program: syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x41, 0x0) write$binfmt_aout(r0, &(0x7f0000000300)=ANY=[], 0xff2e) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0xfe, "0062ba7d82000000160000000000f738096304"}) r1 = syz_open_pts(r0, 0x80) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file1\x00', 0x400, &(0x7f0000000180), 0x2, 0x786, &(0x7f0000000f80)="$eJzs3c9rHGUfAPDvbLNJ37Tv27zwwms9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQkCLCF4EFQ+CXnq2Wm9e/XHVP8C7B2mpmhYjHiQym9102+ymmzSbbdnPByZ5npnZfOc7z8w8T3aG3QD61mj6IxNxOCI+SCIO1ecnEZGtlQYiTq6vt7qyXEinJNbWXvstqa1ze2W5EE2vSR2oVx6LiO/ejTiS2Ry3srg0ky+VivP1+nh19sJ4ZXHp6PnZ/HRxujh3fGJy8tiJZ08c371c//hx6eCND19+6suTf73z/2vvf5/EyThYX9acx24ZjdH6Psmmu/AuL8Vbux2up5JebwA7kp6a+9bP8jicpOWBXm8SANBl6Sh0DQDoM4n+HwD6TON9gNsry4XG1Nt3JPbWzRcjYv96/o37m+tLBur37PbX7oMO307uujOSRMTILsQfjYjPvn7jajpFl+5DArTy9uWIODsyuvn6n2x6ZmG7nu5gndF76hvxf8o+YHTgfr5Jxz/PtRr/ZTbGP9Fi/DPU4tzdibbn/4bM9V0I01Y6/nuh6dm21ab860b21Wv/ro35ssm586Viem37T0SMRXYorU9sEWPs1t+32i1rHv/9/tGbn6fx09931shcHxi6+zVT+Wr+QXJudvNyxOMDrfJPNto/aTP+Pd1hjFeef+/TdsvS/NN8G9Pm/Ltr7UrEky3b/84TbcmWzyeO1w6H8cZB0cJXP38y3C5+c/un0+rK8loScXX3M20tbf/hrfMfSZqf16xsP8YPVw59225Zi/wLjf+F1rU+/geT12vlwfq8S/lqdX4iYjB5dfP8Y3de26g31k/zH3ui9fm/1fGfjk7Odpj/wI1fv9h5/t2V5j+1rfbffuHa6sy+dvE7a//JWmmsPqeT61+nG/gg+w4AAAAAAAAAAAAAAAAAAAAAAAAAOpWJiIORZHIb5Uwml1v/Du//xXCmVK5Uj5wrL8xNRe27skcim2l81OWhps9Dnah/Hn6jfuye+jMR8d+I+HjoX7V6rlAuTfU6eQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACoO9Dm+/9Tvwz1eusAgK7Z3+sNAAD2nP4fAPqP/h8A+o/+HwD6j/4fAPqP/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAuO33qVDqt/bmyXEjrUxcXF2bKF49OFSszudmFQq5Qnr+Qmy6Xp0vFXKE8e7+/VyqXL0zG3MKl8WqxUh2vLC6dmS0vzFXPnJ/NTxfPFLN7khUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbE9lcWkmXyoV5xUegcJAvdUelu3ZUSHTSGKvgg52K4uHYGd2r9DDixIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAI+SfAAAA///WoyFe") r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0) pwrite64(r2, &(0x7f0000000140)='2', 0x1, 0x8000c61) r3 = open(&(0x7f0000000200)='./file1\x00', 0x4a07e, 0xdc) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, r3, 0x5000) r4 = dup3(r1, r0, 0x80000) read(r4, &(0x7f0000000100)=""/213, 0xd5) [ 85.064598][ T4653] Bluetooth: hci0: command tx timeout [ 85.416399][ T5311] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 85.581118][ T5311] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 85.584824][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.588384][ T5311] usb 5-1: Product: syz [ 85.590596][ T5311] usb 5-1: Manufacturer: syz [ 85.592775][ T5311] usb 5-1: SerialNumber: syz [ 85.600600][ T5311] usb 5-1: config 0 descriptor?? [ 85.623957][ T5311] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 85.951950][ T5326] loop0: detected capacity change from 0 to 2048 [ 86.067121][ T5326] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 86.139800][ T5311] gspca_sunplus: reg_r err -110 [ 86.182368][ T30] ------------[ cut here ]------------ [ 86.185084][ T30] kernel BUG at fs/ext4/inode.c:2826! [ 86.222589][ T30] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 86.225283][ T30] CPU: 0 UID: 0 PID: 30 Comm: kworker/u4:2 Not tainted syzkaller #0 PREEMPT(full) [ 86.229338][ T30] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 86.233643][ T30] Workqueue: writeback wb_workfn (flush-7:0) [ 86.236325][ T30] RIP: 0010:ext4_do_writepages+0x465f/0x4670 [ 86.238979][ T30] Code: c6 60 64 e4 8b e8 71 47 9f fe 90 0f 0b e8 e9 0c 3d ff 4c 89 f7 48 c7 c6 40 69 e4 8b e8 5a 47 9f fe 90 0f 0b e8 d2 0c 3d ff 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 86.247093][ T30] RSP: 0018:ffffc90000386c80 EFLAGS: 00010293 [ 86.249788][ T30] RAX: ffffffff8288c6fe RBX: 0000004210000000 RCX: ffff88801f1b2500 [ 86.253305][ T30] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 86.256854][ T30] RBP: ffffc90000387090 R08: ffff8880470189b7 R09: 1ffff11008e03136 [ 86.260364][ T30] R10: dffffc0000000000 R11: ffffed1008e03137 R12: dffffc0000000000 [ 86.263854][ T30] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110083a6cc5 [ 86.267364][ T30] FS: 0000000000000000(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000 [ 86.271220][ T30] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.274055][ T30] CR2: 00007fefd8c9c140 CR3: 0000000036d11000 CR4: 0000000000352ef0 [ 86.277498][ T30] Call Trace: [ 86.278942][ T30] [ 86.280241][ T30] ? lockdep_unlock+0x5d/0xd0 [ 86.282274][ T30] ? __lock_acquire+0x146e/0x2cf0 [ 86.284416][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 86.286485][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 86.288372][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 86.290077][ T30] ? unwind_next_frame+0xa6/0x2550 [ 86.291852][ T30] ? __pfx_ext4_do_writepages+0x10/0x10 [ 86.293729][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 86.295524][ T30] ? unwind_next_frame+0xa6/0x2550 [ 86.297360][ T30] ? unwind_next_frame+0xa6/0x2550 [ 86.299269][ T30] ? unwind_next_frame+0xa6/0x2550 [ 86.301294][ T30] ? ext4_writepages+0x205/0x3b0 [ 86.303407][ T30] ? ext4_writepages+0x205/0x3b0 [ 86.305629][ T30] ext4_writepages+0x241/0x3b0 [ 86.307655][ T30] ? __pfx_ext4_writepages+0x10/0x10 [ 86.309880][ T30] ? stack_trace_save+0xa9/0x100 [ 86.312084][ T30] ? kasan_save_stack+0x4d/0x60 [ 86.314224][ T30] ? kasan_record_aux_stack+0xbd/0xd0 [ 86.316438][ T30] ? call_rcu+0xee/0x890 [ 86.318309][ T30] ? kmem_cache_free+0x462/0x650 [ 86.320445][ T30] ? mempool_free+0xec/0x130 [ 86.322502][ T30] ? blk_update_request+0x57e/0xe60 [ 86.324719][ T30] ? __pfx_ext4_writepages+0x10/0x10 [ 86.326910][ T30] do_writepages+0x32e/0x550 [ 86.328849][ T30] ? reacquire_held_locks+0x104/0x190 [ 86.331162][ T30] ? writeback_sb_inodes+0x463/0x19d0 [ 86.333683][ T30] __writeback_single_inode+0x133/0x10e0 [ 86.336170][ T30] ? do_raw_spin_unlock+0x4d/0x210 [ 86.338514][ T30] writeback_sb_inodes+0x979/0x19d0 [ 86.340681][ T30] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 86.343072][ T30] ? __pfx_down_read_trylock+0x10/0x10 [ 86.345532][ T30] ? __pfx_move_expired_inodes+0x10/0x10 [ 86.348186][ T30] __writeback_inodes_wb+0x111/0x240 [ 86.350974][ T30] wb_writeback+0x459/0xb00 [ 86.353509][ T30] ? queue_io+0x221/0x470 [ 86.355880][ T30] ? __pfx_wb_writeback+0x10/0x10 [ 86.358131][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 86.360426][ T30] wb_workfn+0x921/0xf10 [ 86.362330][ T30] ? __lock_acquire+0x6b5/0x2cf0 [ 86.364533][ T30] ? look_up_lock_class+0x57/0x110 [ 86.366819][ T30] ? __pfx_wb_workfn+0x10/0x10 [ 86.368811][ T30] ? do_raw_spin_lock+0x12b/0x2f0 [ 86.370700][ T30] ? lock_acquire+0x106/0x350 [ 86.372565][ T30] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 86.374829][ T30] ? process_scheduled_works+0xa70/0x1860 [ 86.377387][ T30] ? process_scheduled_works+0xa70/0x1860 [ 86.379925][ T30] ? process_scheduled_works+0xa70/0x1860 [ 86.382329][ T30] process_scheduled_works+0xb5d/0x1860 [ 86.384616][ T30] ? __pfx_process_scheduled_works+0x10/0x10 [ 86.387264][ T30] ? assign_work+0x3d5/0x5e0 [ 86.389338][ T30] worker_thread+0xa53/0xfc0 [ 86.391446][ T30] kthread+0x389/0x470 [ 86.393271][ T30] ? __pfx_worker_thread+0x10/0x10 [ 86.395544][ T30] ? __pfx_kthread+0x10/0x10 [ 86.397614][ T30] ret_from_fork+0x514/0xb70 [ 86.399616][ T30] ? __pfx_ret_from_fork+0x10/0x10 [ 86.401882][ T30] ? __switch_to+0xc79/0x1410 [ 86.403981][ T30] ? __pfx_kthread+0x10/0x10 [ 86.406039][ T30] ret_from_fork_asm+0x1a/0x30 [ 86.408191][ T30] [ 86.409580][ T30] Modules linked in: [ 86.411830][ T30] ---[ end trace 0000000000000000 ]--- [ 86.424345][ T5334] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 86.435934][ T5334] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 86.451228][ T5334] EXT4-fs (loop0): This should not happen!! Data will be lost [ 86.451228][ T5334] [ 86.487535][ T5334] EXT4-fs (loop0): Total free blocks count 0 [ 86.510906][ T5334] EXT4-fs (loop0): Free/Dirty block details [ 86.530324][ T5334] EXT4-fs (loop0): free_blocks=4096 [ 86.545443][ T5334] EXT4-fs (loop0): dirty_blocks=32 [ 86.555036][ T5334] EXT4-fs (loop0): Block reservation details [ 86.568364][ T5334] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 86.629434][ T30] RIP: 0010:ext4_do_writepages+0x465f/0x4670 [ 86.640706][ T5323] usb 5-1: USB disconnect, device number 2 [ 86.653666][ T30] Code: c6 60 64 e4 8b e8 71 47 9f fe 90 0f 0b e8 e9 0c 3d ff 4c 89 f7 48 c7 c6 40 69 e4 8b e8 5a 47 9f fe 90 0f 0b e8 d2 0c 3d ff 90 <0f> 0b 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 [ 86.662938][ T30] RSP: 0018:ffffc90000386c80 EFLAGS: 00010293 [ 86.665315][ T30] RAX: ffffffff8288c6fe RBX: 0000004210000000 RCX: ffff88801f1b2500 [ 86.668858][ T30] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000 [ 86.672039][ T30] RBP: ffffc90000387090 R08: ffff8880470189b7 R09: 1ffff11008e03136 [ 86.675238][ T30] R10: dffffc0000000000 R11: ffffed1008e03137 R12: dffffc0000000000 [ 86.679015][ T30] R13: 0000000000000001 R14: 0000004000000000 R15: 1ffff110083a6cc5 [ 86.683282][ T30] FS: 0000000000000000(0000) GS:ffff88808c87f000(0000) knlGS:0000000000000000 [ 86.687904][ T30] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.691016][ T30] CR2: 00007ffc43e3957f CR3: 00000000122f1000 CR4: 0000000000352ef0 [ 86.694762][ T30] Kernel panic - not syncing: Fatal exception [ 86.697689][ T30] Kernel Offset: disabled [ 86.699534][ T30] Rebooting in 86400 seconds..