program:
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLdisNc5AHoj/6BPn3/zV7uOwKbV6X703O0TtQegtNz3slfE49WF+ThIf8vzbTcNRcQ75d8/T1+xSuMQAADNvj2R9wRb+n+l2szIHxdvvJi+/yubQylFxL8jYmdE/CcidkXEfyNid0T8LyL+33L8YkRUFkh/qCVeT78+CVW41aWitpX2/17I5rYa/b95GSgVs9j2iLzDPHUoOyfD0T9w6sz01OEF0vju5Z8+7bSuuf+XvtL0875glo9bfS0DdJPjc+PLLnCL21cj9va1lj/pi0jqMwFJROyJiL1LOG6pKXzmmS/31SP987dbvPxVlbbzaF2YZ6p8EfF0rf7LMa/+Gykm8+Ynz42fnjo9dX6sPj85OhjTU4dG06vgUNs0fvjx2hud0l+0/F//0rrLK8e+OZm1rJVL639L0/Uf+fxto/ylJCKpz9fOLj2Naz9/0vGZZrnX/6bkrWo4fy79YHxu7sLhiE3Jaw8uH2vsm8fT9yjXyj98oH3735ntk56JRyIivYgfjYjHovaEmOZ9f0Q8EREHFij/9y89+d7yy7+60vJPttz/ajU/r/4b8/WdAkk2N9hmVfHs/pv3O9w8Hq7+j1ZDw9mS9ve/ZN4tolNO80+7dMmfKz57AAAAsD4UImJb01jStigURkZqY0C7YkthemZ27uCpmYvnJ9N1EaXoL+QjXbXx4P4kH/8sNcXHWuJHsnHjz4qbq/GRiZnpyZ6WHNhabfNJYSTi7WJT+0/92p0hZuDvzPe1YONaqP2nnfjd19cwM8CaevjP/xsfrmpGgDXX1P47fcO/vIz/+wLWAc//QMPiP/TjngHrX0Vbhg1tSe3/oB8BhH+SvnizHi70NCfAWtP/hw1p0e/1ryhQGWi/ajAe3DgGFz5gMZaXjc1t0upJIO1Z9ST1zcvZK/81hY7bRGFpBxyI7tTpqRWejfKF2dO7u37xV7L/le92DX61Ju20XaAntyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+ysAAP//+sDgnA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x141042, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x13, r2, 0x0)
r3 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) (async)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000013c0)=ANY=[@ANYBLOB="580000000206030000000000000000000000000012000300686173683a6e65742c706f72740000000900020073797a310000000008000780080008400000000005000500020000000500040000000000050019e5ef510000"], 0x58}}, 0x0) (async)
ioctl$USBDEVFS_RELEASEINTERFACE(r3, 0x80045510, 0x0) (async)
read(r2, &(0x7f0000000400)=""/4096, 0x1000)
[ 68.858947][ T4663] Bluetooth: hci0: command tx timeout
[ 68.898147][ T5317] loop0: detected capacity change from 0 to 512
[ 68.917432][ T5317] =======================================================
[ 68.917432][ T5317] WARNING: The mand mount option has been deprecated and
[ 68.917432][ T5317] and is ignored by this kernel. Remove the mand
[ 68.917432][ T5317] option from the mount to silence this warning.
[ 68.917432][ T5317] =======================================================
[ 68.982421][ T5317] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 69.007949][ T5317] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 4294967295: comm syz.0.0: invalid block
[ 69.013367][ T5317] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.0: invalid indirect mapped block 4294967295 (level 1)
[ 69.021140][ T5317] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.0: invalid indirect mapped block 4294967295 (level 1)
[ 69.027084][ T5317] EXT4-fs (loop0): 2 truncates cleaned up
[ 69.031449][ T5317] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 69.039846][ T25] audit: type=1800 audit(1745931924.438:2): pid=5317 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 69.051200][ T5316] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.0: bg 0: block 5: invalid block bitmap
[ 69.061434][ T5317] ------------[ cut here ]------------
[ 69.064323][ T5317] WARNING: CPU: 0 PID: 5317 at fs/ext4/inode.c:3415 ext4_iomap_begin+0x967/0xad0
[ 69.067902][ T5317] Modules linked in:
[ 69.069932][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full)
[ 69.074337][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.078372][ T5317] RIP: 0010:ext4_iomap_begin+0x967/0xad0
[ 69.080687][ T5317] Code: 00 75 74 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 34 cc 4e ff e9 73 ff ff ff e8 2a cc 4e ff 90 <0f> 0b 90 41 be de ff ff ff 49 bf 00 00 00 00 00 fc ff df eb 82 89
[ 69.087801][ T5317] RSP: 0018:ffffc9000d5af0e0 EFLAGS: 00010293
[ 69.090215][ T5317] RAX: ffffffff8270f2a6 RBX: ffff88804381f0aa RCX: ffff88801efd8000
[ 69.093245][ T5317] RDX: 0000000000000000 RSI: 00000000000000d4 RDI: 0000000000000000
[ 69.096338][ T5317] RBP: ffffc9000d5af238 R08: ffff88804381ed4f R09: 1ffff11008703da9
[ 69.099493][ T5317] R10: dffffc0000000000 R11: ffffed1008703daa R12: 00000000000000d4
[ 69.102559][ T5317] R13: 1ffff11008703e15 R14: 000000000000000a R15: 0000000000000000
[ 69.105705][ T5317] FS: 00007f91d7df56c0(0000) GS:ffff88808d6cc000(0000) knlGS:0000000000000000
[ 69.109273][ T5317] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 69.111883][ T5317] CR2: 00002000000013c0 CR3: 000000003fdc7000 CR4: 0000000000352ef0
[ 69.114987][ T5317] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 69.118042][ T5317] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 69.121308][ T5317] Call Trace:
[ 69.122627][ T5317]
[ 69.123801][ T5317] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 69.125832][ T5317] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 69.128097][ T5317] iomap_iter+0x537/0xdf0
[ 69.130008][ T5317] __iomap_dio_rw+0xc67/0x1e40
[ 69.131878][ T5317] ? __pfx___iomap_dio_rw+0x10/0x10
[ 69.134006][ T5317] ? ext4_mark_iloc_dirty+0x1a53/0x1ca0
[ 69.136277][ T5317] ? __pfx___ext4_journal_get_write_access+0x10/0x10
[ 69.139140][ T5317] ? ext4_orphan_add+0x127/0x1210
[ 69.141224][ T5317] ? __pfx___might_resched+0x10/0x10
[ 69.143239][ T5317] ? __pfx_ext4_orphan_add+0x10/0x10
[ 69.145322][ T5317] ? ext4_journal_check_start+0x1cf/0x2b0
[ 69.147657][ T5317] iomap_dio_rw+0x45/0xb0
[ 69.149498][ T5317] ext4_file_write_iter+0x16a2/0x1bc0
[ 69.151736][ T5317] ? __pfx_ext4_file_write_iter+0x10/0x10
[ 69.153964][ T5317] ? __asan_memset+0x22/0x50
[ 69.155748][ T5317] iter_file_splice_write+0x937/0x1000
[ 69.157881][ T5317] ? __pfx_iter_file_splice_write+0x10/0x10
[ 69.160265][ T5317] ? rcu_read_lock_any_held+0xb3/0x120
[ 69.162380][ T5317] ? __pfx_iter_file_splice_write+0x10/0x10
[ 69.164669][ T5317] direct_splice_actor+0xfe/0x160
[ 69.167043][ T5317] splice_direct_to_actor+0x5a5/0xcc0
[ 69.169578][ T5317] ? __pfx_direct_splice_actor+0x10/0x10
[ 69.171917][ T5317] ? __pfx_splice_direct_to_actor+0x10/0x10
[ 69.174327][ T5317] ? __pfx_aa_file_perm+0x10/0x10
[ 69.176359][ T5317] do_splice_direct+0x181/0x270
[ 69.178288][ T5317] ? __pfx_do_splice_direct+0x10/0x10
[ 69.180538][ T5317] ? __pfx_direct_file_splice_eof+0x10/0x10
[ 69.182926][ T5317] ? rw_verify_area+0x258/0x650
[ 69.184981][ T5317] do_sendfile+0x4da/0x7d0
[ 69.186828][ T5317] ? __pfx_do_sendfile+0x10/0x10
[ 69.188852][ T5317] ? rcu_is_watching+0x15/0xb0
[ 69.190686][ T5317] ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 69.193086][ T5317] __se_sys_sendfile64+0x13e/0x190
[ 69.195133][ T5317] ? rcu_is_watching+0x15/0xb0
[ 69.197148][ T5317] ? __pfx___se_sys_sendfile64+0x10/0x10
[ 69.199842][ T5317] ? do_syscall_64+0xba/0x210
[ 69.201822][ T5317] do_syscall_64+0xf6/0x210
[ 69.203715][ T5317] ? clear_bhb_loop+0x45/0xa0
[ 69.205610][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.207894][ T5317] RIP: 0033:0x7f91db98e969
[ 69.209775][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.217188][ T5317] RSP: 002b:00007f91d7df5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 69.220437][ T5317] RAX: ffffffffffffffda RBX: 00007f91dbbb5fa0 RCX: 00007f91db98e969
[ 69.223418][ T5317] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[ 69.226652][ T5317] RBP: 00007f91dba10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 69.229884][ T5317] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[ 69.233124][ T5317] R13: 0000000000000000 R14: 00007f91dbbb5fa0 R15: 00007fff2e0e97f8
[ 69.236371][ T5317]
[ 69.237682][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 69.240543][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted 6.15.0-rc4-syzkaller-00021-gca91b9500108 #0 PREEMPT(full)
[ 69.245082][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 69.249366][ T5317] Call Trace:
[ 69.250728][ T5317]
[ 69.251945][ T5317] dump_stack_lvl+0x99/0x250
[ 69.253819][ T5317] ? __asan_memcpy+0x40/0x70
[ 69.255719][ T5317] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.257848][ T5317] ? __pfx__printk+0x10/0x10
[ 69.259669][ T5317] panic+0x2db/0x790
[ 69.261145][ T5317] ? __pfx_panic+0x10/0x10
[ 69.262771][ T5317] ? show_trace_log_lvl+0x4fb/0x550
[ 69.264836][ T5317] __warn+0x31b/0x4b0
[ 69.266436][ T5317] ? ext4_iomap_begin+0x967/0xad0
[ 69.268451][ T5317] ? ext4_iomap_begin+0x967/0xad0
[ 69.270375][ T5317] report_bug+0x2be/0x4f0
[ 69.272249][ T5317] ? ext4_iomap_begin+0x967/0xad0
[ 69.274523][ T5317] ? ext4_iomap_begin+0x967/0xad0
[ 69.276545][ T5317] ? ext4_iomap_begin+0x969/0xad0
[ 69.278600][ T5317] handle_bug+0x84/0x160
[ 69.280277][ T5317] exc_invalid_op+0x1a/0x50
[ 69.282147][ T5317] asm_exc_invalid_op+0x1a/0x20
[ 69.284141][ T5317] RIP: 0010:ext4_iomap_begin+0x967/0xad0
[ 69.286455][ T5317] Code: 00 75 74 44 89 f0 48 8d 65 d8 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc cc e8 34 cc 4e ff e9 73 ff ff ff e8 2a cc 4e ff 90 <0f> 0b 90 41 be de ff ff ff 49 bf 00 00 00 00 00 fc ff df eb 82 89
[ 69.294014][ T5317] RSP: 0018:ffffc9000d5af0e0 EFLAGS: 00010293
[ 69.296464][ T5317] RAX: ffffffff8270f2a6 RBX: ffff88804381f0aa RCX: ffff88801efd8000
[ 69.299566][ T5317] RDX: 0000000000000000 RSI: 00000000000000d4 RDI: 0000000000000000
[ 69.302763][ T5317] RBP: ffffc9000d5af238 R08: ffff88804381ed4f R09: 1ffff11008703da9
[ 69.306014][ T5317] R10: dffffc0000000000 R11: ffffed1008703daa R12: 00000000000000d4
[ 69.309129][ T5317] R13: 1ffff11008703e15 R14: 000000000000000a R15: 0000000000000000
[ 69.312343][ T5317] ? ext4_iomap_begin+0x966/0xad0
[ 69.314392][ T5317] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 69.316497][ T5317] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 69.318596][ T5317] iomap_iter+0x537/0xdf0
[ 69.320319][ T5317] __iomap_dio_rw+0xc67/0x1e40
[ 69.322208][ T5317] ? __pfx___iomap_dio_rw+0x10/0x10
[ 69.324188][ T5317] ? ext4_mark_iloc_dirty+0x1a53/0x1ca0
[ 69.326380][ T5317] ? __pfx___ext4_journal_get_write_access+0x10/0x10
[ 69.328975][ T5317] ? ext4_orphan_add+0x127/0x1210
[ 69.330954][ T5317] ? __pfx___might_resched+0x10/0x10
[ 69.333053][ T5317] ? __pfx_ext4_orphan_add+0x10/0x10
[ 69.335081][ T5317] ? ext4_journal_check_start+0x1cf/0x2b0
[ 69.337306][ T5317] iomap_dio_rw+0x45/0xb0
[ 69.338943][ T5317] ext4_file_write_iter+0x16a2/0x1bc0
[ 69.341024][ T5317] ? __pfx_ext4_file_write_iter+0x10/0x10
[ 69.343127][ T5317] ? __asan_memset+0x22/0x50
[ 69.344925][ T5317] iter_file_splice_write+0x937/0x1000
[ 69.347131][ T5317] ? __pfx_iter_file_splice_write+0x10/0x10
[ 69.349473][ T5317] ? rcu_read_lock_any_held+0xb3/0x120
[ 69.351622][ T5317] ? __pfx_iter_file_splice_write+0x10/0x10
[ 69.354019][ T5317] direct_splice_actor+0xfe/0x160
[ 69.356061][ T5317] splice_direct_to_actor+0x5a5/0xcc0
[ 69.358160][ T5317] ? __pfx_direct_splice_actor+0x10/0x10
[ 69.360290][ T5317] ? __pfx_splice_direct_to_actor+0x10/0x10
[ 69.362580][ T5317] ? __pfx_aa_file_perm+0x10/0x10
[ 69.364415][ T5317] do_splice_direct+0x181/0x270
[ 69.366273][ T5317] ? __pfx_do_splice_direct+0x10/0x10
[ 69.368242][ T5317] ? __pfx_direct_file_splice_eof+0x10/0x10
[ 69.370494][ T5317] ? rw_verify_area+0x258/0x650
[ 69.372336][ T5317] do_sendfile+0x4da/0x7d0
[ 69.374036][ T5317] ? __pfx_do_sendfile+0x10/0x10
[ 69.375918][ T5317] ? rcu_is_watching+0x15/0xb0
[ 69.377787][ T5317] ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 69.380158][ T5317] __se_sys_sendfile64+0x13e/0x190
[ 69.382152][ T5317] ? rcu_is_watching+0x15/0xb0
[ 69.384021][ T5317] ? __pfx___se_sys_sendfile64+0x10/0x10
[ 69.386196][ T5317] ? do_syscall_64+0xba/0x210
[ 69.387918][ T5317] do_syscall_64+0xf6/0x210
[ 69.389665][ T5317] ? clear_bhb_loop+0x45/0xa0
[ 69.391418][ T5317] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.393652][ T5317] RIP: 0033:0x7f91db98e969
[ 69.395387][ T5317] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 69.402397][ T5317] RSP: 002b:00007f91d7df5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 69.405457][ T5317] RAX: ffffffffffffffda RBX: 00007f91dbbb5fa0 RCX: 00007f91db98e969
[ 69.408357][ T5317] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[ 69.411372][ T5317] RBP: 00007f91dba10ab1 R08: 0000000000000000 R09: 0000000000000000
[ 69.414324][ T5317] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[ 69.417454][ T5317] R13: 0000000000000000 R14: 00007f91dbbb5fa0 R15: 00007fff2e0e97f8
[ 69.420362][ T5317]
[ 69.421822][ T5317] Kernel Offset: disabled
[ 69.423455][ T5317] Rebooting in 86400 seconds..