program: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000080)={[{@bsdgroups}]}, 0xfc, 0x574, &(0x7f0000001980)="$eJzs3c9rHFUcAPDvbJI2/aFJoRT1IIEerNRumsQfFTzUk4gWC3qvS7INJZtuyW5KEwu2B3vxIkUQsSB69+6x+A/4VxS0UKQEPXiJzGY2XZPZNNlumm3384Fp35uZzZvvvvm+fbOzywbQt8bSfwoRL0fEN0nESMu2wcg2jq3tt/Lw+nS6JLG6+ulfSSTZuub+Sfb/oazyUkT89lXEycLmdmtLy3OlSqW8kNXH6/NXxmtLy6cuzZdmy7Ply5NTU2fempp89523uxbr6+f/+f6Tux+e+fr4yne/3D9yO4mzcTjb1hrHE7jRWhmLsew5GYqzG3ac6EJjvSTZ6wOgIwNZng9FOgaMxECW9blWR57moQG77Ms0rYE+lch/6FPNeUDz2r5L18HPjAfvr10AbY5/cO29kRhuXBsdXEn+d2WUXu+OdqH9tI1f/7xzO12i3fsQ+7vQEMAGN25GxOnBwc3jX5KNf507vY19NrbRb68/sJfupvOfN/LmP4X1+U/kzH8O5eRuJx6f/4X7XWimrXT+917u/Hf9ptXoQFZ7oTHnG0ouXqqU07HtxYg4EUP70/pERHyQfxPk88LKvdV27bfO/9Ilbb85F8yO4/7ghvnfTKleevLI1zy4GfFK7vw3We//JKf/0+fj/DbbOFa+82q7bY+Pf3et/hTxWm7/P+rMZOv7k+ON82G8eVZs9vetY7+3a3+v40/7/+DW8Y8mrfdraztv48fhf8vttnV6/u9LPmuU92XrrpXq9YWJiH3Jx5vXTz56bLPe3D+N/8Txrce/vPP/QJrY24z/1tFbrbsO7yz+3ZXGP7Oj/t954d5HX/zQrv3t9f+bjdKJbM12xr/tHuCTPHcAAAAAAADQawoRcTiSQnG9XCgUi2uf7zgaBwuVaq1+8mJ18fJMNL4rOxpDhead7pGWz0NMZJ+HbdYnN9SnIuJIRHw7cKBRL05XKzN7HTwAAAAAAAAAAAAAAAAAAAD0iEMRw3nf/0/9MZD/mDargWfRFj/5DTzn2ud/tqUbv/QE9CSv/9C/5D/0L/kP/Uv+Q/+S/9C/5D/0L/kP/Wsn+f/zuV08EAAAAAAAAAAAAAAAAAAAAAAAAAAAAHg+nD93Ll1WVx5en07rM1eXFueqV0/NlGtzxfnF6eJ0deFKcbZana2Ui9PV+cf9vUq1emViMhavjdfLtfp4bWn5wnx18XL9wqX50mz5QnnoqUQFAAAAAAAAAAAAAAAAAAAAz5ba0vJcqVIpLygodFQY7I3D6MFCoTcOo8PCXo9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDIfwEAAP//wGE62g==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) ftruncate(r0, 0xc17a) (async) write$FUSE_STATFS(r0, &(0x7f0000005f00)={0x60, 0x0, 0x0, {{0xfffffffffffffffd, 0x17, 0x4, 0x4, 0x8, 0xfffffc00, 0x1, 0x8}}}, 0x60) (async) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000001540), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000006fc0)={'wg0\x00', 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1f, 0x28, 0x2, [@array={0x0, 0x0, 0x0, 0x3, 0x0, {0x3, 0x2, 0xf}}, @int={0x0, 0x0, 0x0, 0x1, 0x5, 0x10, 0x0, 0x4}]}}, 0x0, 0x42}, 0x28) (async) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000000)={'erspan0\x00', &(0x7f0000000300)={'tunl0\x00', r4, 0x20, 0x8, 0x7f, 0xb1, {{0x28, 0x4, 0x2, 0x13, 0xa0, 0x65, 0x0, 0x4, 0x2f, 0x0, @multicast1, @remote, {[@ra={0x94, 0x4}, @end, @cipso={0x86, 0x1c, 0x0, [{0x1, 0x12, "b441ce626e67f63f259e4b9c24fad23d"}, {0x0, 0x4, "e310"}]}, @timestamp_addr={0x44, 0x2c, 0x6f, 0x1, 0x1, [{@rand_addr=0x64010101, 0x4}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0x101}, {@broadcast}, {@private=0xa010101, 0x7}, {@broadcast, 0x6}]}, @cipso={0x86, 0x13, 0xffffffffffffffff, [{0x0, 0x8, "39c313fa4ef9"}, {0x1, 0x5, "15ec4d"}]}, @timestamp_prespec={0x44, 0x2c, 0x6b, 0x3, 0xf, [{@initdev={0xac, 0x1e, 0x0, 0x0}, 0x76}, {@multicast2, 0x2}, {@multicast2, 0x4}, {@broadcast, 0x8}, {@private=0xa010102, 0x80000000}]}]}}}}}) sendmsg$ETHTOOL_MSG_FEATURES_SET(r3, &(0x7f0000008dc0)={0x0, 0x0, &(0x7f0000008d80)={&(0x7f0000000640)={0x98, r2, 0x1, 0x70bd25, 0x25dfdbfb, {}, [@ETHTOOL_A_FEATURES_WANTED={0x4}, @ETHTOOL_A_FEATURES_WANTED={0x80, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_VALUE={0x79, 0x4, "73fbf5660cb54604bf2c07d3dd9bff012387a69a91775ec849082c2e916e73497fb1a89cebaa9e5d91e383081127a6b55043c870dae948798e8964717cfb2d93c4618bc329e1d709eb159f82e8210b7e1616f91739dcc7198ddf627e9a27d58b6f7fc4631e497b9376750a535b31120145092f30e2"}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) (async) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000180)={'wlan0\x00', 0x0}) (async) mount_setattr(0xffffffffffffffff, 0x0, 0x8000, &(0x7f0000000080)={0x10009c, 0x78}, 0x20) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_STATION(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000080)={0x48, r8, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_FLAGS={0x20, 0x11, 0x0, 0x1, [@NL80211_STA_FLAG_MFP={0x14}, @NL80211_STA_FLAG_AUTHENTICATED={0x4}, @NL80211_STA_FLAG_AUTHORIZED={0x4}, @NL80211_STA_FLAG_WME={0x14}, @NL80211_STA_FLAG_WME={0x4}, @NL80211_STA_FLAG_TDLS_PEER={0x4}, @NL80211_STA_FLAG_SHORT_PREAMBLE={0x4}]}]}, 0x48}}, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(0xffffffffffffffff, 0xab07, 0x2) (async) sendmsg$nl_route(r9, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000580)=@ipv4_newrule={0x24, 0x20, 0x1, 0x0, 0x0, {0x2, 0x0, 0x80}, [@FRA_SRC={0x8, 0x2, @loopback}]}, 0x24}}, 0x0) (async) fadvise64(r0, 0x4000000, 0x0, 0x1) [ 84.629555][ T5338] loop0: detected capacity change from 0 to 1024 [ 84.692248][ T4684] Bluetooth: hci0: command tx timeout [ 84.835093][ T5338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 84.849815][ T5337] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 85.016332][ T5350] Zero length message leads to an empty skb [ 85.149472][ T5337] ------------[ cut here ]------------ [ 85.153284][ T5337] kernel BUG at fs/ext4/inode.c:2810! [ 85.157553][ T5337] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 85.160603][ T5337] CPU: 0 UID: 0 PID: 5337 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 85.164618][ T5337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 85.169356][ T5337] RIP: 0010:ext4_do_writepages+0x45f4/0x4600 [ 85.172212][ T5337] Code: c6 40 dd a3 8b e8 5c 71 a9 fe 90 0f 0b e8 84 11 44 ff 4c 89 f7 48 c7 c6 20 e2 a3 8b e8 45 71 a9 fe 90 0f 0b e8 6d 11 44 ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 85.180819][ T5337] RSP: 0018:ffffc9000db1f300 EFLAGS: 00010293 [ 85.183853][ T5337] RAX: ffffffff827e9713 RBX: 0000006a10000000 RCX: ffff8880003ba4c0 [ 85.188031][ T5337] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 85.192095][ T5337] RBP: ffffc9000db1f710 R08: ffff888012a51397 R09: 1ffff1100254a272 [ 85.195683][ T5337] R10: dffffc0000000000 R11: ffffed100254a273 R12: dffffc0000000000 [ 85.199363][ T5337] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110087338c7 [ 85.203279][ T5337] FS: 0000000000000000(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 85.207730][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.211403][ T5337] CR2: 00007fd4dfddfe9c CR3: 0000000044551000 CR4: 0000000000352ef0 [ 85.215479][ T5337] Call Trace: [ 85.217109][ T5337] [ 85.218588][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.221001][ T5337] ? unwind_next_frame+0xa5/0x23c0 [ 85.223601][ T5337] ? look_up_lock_class+0x57/0x110 [ 85.226423][ T5337] ? register_lock_class+0x31/0x2e0 [ 85.229001][ T5337] ? __pfx_ext4_do_writepages+0x10/0x10 [ 85.231610][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.234041][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.236730][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.239272][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.242067][ T5337] ? ext4_writepages+0x205/0x3b0 [ 85.244470][ T5337] ? ext4_writepages+0x205/0x3b0 [ 85.246750][ T5337] ext4_writepages+0x241/0x3b0 [ 85.248809][ T5337] ? __lock_acquire+0x6b5/0x2cf0 [ 85.251007][ T5337] ? __pfx_ext4_writepages+0x10/0x10 [ 85.253459][ T5337] ? do_raw_spin_unlock+0x4d/0x210 [ 85.255868][ T5337] ? __pfx_ext4_writepages+0x10/0x10 [ 85.258514][ T5337] do_writepages+0x32e/0x550 [ 85.260921][ T5337] ? do_raw_spin_unlock+0x4d/0x210 [ 85.263736][ T5337] filemap_flush+0x1e1/0x2e0 [ 85.266224][ T5337] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 85.268991][ T5337] ? __pfx_filemap_flush+0x10/0x10 [ 85.271444][ T5337] ? rcu_is_watching+0x15/0xb0 [ 85.273660][ T5337] ext4_release_file+0x82/0x310 [ 85.276174][ T5337] ? __pfx_ext4_release_file+0x10/0x10 [ 85.279023][ T5337] __fput+0x44f/0xa70 [ 85.281299][ T5337] task_work_run+0x1d9/0x270 [ 85.283928][ T5337] ? __pfx_task_work_run+0x10/0x10 [ 85.286440][ T5337] ? do_raw_spin_unlock+0x4d/0x210 [ 85.288783][ T5337] do_exit+0x69b/0x2310 [ 85.290913][ T5337] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 85.293789][ T5337] ? __pfx_do_exit+0x10/0x10 [ 85.295969][ T5337] ? preempt_schedule_thunk+0x16/0x30 [ 85.298634][ T5337] ? preempt_schedule_common+0x82/0xd0 [ 85.301431][ T5337] ? preempt_schedule_thunk+0x16/0x30 [ 85.304252][ T5337] do_group_exit+0x21b/0x2d0 [ 85.306587][ T5337] __x64_sys_exit_group+0x3f/0x40 [ 85.308806][ T5337] x64_sys_call+0x2210/0x2210 [ 85.310927][ T5337] do_syscall_64+0xe2/0xf80 [ 85.312998][ T5337] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.315807][ T5337] ? trace_irq_disable+0x37/0x100 [ 85.318154][ T5337] ? clear_bhb_loop+0x60/0xb0 [ 85.320569][ T5337] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 85.323625][ T5337] RIP: 0033:0x7f6ead79acb9 [ 85.325706][ T5337] Code: Unable to access opcode bytes at 0x7f6ead79ac8f. [ 85.328850][ T5337] RSP: 002b:00007ffe69e6d4b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 85.332286][ T5337] RAX: ffffffffffffffda RBX: 000000000000000b RCX: 00007f6ead79acb9 [ 85.335575][ T5337] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 000000000000000b [ 85.339112][ T5337] RBP: 0000000000001c5a R08: 00007ffe69e6e077 R09: 000000000000000b [ 85.343717][ T5337] R10: 00007f6eada15fa0 R11: 0000000000000246 R12: 0000000000000003 [ 85.348061][ T5337] R13: 00007f6eada1627c R14: 00007f6eada16278 R15: 00007f6eada16270 [ 85.351618][ T5337] [ 85.352925][ T5337] Modules linked in: [ 85.355275][ T5337] ---[ end trace 0000000000000000 ]--- [ 85.388861][ T5337] RIP: 0010:ext4_do_writepages+0x45f4/0x4600 [ 85.391770][ T5337] Code: c6 40 dd a3 8b e8 5c 71 a9 fe 90 0f 0b e8 84 11 44 ff 4c 89 f7 48 c7 c6 20 e2 a3 8b e8 45 71 a9 fe 90 0f 0b e8 6d 11 44 ff 90 <0f> 0b 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 90 90 90 [ 85.418167][ T5337] RSP: 0018:ffffc9000db1f300 EFLAGS: 00010293 [ 85.421197][ T5337] RAX: ffffffff827e9713 RBX: 0000006a10000000 RCX: ffff8880003ba4c0 [ 85.428452][ T5337] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 85.432055][ T5337] RBP: ffffc9000db1f710 R08: ffff888012a51397 R09: 1ffff1100254a272 [ 85.436401][ T5337] R10: dffffc0000000000 R11: ffffed100254a273 R12: dffffc0000000000 [ 85.440729][ T5337] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110087338c7 [ 85.445139][ T5337] FS: 0000000000000000(0000) GS:ffff88808cf1d000(0000) knlGS:0000000000000000 [ 85.449192][ T5337] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 85.452153][ T5337] CR2: 0000556298fc9168 CR3: 000000001173c000 CR4: 0000000000352ef0 [ 85.456997][ T5337] Kernel panic - not syncing: Fatal exception [ 85.460797][ T5337] Kernel Offset: disabled [ 85.463111][ T5337] Rebooting in 86400 seconds..