program:
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r1 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x12, 0x3, 0x0, &(0x7f0000000240)='syzkaller\x00', 0x80000000, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="16"], 0x50)
io_uring_enter(r1, 0x2219, 0x7721, 0x16, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, 0x0)
r2 = dup(r0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=")
r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x1c3)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r3, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x441, 0x108)
fallocate(r4, 0x20, 0x0, 0x8000)
writev(r3, &(0x7f0000000580)=[{&(0x7f0000000440)="dd", 0x1}], 0x1)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r2, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17)

[   84.832342][ T4653] Bluetooth: hci0: command tx timeout
[   84.963619][ T5322] loop0: detected capacity change from 0 to 1024
[   85.000942][ T5322] =======================================================
[   85.000942][ T5322] WARNING: The mand mount option has been deprecated and
[   85.000942][ T5322]          and is ignored by this kernel. Remove the mand
[   85.000942][ T5322]          option from the mount to silence this warning.
[   85.000942][ T5322] =======================================================
[   85.144896][ T5322] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[   85.161776][ T5322] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   85.220051][   T25] audit: type=1800 audit(1779094738.189:2): pid=5322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0
[   85.245582][   T25] audit: type=1800 audit(1779094738.209:3): pid=5322 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0
[   85.293412][ T5323] EXT4-fs error (device loop0): ext4_map_blocks:833: inode #15: comm syz.0.0: lblock 0 mapped to illegal pblock 0 (length 1)
[   85.315011][ T5323] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[   85.329569][ T5323] EXT4-fs (loop0): This should not happen!! Data will be lost
[   85.329569][ T5323] 
[   85.335122][ T5328] ------------[ cut here ]------------
[   85.337637][ T5328] !folio_buffers(folio)
[   85.337648][ T5328] WARNING: fs/ext4/inode.c:3938 at ext4_dirty_folio+0x167/0x1b0, CPU#0: iou-wrk-5322/5328
[   85.344414][ T5328] Modules linked in:
[   85.346200][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: iou-wrk-5322 Not tainted syzkaller #0 PREEMPT(full) 
[   85.350277][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.354676][ T5328] RIP: 0010:ext4_dirty_folio+0x167/0x1b0
[   85.357207][ T5328] Code: 4f fa a7 ff 49 83 3f 00 74 1a e8 64 2e 3b ff 4c 89 e7 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1f 9f cd ff e8 4a 2e 3b ff 90 <0f> 0b 90 eb e0 e8 3f 2e 3b ff 90 0f 0b 90 eb a7 e8 34 2e 3b ff 48
[   85.365514][ T5328] RSP: 0018:ffffc9000d17f340 EFLAGS: 00010293
[   85.368100][ T5328] RAX: ffffffff828aa5b6 RBX: ffffea00008f8600 RCX: ffff88801fa1ca00
[   85.371608][ T5328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   85.374986][ T5328] RBP: 1ffffd400011f0c0 R08: ffffea00008f8607 R09: 1ffffd400011f0c0
[   85.378188][ T5328] R10: dffffc0000000000 R11: fffff9400011f0c1 R12: ffff888046c12070
[   85.381653][ T5328] R13: 1ffffd400011f0c1 R14: 0000000000000001 R15: ffffea00008f8628
[   85.384993][ T5328] FS:  00007f3d285a96c0(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000
[   85.388747][ T5328] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.392368][ T5328] CR2: 00002000000000c0 CR3: 0000000012cc1000 CR4: 0000000000352ef0
[   85.395930][ T5328] Call Trace:
[   85.397499][ T5328]  <TASK>
[   85.398825][ T5328]  bio_set_pages_dirty+0x38e/0xaa0
[   85.401336][ T5328]  __blkdev_direct_IO+0x859/0xfa0
[   85.403645][ T5328]  ? __pfx_io_complete_rw+0x10/0x10
[   85.406033][ T5328]  ? __pfx___blkdev_direct_IO+0x10/0x10
[   85.408494][ T5328]  blkdev_direct_IO+0x121a/0x1790
[   85.410455][ T5328]  ? seqcount_lockdep_reader_access+0xa9/0x100
[   85.412834][ T5328]  ? __pfx_blkdev_direct_IO+0x10/0x10
[   85.415089][ T5328]  ? current_time+0x22a/0x370
[   85.417112][ T5328]  ? __pfx_current_time+0x10/0x10
[   85.419090][ T5328]  ? atime_needs_update+0x56b/0x6d0
[   85.421423][ T5328]  ? touch_atime+0xf1/0x6b0
[   85.423360][ T5328]  ? apparmor_file_permission+0x1f4/0x300
[   85.425749][ T5328]  ? kiocb_write_and_wait+0xad/0x1b0
[   85.428271][ T5328]  blkdev_read_iter+0x23d/0x440
[   85.430662][ T5328]  ? __pfx_blkdev_read_iter+0x10/0x10
[   85.432964][ T5328]  __io_read+0x724/0x14f0
[   85.434792][ T5328]  ? look_up_lock_class+0x57/0x110
[   85.437049][ T5328]  ? register_lock_class+0x31/0x2e0
[   85.439287][ T5328]  ? __pfx___io_read+0x10/0x10
[   85.441531][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   85.443598][ T5328]  io_read+0x4a/0x1c0
[   85.445427][ T5328]  ? number+0x171/0xf80
[   85.447560][ T5328]  __io_issue_sqe+0x180/0x4b0
[   85.449965][ T5328]  io_issue_sqe+0x165/0xf60
[   85.451916][ T5328]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.454145][ T5328]  io_wq_submit_work+0x7c9/0xc40
[   85.456417][ T5328]  io_worker_handle_work+0x774/0x1060
[   85.458791][ T5328]  io_wq_worker+0x45f/0xfc0
[   85.460930][ T5328]  ? io_wq_worker+0x38e/0xfc0
[   85.462998][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.465229][ T5328]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.467447][ T5328]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.469830][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.471973][ T5328]  ret_from_fork+0x514/0xb70
[   85.474034][ T5328]  ? __pfx_ret_from_fork+0x10/0x10
[   85.476141][ T5328]  ? __switch_to+0xc79/0x1410
[   85.478024][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.480267][ T5328]  ret_from_fork_asm+0x1a/0x30
[   85.482386][ T5328]  </TASK>
[   85.483805][ T5328] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.486962][ T5328] CPU: 0 UID: 0 PID: 5328 Comm: iou-wrk-5322 Not tainted syzkaller #0 PREEMPT(full) 
[   85.491219][ T5328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.495526][ T5328] Call Trace:
[   85.497135][ T5328]  <TASK>
[   85.498447][ T5328]  vpanic+0x56c/0xa60
[   85.500362][ T5328]  ? __pfx__printk+0x10/0x10
[   85.502363][ T5328]  ? __pfx_vpanic+0x10/0x10
[   85.504296][ T5328]  ? is_bpf_text_address+0x292/0x2b0
[   85.506612][ T5328]  ? is_bpf_text_address+0x26/0x2b0
[   85.508916][ T5328]  panic+0xc5/0xd0
[   85.510497][ T5328]  ? __pfx_panic+0x10/0x10
[   85.512446][ T5328]  ? ret_from_fork_asm+0x1a/0x30
[   85.514602][ T5328]  __warn+0x315/0x4c0
[   85.516388][ T5328]  ? ext4_dirty_folio+0x167/0x1b0
[   85.518583][ T5328]  ? ext4_dirty_folio+0x167/0x1b0
[   85.520685][ T5328]  __report_bug+0x29a/0x540
[   85.522529][ T5328]  ? ext4_dirty_folio+0x167/0x1b0
[   85.524699][ T5328]  ? __pfx___report_bug+0x10/0x10
[   85.526857][ T5328]  ? io_wq_worker_running+0x10a/0x130
[   85.529147][ T5328]  ? folio_wait_bit_common+0xa03/0xbc0
[   85.531341][ T5328]  ? blkg_tryget+0x20/0x250
[   85.533062][ T5328]  ? is_valid_gup_args+0x11f/0x200
[   85.535096][ T5328]  ? ext4_dirty_folio+0x167/0x1b0
[   85.537143][ T5328]  report_bug+0x16a/0x220
[   85.538923][ T5328]  ? ext4_dirty_folio+0x167/0x1b0
[   85.541065][ T5328]  ? ext4_dirty_folio+0x169/0x1b0
[   85.543143][ T5328]  handle_bug+0x9c/0x200
[   85.545040][ T5328]  exc_invalid_op+0x1a/0x50
[   85.547034][ T5328]  asm_exc_invalid_op+0x1a/0x20
[   85.549071][ T5328] RIP: 0010:ext4_dirty_folio+0x167/0x1b0
[   85.551485][ T5328] Code: 4f fa a7 ff 49 83 3f 00 74 1a e8 64 2e 3b ff 4c 89 e7 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 1f 9f cd ff e8 4a 2e 3b ff 90 <0f> 0b 90 eb e0 e8 3f 2e 3b ff 90 0f 0b 90 eb a7 e8 34 2e 3b ff 48
[   85.559200][ T5328] RSP: 0018:ffffc9000d17f340 EFLAGS: 00010293
[   85.561751][ T5328] RAX: ffffffff828aa5b6 RBX: ffffea00008f8600 RCX: ffff88801fa1ca00
[   85.565099][ T5328] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000
[   85.568832][ T5328] RBP: 1ffffd400011f0c0 R08: ffffea00008f8607 R09: 1ffffd400011f0c0
[   85.572944][ T5328] R10: dffffc0000000000 R11: fffff9400011f0c1 R12: ffff888046c12070
[   85.576428][ T5328] R13: 1ffffd400011f0c1 R14: 0000000000000001 R15: ffffea00008f8628
[   85.579908][ T5328]  ? ext4_dirty_folio+0x166/0x1b0
[   85.582166][ T5328]  bio_set_pages_dirty+0x38e/0xaa0
[   85.584425][ T5328]  __blkdev_direct_IO+0x859/0xfa0
[   85.586598][ T5328]  ? __pfx_io_complete_rw+0x10/0x10
[   85.588844][ T5328]  ? __pfx___blkdev_direct_IO+0x10/0x10
[   85.591110][ T5328]  blkdev_direct_IO+0x121a/0x1790
[   85.593329][ T5328]  ? seqcount_lockdep_reader_access+0xa9/0x100
[   85.595861][ T5328]  ? __pfx_blkdev_direct_IO+0x10/0x10
[   85.598268][ T5328]  ? current_time+0x22a/0x370
[   85.600440][ T5328]  ? __pfx_current_time+0x10/0x10
[   85.602611][ T5328]  ? atime_needs_update+0x56b/0x6d0
[   85.604709][ T5328]  ? touch_atime+0xf1/0x6b0
[   85.606520][ T5328]  ? apparmor_file_permission+0x1f4/0x300
[   85.608804][ T5328]  ? kiocb_write_and_wait+0xad/0x1b0
[   85.610919][ T5328]  blkdev_read_iter+0x23d/0x440
[   85.613189][ T5328]  ? __pfx_blkdev_read_iter+0x10/0x10
[   85.616084][ T5328]  __io_read+0x724/0x14f0
[   85.618473][ T5328]  ? look_up_lock_class+0x57/0x110
[   85.621226][ T5328]  ? register_lock_class+0x31/0x2e0
[   85.623739][ T5328]  ? __pfx___io_read+0x10/0x10
[   85.626113][ T5328]  ? __lock_acquire+0x6b5/0x2cf0
[   85.628596][ T5328]  io_read+0x4a/0x1c0
[   85.630521][ T5328]  ? number+0x171/0xf80
[   85.632485][ T5328]  __io_issue_sqe+0x180/0x4b0
[   85.634771][ T5328]  io_issue_sqe+0x165/0xf60
[   85.636951][ T5328]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.639292][ T5328]  io_wq_submit_work+0x7c9/0xc40
[   85.641437][ T5328]  io_worker_handle_work+0x774/0x1060
[   85.643747][ T5328]  io_wq_worker+0x45f/0xfc0
[   85.645770][ T5328]  ? io_wq_worker+0x38e/0xfc0
[   85.647810][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.650018][ T5328]  ? do_raw_spin_lock+0x12b/0x2f0
[   85.652174][ T5328]  ? _raw_spin_unlock_irq+0x23/0x50
[   85.654430][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.656560][ T5328]  ret_from_fork+0x514/0xb70
[   85.658436][ T5328]  ? __pfx_ret_from_fork+0x10/0x10
[   85.660616][ T5328]  ? __switch_to+0xc79/0x1410
[   85.662710][ T5328]  ? __pfx_io_wq_worker+0x10/0x10
[   85.664937][ T5328]  ret_from_fork_asm+0x1a/0x30
[   85.667061][ T5328]  </TASK>
[   85.668780][ T5328] Kernel Offset: disabled
[   85.670522][ T5328] Rebooting in 86400 seconds..