program: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x3804c82, &(0x7f0000000000)={[{@orlov}, {@errors_remount}]}, 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) lseek(r1, 0xc658, 0x4) [ 85.410137][ T4684] Bluetooth: hci0: command tx timeout [ 85.524540][ T5347] loop0: detected capacity change from 0 to 2048 [ 85.534687][ T5347] EXT4-fs: Ignoring removed orlov option [ 85.601224][ T5347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 85.658368][ T1058] ------------[ cut here ]------------ [ 85.660969][ T1058] kernel BUG at fs/ext4/inode.c:2810! [ 85.663059][ T1058] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.666076][ T1058] CPU: 0 UID: 0 PID: 1058 Comm: kworker/u4:9 Not tainted syzkaller #0 PREEMPT(full) [ 85.670357][ T1058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 85.674404][ T1058] Workqueue: writeback wb_workfn (flush-7:0) [ 85.676853][ T1058] RIP: 0010:ext4_do_writepages+0x44fe/0x4500 [ 85.679511][ T1058] Code: c6 40 2d 7f 8b e8 a2 e3 ac fe 90 0f 0b e8 5a e4 45 ff 4c 89 f7 48 c7 c6 20 31 7f 8b e8 8b e3 ac fe 90 0f 0b e8 43 e4 45 ff 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 [ 85.688345][ T1058] RSP: 0000:ffffc900031b6c60 EFLAGS: 00010293 [ 85.691041][ T1058] RAX: ffffffff827b231d RBX: 0000004210000000 RCX: ffff888032c50000 [ 85.694359][ T1058] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 85.697763][ T1058] RBP: ffffc900031b7070 R08: ffff888047698057 R09: 1ffff11008ed300a [ 85.701097][ T1058] R10: dffffc0000000000 R11: ffffed1008ed300b R12: dffffc0000000000 [ 85.704484][ T1058] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110081844c7 [ 85.708014][ T1058] FS: 0000000000000000(0000) GS:ffff88808d416000(0000) knlGS:0000000000000000 [ 85.711810][ T1058] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.714642][ T1058] CR2: 00007f130a1b3120 CR3: 000000000dd3a000 CR4: 0000000000352ef0 [ 85.717875][ T1058] Call Trace: [ 85.719349][ T1058] [ 85.720584][ T1058] ? __lock_acquire+0x6b6/0x2cf0 [ 85.722581][ T1058] ? __lock_acquire+0x6b6/0x2cf0 [ 85.724694][ T1058] ? __lock_acquire+0x6b6/0x2cf0 [ 85.726919][ T1058] ? look_up_lock_class+0x57/0x110 [ 85.729190][ T1058] ? register_lock_class+0x31/0x2e0 [ 85.731552][ T1058] ? __pfx_ext4_do_writepages+0x10/0x10 [ 85.733998][ T1058] ? __lock_acquire+0x6b6/0x2cf0 [ 85.736032][ T1058] ? filemap_get_folios_tag+0xed/0x630 [ 85.738175][ T1058] ? filemap_get_folios_tag+0x53b/0x630 [ 85.740369][ T1058] ? filemap_get_folios_tag+0xed/0x630 [ 85.742652][ T1058] ? ext4_writepages+0x1ca/0x350 [ 85.744846][ T1058] ? ext4_writepages+0x1ca/0x350 [ 85.747017][ T1058] ext4_writepages+0x203/0x350 [ 85.749076][ T1058] ? __pfx_ext4_writepages+0x10/0x10 [ 85.751367][ T1058] ? do_raw_spin_unlock+0x4d/0x240 [ 85.753591][ T1058] ? __pfx_ext4_writepages+0x10/0x10 [ 85.755834][ T1058] do_writepages+0x32e/0x550 [ 85.757853][ T1058] ? reacquire_held_locks+0x104/0x190 [ 85.760234][ T1058] ? writeback_sb_inodes+0x3bd/0x1870 [ 85.762672][ T1058] __writeback_single_inode+0x133/0x1240 [ 85.765234][ T1058] ? do_raw_spin_unlock+0x4d/0x240 [ 85.767500][ T1058] writeback_sb_inodes+0x93a/0x1870 [ 85.769712][ T1058] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 85.772189][ T1058] ? __pfx_down_read_trylock+0x10/0x10 [ 85.774589][ T1058] ? __pfx___up_read+0x10/0x10 [ 85.776717][ T1058] __writeback_inodes_wb+0x111/0x240 [ 85.779101][ T1058] wb_writeback+0x43f/0xaa0 [ 85.781136][ T1058] ? queue_io+0x211/0x450 [ 85.783052][ T1058] ? __pfx_wb_writeback+0x10/0x10 [ 85.785353][ T1058] ? do_raw_spin_lock+0x121/0x290 [ 85.787613][ T1058] wb_workfn+0x8ee/0xed0 [ 85.789551][ T1058] ? __pfx_wb_workfn+0x10/0x10 [ 85.791706][ T1058] ? finish_task_switch+0x162/0x940 [ 85.793956][ T1058] ? do_raw_spin_lock+0x121/0x290 [ 85.796113][ T1058] ? lock_acquire+0x107/0x340 [ 85.798173][ T1058] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 85.800557][ T1058] ? process_scheduled_works+0x9ef/0x1770 [ 85.803067][ T1058] ? process_scheduled_works+0x9ef/0x1770 [ 85.805576][ T1058] ? process_scheduled_works+0x9ef/0x1770 [ 85.808140][ T1058] process_scheduled_works+0xad1/0x1770 [ 85.810658][ T1058] ? __pfx_process_scheduled_works+0x10/0x10 [ 85.813018][ T1058] ? do_raw_spin_lock+0x121/0x290 [ 85.815031][ T1058] worker_thread+0x8a0/0xda0 [ 85.816943][ T1058] kthread+0x711/0x8a0 [ 85.818618][ T1058] ? __pfx_worker_thread+0x10/0x10 [ 85.820788][ T1058] ? __pfx_kthread+0x10/0x10 [ 85.822733][ T1058] ? _raw_spin_unlock_irq+0x23/0x50 [ 85.824768][ T1058] ? __pfx_kthread+0x10/0x10 [ 85.826753][ T1058] ret_from_fork+0x510/0xa50 [ 85.828759][ T1058] ? __pfx_ret_from_fork+0x10/0x10 [ 85.831061][ T1058] ? __switch_to+0xc9e/0x1480 [ 85.832797][ T1058] ? __pfx_kthread+0x10/0x10 [ 85.834889][ T1058] ret_from_fork_asm+0x1a/0x30 [ 85.837047][ T1058] [ 85.838432][ T1058] Modules linked in: [ 85.841916][ T1058] ---[ end trace 0000000000000000 ]--- [ 85.878191][ T25] audit: type=1804 audit(1767116336.965:2): pid=5348 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.0" name="/newroot/0/file0/file1" dev="loop0" ino=15 res=1 errno=0