program: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2010480, &(0x7f00000001c0), 0x45, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") r0 = open(&(0x7f0000000240)='./file1\x00', 0x84242, 0x1df2a23c5997fa5f) write$FUSE_CREATE_OPEN(r0, &(0x7f00000003c0)={0xa0, 0x0, 0x0, {{0x4, 0x3, 0x5, 0x1ff, 0x2, 0x3, {0x6, 0xfd, 0x20ff, 0x8, 0xffe, 0x200000f33a, 0x9, 0x4, 0xfffffffc, 0x6000, 0x6, 0x0, 0x0, 0x5, 0x8}}, {0x0, 0x13}}}, 0xa0) sendfile(r0, r0, &(0x7f0000000080), 0x7f03) [ 102.0[ 101.881024][ T4652] Bluetooth: hci0: command tx timeout [ 101.922759][ T1028] ata1.00: Read log 0x10 page 0x00 failed, Emask 0x1 [ 101.925939][ T1028] ata1: failed to read log page 10h (errno=-5) [ 101.928635][ T1028] ata1.00: exception Emask 0x1 SAct 0x4000 SErr 0x0 action 0x0 [ 101.933060][ T1028] ata1.00: irq_stat 0x41000000 [ 101.935218][ T1028] ata1.00: failed command: WRITE FPDMA QUEUED [ 101.937896][ T1028] ata1.00: cmd 61/70:70:66:20:08/04:00:00:00:00/40 tag 14 ncq dma 581632 out [ 101.937896][ T1028] res 50/04:00:00:00:00/00:00:00:00:00/00 Emask 0x1 (device error) [ 101.973686][ T5330] loop0: detected capacity change from 0 to 2048 [ 101.980097][ T1028] ata1.00: status: { DRDY } [ 101.989649][ T1028] ata1.00: error: { ABRT } [ 101.993705][ T1028] ata1.00: configured for UDMA/100 [ 102.002141][ T1028] ata1: EH complete [ 102.190887][ T5330] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 102.256881][ T25] audit: type=1800 audit(1778483144.209:2): pid=5330 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 102.281743][ T1078] ------------[ cut here ]------------ [ 102.284652][ T1078] kernel BUG at fs/ext4/inode.c:2826! [ 102.305098][ T1078] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 102.307990][ T1078] CPU: 0 UID: 0 PID: 1078 Comm: kworker/u4:8 Not tainted syzkaller #0 PREEMPT(full) [ 102.312138][ T1078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 102.316487][ T1078] Workqueue: writeback wb_workfn (flush-7:0) [ 102.319201][ T1078] RIP: 0010:ext4_do_writepages+0x465f/0x4670 [ 102.321843][ T1078] Code: c6 60 64 e4 8b e8 51 4a 9f fe 90 0f 0b e8 09 0d 3d ff 4c 89 f7 48 c7 c6 40 69 e4 8b e8 3a 4a 9f fe 90 0f 0b e8 f2 0c 3d ff 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 102.330110][ T1078] RSP: 0018:ffffc90001566c80 EFLAGS: 00010293 [ 102.332745][ T1078] RAX: ffffffff8288c44e RBX: 0000004a10000000 RCX: ffff888033542500 [ 102.336173][ T1078] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 102.339609][ T1078] RBP: ffffc90001567090 R08: ffff888046dd09b7 R09: 1ffff11008dba136 [ 102.343818][ T1078] R10: dffffc0000000000 R11: ffffed1008dba137 R12: dffffc0000000000 [ 102.347350][ T1078] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110024190c5 [ 102.350870][ T1078] FS: 0000000000000000(0000) GS:ffff88808c881000(0000) knlGS:0000000000000000 [ 102.354691][ T1078] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 102.357608][ T1078] CR2: 00007f467d0d1140 CR3: 00000000487f5000 CR4: 0000000000352ef0 [ 102.361006][ T1078] Call Trace: [ 102.362522][ T1078] [ 102.363843][ T1078] ? blk_mq_submit_bio+0x1acf/0x28e0 [ 102.366242][ T1078] ? __lock_acquire+0x6b5/0x2cf0 [ 102.368388][ T1078] ? __lock_acquire+0x6b5/0x2cf0 [ 102.370535][ T1078] ? look_up_lock_class+0x57/0x110 [ 102.372801][ T1078] ? register_lock_class+0x31/0x2e0 [ 102.375095][ T1078] ? __pfx_ext4_do_writepages+0x10/0x10 [ 102.377566][ T1078] ? __lock_acquire+0x6b5/0x2cf0 [ 102.379708][ T1078] ? filemap_get_folios_tag+0x118/0x720 [ 102.382069][ T1078] ? filemap_get_folios_tag+0x61c/0x720 [ 102.384459][ T1078] ? filemap_get_folios_tag+0x118/0x720 [ 102.386845][ T1078] ? ext4_writepages+0x205/0x3b0 [ 102.389031][ T1078] ? ext4_writepages+0x205/0x3b0 [ 102.391175][ T1078] ext4_writepages+0x241/0x3b0 [ 102.393428][ T1078] ? __pfx_ext4_writepages+0x10/0x10 [ 102.395786][ T1078] ? do_raw_spin_unlock+0x4d/0x210 [ 102.398014][ T1078] ? __pfx_ext4_writepages+0x10/0x10 [ 102.400305][ T1078] do_writepages+0x32e/0x550 [ 102.402175][ T1078] ? reacquire_held_locks+0x104/0x190 [ 102.404325][ T1078] ? writeback_sb_inodes+0x463/0x19d0 [ 102.406494][ T1078] __writeback_single_inode+0x133/0x10e0 [ 102.409060][ T1078] ? do_raw_spin_unlock+0x4d/0x210 [ 102.411381][ T1078] writeback_sb_inodes+0x979/0x19d0 [ 102.413830][ T1078] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 102.416372][ T1078] ? __pfx_down_read_trylock+0x10/0x10 [ 102.418837][ T1078] ? __pfx___up_read+0x10/0x10 [ 102.420960][ T1078] __writeback_inodes_wb+0x111/0x240 [ 102.423262][ T1078] wb_writeback+0x459/0xb00 [ 102.425346][ T1078] ? queue_io+0x1e1/0x470 [ 102.427188][ T1078] ? __pfx_wb_writeback+0x10/0x10 [ 102.429237][ T1078] ? do_raw_spin_lock+0x12b/0x2f0 [ 102.431268][ T1078] wb_workfn+0x921/0xf10 [ 102.433005][ T1078] ? __lock_acquire+0x6b5/0x2cf0 [ 102.435178][ T1078] ? look_up_lock_class+0x57/0x110 [ 102.437649][ T1078] ? __pfx_wb_workfn+0x10/0x10 [ 102.439831][ T1078] ? do_raw_spin_lock+0x12b/0x2f0 [ 102.442022][ T1078] ? lock_acquire+0x106/0x350 [ 102.444136][ T1078] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 102.446708][ T1078] ? process_scheduled_works+0xa70/0x1860 [ 102.449173][ T1078] ? process_scheduled_works+0xa70/0x1860 [ 102.451860][ T1078] ? process_scheduled_works+0xa70/0x1860 [ 102.454408][ T1078] process_scheduled_works+0xb5d/0x1860 [ 102.456851][ T1078] ? __pfx_process_scheduled_works+0x10/0x10 [ 102.459534][ T1078] ? assign_work+0x3d5/0x5e0 [ 102.461741][ T1078] worker_thread+0xa53/0xfc0 [ 102.463782][ T1078] kthread+0x388/0x470 [ 102.465689][ T1078] ? __pfx_worker_thread+0x10/0x10 [ 102.467921][ T1078] ? __pfx_kthread+0x10/0x10 [ 102.470006][ T1078] ret_from_fork+0x514/0xb70 [ 102.472029][ T1078] ? __pfx_ret_from_fork+0x10/0x10 [ 102.474277][ T1078] ? __switch_to+0xc79/0x1410 [ 102.476366][ T1078] ? __pfx_kthread+0x10/0x10 [ 102.478467][ T1078] ret_from_fork_asm+0x1a/0x30 [ 102.480609][ T1078] [ 102.481965][ T1078] Modules linked in: [ 102.485981][ T1078] ---[ end trace 0000000000000000 ]--- [ 102.523633][ T5329] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 102.533632][ T5329] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 16 with error 28 [ 102.540075][ T5329] EXT4-fs (loop0): This should not happen!! Data will be lost [ 102.540075][ T5329] [ 102.545949][ T5329] EXT4-fs (loop0): Total free blocks count 0 [ 102.548711][ T5329] EXT4-fs (loop0): Free/Dirty block details [ 102.552054][ T5329] EXT4-fs (loop0): free_blocks=2415919104 [ 102.554928][ T5329] EXT4-fs (loop0): dirty_blocks=16 [ 102.557378][ T5329] EXT4-fs (loop0): Block reservation details [ 102.560287][ T5329] EXT4-fs (loop0): i_reserved_data_blocks=1