program:
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8052, &(0x7f0000000380)={[{@grpjquota}, {@init_itable_val={'init_itable', 0x3d, 0x7}}, {@dioread_nolock}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7fffffff}}]}, 0x3, 0x4de, &(0x7f0000000c40)="$eJzs3E1oXNUeAPD/nUma9Ot1Xl9f32utmlrFYDFp02q7EKSi4EJBrKAuQ5KW2rSRJgVbqkxB6lIK7sWlWxdu1U0RV4LbuhSkUKSbtoI4cmfunZlMZ5ImmWSM+f1gMufcr3POPffcOfeczASwYQ2lf5Ja+GZE7IiIQusGQ7W3e3euTNy/c2UiypXKyd+S6m5303gmO0xszSLDhYjCx0ljRZPZS5fPjk9PT13I4qNz594fnb10+dkzg9mS48ePHjl87Pmx55ZeqDbppeW6u/ejmX17Xn33+usTffnyPLXmcnTLUAy1y0rVU91OrMe2N4WTvh5mhCVJr/+0uvqr7X9HFGOhyiuvYc6A1VapVCoDnVeXK62uPrAEWLdisNc5AHoj/6BPn3/zV7uOwKbV6X703O0TtQegtNz3slfE49WF+ThIf8vzbTcNRcQ75d8/T1+xSuMQAADNvj2R9wRb+n+l2szIHxdvvJi+/yubQylFxL8jYmdE/CcidkXEfyNid0T8LyL+33L8YkRUFkh/qCVeT78+CVW41aWitpX2/17I5rYa/b95GSgVs9j2iLzDPHUoOyfD0T9w6sz01OEF0vju5Z8+7bSuuf+XvtL0875glo9bfS0DdJPjc+PLLnCL21cj9va1lj/pi0jqMwFJROyJiL1LOG6pKXzmmS/31SP987dbvPxVlbbzaF2YZ6p8EfF0rf7LMa/+Gykm8+Ynz42fnjo9dX6sPj85OhjTU4dG06vgUNs0fvjx2hud0l+0/F//0rrLK8e+OZm1rJVL639L0/Uf+fxto/ylJCKpz9fOLj2Naz9/0vGZZrnX/6bkrWo4fy79YHxu7sLhiE3Jaw8uH2vsm8fT9yjXyj98oH3735ntk56JRyIivYgfjYjHovaEmOZ9f0Q8EREHFij/9y89+d7yy7+60vJPttz/ajU/r/4b8/WdAkk2N9hmVfHs/pv3O9w8Hq7+j1ZDw9mS9ve/ZN4tolNO80+7dMmfKz57AAAAsD4UImJb01jStigURkZqY0C7YkthemZ27uCpmYvnJ9N1EaXoL+QjXbXx4P4kH/8sNcXHWuJHsnHjz4qbq/GRiZnpyZ6WHNhabfNJYSTi7WJT+0/92p0hZuDvzPe1YONaqP2nnfjd19cwM8CaevjP/xsfrmpGgDXX1P47fcO/vIz/+wLWAc//QMPiP/TjngHrX0Vbhg1tSe3/oB8BhH+SvnizHi70NCfAWtP/hw1p0e/1ryhQGWi/ajAe3DgGFz5gMZaXjc1t0upJIO1Z9ST1zcvZK/81hY7bRGFpBxyI7tTpqRWejfKF2dO7u37xV7L/le92DX61Ju20XaAntyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICu+ysAAP//+sDgnA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xfffe82) (async)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x141042, 0x0)
syz_open_dev$dri(&(0x7f0000000000), 0x4, 0x800) (async)
mmap$IORING_OFF_SQ_RING(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x2, 0x13, r2, 0x0)
read(r2, &(0x7f0000001400)=""/4096, 0x1000)
[ 86.717069][ T5359] loop0: detected capacity change from 0 to 512
[ 86.721084][ T5359] =======================================================
[ 86.721084][ T5359] WARNING: The mand mount option has been deprecated and
[ 86.721084][ T5359] and is ignored by this kernel. Remove the mand
[ 86.721084][ T5359] option from the mount to silence this warning.
[ 86.721084][ T5359] =======================================================
[ 86.773196][ T5336] Bluetooth: hci0: command tx timeout
[ 86.784542][ T5359] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[ 86.924604][ T5359] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.0: invalid indirect mapped block 4294967295 (level 1)
[ 86.960726][ T5359] EXT4-fs error (device loop0): ext4_free_branches:1023: inode #11: comm syz.0.0: invalid indirect mapped block 4294967295 (level 1)
[ 86.968842][ T5359] EXT4-fs (loop0): 2 truncates cleaned up
[ 86.974007][ T5359] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[ 86.988188][ T5360] EXT4-fs error (device loop0): ext4_validate_block_bitmap:432: comm syz.0.0: bg 0: block 5: invalid block bitmap
[ 86.997414][ T25] audit: type=1800 audit(1754300020.923:2): pid=5359 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0
[ 87.009194][ T5359] ------------[ cut here ]------------
[ 87.011621][ T5359] WARNING: CPU: 0 PID: 5359 at fs/ext4/inode.c:3794 ext4_iomap_begin+0x16c5/0x1900
[ 87.017131][ T5359] Modules linked in:
[ 87.019527][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full)
[ 87.025355][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.031020][ T5359] RIP: 0010:ext4_iomap_begin+0x16c5/0x1900
[ 87.034699][ T5359] Code: 24 18 39 c3 0f 42 c3 41 01 c7 41 89 dc e9 3c f5 ff ff e8 8e e1 4a ff c7 44 24 20 09 00 00 00 e9 18 f5 ff ff e8 7c e1 4a ff 90 <0f> 0b 90 41 be de ff ff ff 4c 8b 7c 24 70 e9 18 ed ff ff 89 d9 80
[ 87.043362][ T5359] RSP: 0018:ffffc9000d3d70a0 EFLAGS: 00010293
[ 87.046221][ T5359] RAX: ffffffff8274d874 RBX: ffff88805303a690 RCX: ffff88801fa48000
[ 87.049774][ T5359] RDX: 0000000000000000 RSI: 00000000000000d4 RDI: 0000000000000000
[ 87.053539][ T5359] RBP: ffffc9000d3d7238 R08: ffff88805303a697 R09: 1ffff1100a6074d2
[ 87.057122][ T5359] R10: dffffc0000000000 R11: ffffed100a6074d3 R12: dffffc0000000000
[ 87.060727][ T5359] R13: 1ffff1100a607533 R14: 0000000000000000 R15: 00000000000000d4
[ 87.064364][ T5359] FS: 00007f04161ed6c0(0000) GS:ffff88808d21d000(0000) knlGS:0000000000000000
[ 87.067932][ T5359] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 87.071291][ T5359] CR2: 0000200000001400 CR3: 0000000043e3a000 CR4: 0000000000352ef0
[ 87.075658][ T5359] Call Trace:
[ 87.077232][ T5359]
[ 87.078626][ T5359] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 87.080849][ T5359] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 87.083388][ T5359] iomap_iter+0x531/0xde0
[ 87.085388][ T5359] __iomap_dio_rw+0xc57/0x1e30
[ 87.087584][ T5359] ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[ 87.090219][ T5359] ? __pfx___iomap_dio_rw+0x10/0x10
[ 87.093031][ T5359] ? seqcount_lockdep_reader_access+0x123/0x1c0
[ 87.095805][ T5359] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.098469][ T5359] ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[ 87.101251][ T5359] ? __pfx___might_resched+0x10/0x10
[ 87.104249][ T5359] ? current_time+0x222/0x370
[ 87.106471][ T5359] ? __pfx_ext4_orphan_add+0x10/0x10
[ 87.109003][ T5359] ? ext4_journal_check_start+0x1cf/0x2b0
[ 87.111811][ T5359] iomap_dio_rw+0x45/0xb0
[ 87.114252][ T5359] ext4_file_write_iter+0x16a2/0x1bc0
[ 87.116745][ T5359] ? __pfx_ext4_file_write_iter+0x10/0x10
[ 87.119141][ T5359] ? __asan_memset+0x22/0x50
[ 87.121261][ T5359] iter_file_splice_write+0x93a/0x1000
[ 87.123766][ T5359] ? __pfx_iter_file_splice_write+0x10/0x10
[ 87.126345][ T5359] ? rcu_read_lock_any_held+0xb3/0x120
[ 87.128651][ T5359] ? __pfx_iter_file_splice_write+0x10/0x10
[ 87.131123][ T5359] direct_splice_actor+0xfe/0x160
[ 87.133329][ T5359] splice_direct_to_actor+0x5a8/0xcc0
[ 87.135913][ T5359] ? __pfx_direct_splice_actor+0x10/0x10
[ 87.138272][ T5359] ? __pfx_splice_direct_to_actor+0x10/0x10
[ 87.140879][ T5359] ? __pfx_aa_file_perm+0x10/0x10
[ 87.143215][ T5359] do_splice_direct+0x181/0x270
[ 87.145321][ T5359] ? __pfx_do_splice_direct+0x10/0x10
[ 87.147630][ T5359] ? __pfx_direct_file_splice_eof+0x10/0x10
[ 87.150085][ T5359] ? rw_verify_area+0x255/0x4d0
[ 87.152201][ T5359] do_sendfile+0x4da/0x7e0
[ 87.154282][ T5359] ? __pfx_do_sendfile+0x10/0x10
[ 87.156433][ T5359] ? rcu_is_watching+0x15/0xb0
[ 87.158553][ T5359] ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 87.161144][ T5359] __se_sys_sendfile64+0x13e/0x190
[ 87.163485][ T5359] ? __pfx___se_sys_sendfile64+0x10/0x10
[ 87.165903][ T5359] ? rcu_is_watching+0x15/0xb0
[ 87.167972][ T5359] ? do_syscall_64+0xbe/0x3b0
[ 87.169926][ T5359] do_syscall_64+0xfa/0x3b0
[ 87.171922][ T5359] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.174235][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.176758][ T5359] ? clear_bhb_loop+0x60/0xb0
[ 87.178809][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.181444][ T5359] RIP: 0033:0x7f0419d8eb69
[ 87.183837][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.192300][ T5359] RSP: 002b:00007f04161ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 87.196211][ T5359] RAX: ffffffffffffffda RBX: 00007f0419fb5fa0 RCX: 00007f0419d8eb69
[ 87.199320][ T5359] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[ 87.203401][ T5359] RBP: 00007f0419e11df1 R08: 0000000000000000 R09: 0000000000000000
[ 87.207016][ T5359] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[ 87.210597][ T5359] R13: 0000000000000000 R14: 00007f0419fb5fa0 R15: 00007ffe0254b3b8
[ 87.214558][ T5359]
[ 87.215994][ T5359] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 87.219538][ T5359] CPU: 0 UID: 0 PID: 5359 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-11489-gd2eedaa3909b #0 PREEMPT(full)
[ 87.224914][ T5359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[ 87.229428][ T5359] Call Trace:
[ 87.230860][ T5359]
[ 87.232146][ T5359] dump_stack_lvl+0x99/0x250
[ 87.234449][ T5359] ? __asan_memcpy+0x40/0x70
[ 87.236849][ T5359] ? __pfx_dump_stack_lvl+0x10/0x10
[ 87.239285][ T5359] ? __pfx__printk+0x10/0x10
[ 87.241409][ T5359] vpanic+0x281/0x750
[ 87.243124][ T5359] ? __pfx__printk+0x10/0x10
[ 87.245277][ T5359] ? __pfx_vpanic+0x10/0x10
[ 87.247247][ T5359] ? is_bpf_text_address+0x26/0x2b0
[ 87.249435][ T5359] panic+0xb9/0xc0
[ 87.251383][ T5359] ? __pfx_panic+0x10/0x10
[ 87.253412][ T5359] __warn+0x31b/0x4b0
[ 87.255179][ T5359] ? ext4_iomap_begin+0x16c5/0x1900
[ 87.257534][ T5359] ? ext4_iomap_begin+0x16c5/0x1900
[ 87.260326][ T5359] report_bug+0x2be/0x4f0
[ 87.262592][ T5359] ? ext4_iomap_begin+0x16c5/0x1900
[ 87.265480][ T5359] ? ext4_iomap_begin+0x16c5/0x1900
[ 87.268103][ T5359] ? ext4_iomap_begin+0x16c7/0x1900
[ 87.270328][ T5359] handle_bug+0x84/0x160
[ 87.272170][ T5359] exc_invalid_op+0x1a/0x50
[ 87.274284][ T5359] asm_exc_invalid_op+0x1a/0x20
[ 87.276438][ T5359] RIP: 0010:ext4_iomap_begin+0x16c5/0x1900
[ 87.278875][ T5359] Code: 24 18 39 c3 0f 42 c3 41 01 c7 41 89 dc e9 3c f5 ff ff e8 8e e1 4a ff c7 44 24 20 09 00 00 00 e9 18 f5 ff ff e8 7c e1 4a ff 90 <0f> 0b 90 41 be de ff ff ff 4c 8b 7c 24 70 e9 18 ed ff ff 89 d9 80
[ 87.286724][ T5359] RSP: 0018:ffffc9000d3d70a0 EFLAGS: 00010293
[ 87.289408][ T5359] RAX: ffffffff8274d874 RBX: ffff88805303a690 RCX: ffff88801fa48000
[ 87.293040][ T5359] RDX: 0000000000000000 RSI: 00000000000000d4 RDI: 0000000000000000
[ 87.296817][ T5359] RBP: ffffc9000d3d7238 R08: ffff88805303a697 R09: 1ffff1100a6074d2
[ 87.300175][ T5359] R10: dffffc0000000000 R11: ffffed100a6074d3 R12: dffffc0000000000
[ 87.303632][ T5359] R13: 1ffff1100a607533 R14: 0000000000000000 R15: 00000000000000d4
[ 87.307172][ T5359] ? ext4_iomap_begin+0x16c4/0x1900
[ 87.309613][ T5359] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 87.312039][ T5359] ? __pfx_ext4_iomap_begin+0x10/0x10
[ 87.314471][ T5359] iomap_iter+0x531/0xde0
[ 87.316418][ T5359] __iomap_dio_rw+0xc57/0x1e30
[ 87.318609][ T5359] ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[ 87.321504][ T5359] ? __pfx___iomap_dio_rw+0x10/0x10
[ 87.324005][ T5359] ? seqcount_lockdep_reader_access+0x123/0x1c0
[ 87.326788][ T5359] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.329124][ T5359] ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[ 87.331791][ T5359] ? __pfx___might_resched+0x10/0x10
[ 87.334204][ T5359] ? current_time+0x222/0x370
[ 87.336863][ T5359] ? __pfx_ext4_orphan_add+0x10/0x10
[ 87.339750][ T5359] ? ext4_journal_check_start+0x1cf/0x2b0
[ 87.342230][ T5359] iomap_dio_rw+0x45/0xb0
[ 87.344139][ T5359] ext4_file_write_iter+0x16a2/0x1bc0
[ 87.346539][ T5359] ? __pfx_ext4_file_write_iter+0x10/0x10
[ 87.349095][ T5359] ? __asan_memset+0x22/0x50
[ 87.351147][ T5359] iter_file_splice_write+0x93a/0x1000
[ 87.353673][ T5359] ? __pfx_iter_file_splice_write+0x10/0x10
[ 87.356204][ T5359] ? rcu_read_lock_any_held+0xb3/0x120
[ 87.358815][ T5359] ? __pfx_iter_file_splice_write+0x10/0x10
[ 87.361586][ T5359] direct_splice_actor+0xfe/0x160
[ 87.364054][ T5359] splice_direct_to_actor+0x5a8/0xcc0
[ 87.366547][ T5359] ? __pfx_direct_splice_actor+0x10/0x10
[ 87.368929][ T5359] ? __pfx_splice_direct_to_actor+0x10/0x10
[ 87.371804][ T5359] ? __pfx_aa_file_perm+0x10/0x10
[ 87.374305][ T5359] do_splice_direct+0x181/0x270
[ 87.376580][ T5359] ? __pfx_do_splice_direct+0x10/0x10
[ 87.379003][ T5359] ? __pfx_direct_file_splice_eof+0x10/0x10
[ 87.381856][ T5359] ? rw_verify_area+0x255/0x4d0
[ 87.384374][ T5359] do_sendfile+0x4da/0x7e0
[ 87.386537][ T5359] ? __pfx_do_sendfile+0x10/0x10
[ 87.388640][ T5359] ? rcu_is_watching+0x15/0xb0
[ 87.390626][ T5359] ? __rseq_handle_notify_resume+0x37e/0x11f0
[ 87.393165][ T5359] __se_sys_sendfile64+0x13e/0x190
[ 87.395451][ T5359] ? __pfx___se_sys_sendfile64+0x10/0x10
[ 87.398128][ T5359] ? rcu_is_watching+0x15/0xb0
[ 87.400662][ T5359] ? do_syscall_64+0xbe/0x3b0
[ 87.403323][ T5359] do_syscall_64+0xfa/0x3b0
[ 87.405362][ T5359] ? lockdep_hardirqs_on+0x9c/0x150
[ 87.407539][ T5359] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.410103][ T5359] ? clear_bhb_loop+0x60/0xb0
[ 87.412421][ T5359] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 87.415416][ T5359] RIP: 0033:0x7f0419d8eb69
[ 87.417534][ T5359] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 87.425612][ T5359] RSP: 002b:00007f04161ed038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028
[ 87.429446][ T5359] RAX: ffffffffffffffda RBX: 00007f0419fb5fa0 RCX: 00007f0419d8eb69
[ 87.433133][ T5359] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004
[ 87.436704][ T5359] RBP: 00007f0419e11df1 R08: 0000000000000000 R09: 0000000000000000
[ 87.440029][ T5359] R10: 0000000000fffe82 R11: 0000000000000246 R12: 0000000000000000
[ 87.443234][ T5359] R13: 0000000000000000 R14: 00007f0419fb5fa0 R15: 00007ffe0254b3b8
[ 87.446662][ T5359]
[ 87.448526][ T5359] Kernel Offset: disabled
[ 87.450701][ T5359] Rebooting in 86400 seconds..