x205/0x350 [ 86.412513][ T2952] ? __pfx_ext4_writepages+0x10/0x10 [ 86.414574][ T2952] ? do_raw_spin_unlock+0x4d/0x240 [ 86.416678][ T2952] ? __pfx_ext4_writepages+0x10/0x10 [ 86.418713][ T2952] do_writepages+0x32e/0x550 [ 86.420663][ T2952] ? reacquire_held_locks+0x121/0x1c0 [ 86.422869][ T2952] ? writeback_sb_inodes+0x3bd/0x1870 [ 86.424987][ T2952] __writeback_single_inode+0x133/0x1240 [ 86.427242][ T2952] ? do_raw_spin_unlock+0x4d/0x240 [ 86.429381][ T2952] writeback_sb_inodes+0x93a/0x1870 [ 86.431510][ T2952] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 86.433895][ T2952] ? __pfx_down_read_trylock+0x10/0x10 [ 86.436180][ T2952] ? __pfx___up_read+0x10/0x10 [ 86.438142][ T2952] __writeback_inodes_wb+0x111/0x240 [ 86.440305][ T2952] wb_writeback+0x43f/0xaa0 [ 86.442151][ T2952] ? queue_io+0x1d1/0x450 [ 86.443871][ T2952] ? __pfx_wb_writeback+0x10/0x10 [ 86.445990][ T2952] wb_workfn+0x8ee/0xed0 [ 86.447670][ T2952] ? __pfx_wb_workfn+0x10/0x10 [ 86.449802][ T2952] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.452039][ T2952] ? process_scheduled_works+0x9ef/0x1770 [ 86.454538][ T2952] ? process_scheduled_works+0x9ef/0x1770 [ 86.456761][ T2952] process_scheduled_works+0xad1/0x1770 [ 86.459023][ T2952] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.461693][ T2952] worker_thread+0x8a0/0xda0 [ 86.463774][ T2952] ? __kthread_parkme+0x7b/0x200 [ 86.466014][ T2952] kthread+0x711/0x8a0 [ 86.467860][ T2952] ? __pfx_worker_thread+0x10/0x10 [ 86.470059][ T2952] ? __pfx_kthread+0x10/0x10 [ 86.472096][ T2952] ? _raw_spin_unlock_irq+0x23/0x50 [ 86.474279][ T2952] ? lockdep_hardirqs_on+0x98/0x140 [ 86.476481][ T2952] ? __pfx_kthread+0x10/0x10 [ 86.478511][ T2952] ret_from_fork+0x599/0xb30 [ 86.480661][ T2952] ? __pfx_ret_from_fork+0x10/0x10 [ 86.482831][ T2952] ? __pfx_kthread+0x10/0x10 [ 86.484736][ T2952] ret_from_fork_asm+0x1a/0x30 [ 86.486841][ T2952] [ 86.488229][ T2952] Modules linked in: [ 86.490472][ T2952] ---[ end trace 0000000000000000 ]---