program: r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) write(r1, &(0x7f0000004200)='t', 0x1) r2 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) ftruncate(r2, 0x2007ffb) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f00000007c0)) syz_usb_connect(0x2, 0x3f, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x1, 0x3, 0x33524742, 0x9, 0x9, [{0x2, 0x944}, {0x5, 0x1}, {}, {0xa15, 0x2}, {0x6, 0xe}, {0x8, 0x1}, {0xd, 0x3}, {0x80, 0x9}], 0xc, 0x9, 0x6, 0x1, 0x2}}) syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) (async) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0") (async) openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) (async) openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) (async) write(r1, &(0x7f0000004200)='t', 0x1) (async) open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) (async) ftruncate(r2, 0x2007ffb) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) (async) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, 0x0, 0x0, &(0x7f00000007c0)) (async) syz_usb_connect(0x2, 0x3f, 0x0, 0x0) (async) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x1, 0x3, 0x33524742, 0x9, 0x9, [{0x2, 0x944}, {0x5, 0x1}, {}, {0xa15, 0x2}, {0x6, 0xe}, {0x8, 0x1}, {0xd, 0x3}, {0x80, 0x9}], 0xc, 0x9, 0x6, 0x1, 0x2}}) (async) [ 76.137250][ T4706] Bluetooth: hci0: command tx timeout [ 76.219609][ T5357] loop0: detected capacity change from 0 to 2048 [ 76.269408][ T5357] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 76.349537][ T5356] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 76.379610][ T1316] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.383269][ T1316] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.409122][ T5358] ------------[ cut here ]------------ [ 76.411726][ T5358] kernel BUG at fs/ext4/ext4_jbd2.c:54! [ 76.414474][ T5358] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI [ 76.417357][ T5358] CPU: 0 UID: 0 PID: 5358 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.421187][ T5358] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.425785][ T5358] RIP: 0010:__ext4_journal_stop+0x191/0x1a0 [ 76.428496][ T5358] Code: e8 44 ac 51 ff e9 f8 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 10 ff ff ff e8 9a 96 b6 ff e9 06 ff ff ff e8 20 ac 51 ff 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 76.437027][ T5358] RSP: 0018:ffffc9000d2bf840 EFLAGS: 00010293 [ 76.439624][ T5358] RAX: ffffffff826e0f10 RBX: 0000000000000000 RCX: ffff888000ad4880 [ 76.443158][ T5358] RDX: 0000000000000000 RSI: 000000000000034a RDI: ffffffff8da8b0ea [ 76.446557][ T5358] RBP: ffffc9000d2bf968 R08: ffffffff8fa3a737 R09: 1ffffffff1f474e6 [ 76.449997][ T5358] R10: dffffc0000000000 R11: fffffbfff1f474e7 R12: 0000000000000002 [ 76.453535][ T5358] R13: 000000000000034a R14: ffffffff8da8b0ea R15: ffff888043b20298 [ 76.456943][ T5358] FS: 00007f7d667f56c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 76.460871][ T5358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.464078][ T5358] CR2: 00007f7d667b3d58 CR3: 000000003f3f0000 CR4: 0000000000352ef0 [ 76.467718][ T5358] Call Trace: [ 76.469213][ T5358] [ 76.470591][ T5358] ? ext4_write_inline_data_end+0x78c/0xab0 [ 76.473127][ T5358] ext4_write_inline_data_end+0x7a9/0xab0 [ 76.475310][ T5358] ? __pfx_ext4_write_inline_data_end+0x10/0x10 [ 76.477971][ T5358] ? ext4_da_write_end+0x24c/0xcf0 [ 76.480172][ T5358] generic_perform_write+0x62a/0x900 [ 76.482518][ T5358] ? __pfx_generic_perform_write+0x10/0x10 [ 76.485000][ T5358] ? file_modified_flags+0x374/0x560 [ 76.487483][ T5358] ? ext4_write_checks+0x24b/0x2c0 [ 76.489562][ T5358] ext4_buffered_write_iter+0xce/0x3a0 [ 76.491853][ T5358] ext4_file_write_iter+0x298/0x1bc0 [ 76.493947][ T5358] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 76.496437][ T5358] vfs_write+0x5c6/0xb30 [ 76.498655][ T5358] ? __pfx_ext4_file_write_iter+0x10/0x10 [ 76.501215][ T5358] ? __pfx_vfs_write+0x10/0x10 [ 76.503260][ T5358] ? __fget_files+0x2a/0x420 [ 76.505129][ T5358] ksys_write+0x145/0x250 [ 76.506716][ T5358] ? __pfx_ksys_write+0x10/0x10 [ 76.508686][ T5358] ? rcu_is_watching+0x15/0xb0 [ 76.510650][ T5358] ? do_syscall_64+0xbe/0x3b0 [ 76.512786][ T5358] do_syscall_64+0xfa/0x3b0 [ 76.514935][ T5358] ? lockdep_hardirqs_on+0x9c/0x150 [ 76.517117][ T5358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.519982][ T5358] ? clear_bhb_loop+0x60/0xb0 [ 76.522325][ T5358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 76.524873][ T5358] RIP: 0033:0x7f7d6a38ebe9 [ 76.526633][ T5358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 76.534397][ T5358] RSP: 002b:00007f7d667f5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 76.537656][ T5358] RAX: ffffffffffffffda RBX: 00007f7d6a5b6090 RCX: 00007f7d6a38ebe9 [ 76.540995][ T5358] RDX: 0000000000000001 RSI: 0000200000004200 RDI: 0000000000000006 [ 76.544521][ T5358] RBP: 00007f7d6a411e19 R08: 0000000000000000 R09: 0000000000000000 [ 76.547781][ T5358] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 76.551287][ T5358] R13: 00007f7d6a5b6128 R14: 00007f7d6a5b6090 R15: 00007ffee5d7e2e8 [ 76.554703][ T5358] [ 76.556051][ T5358] Modules linked in: [ 76.558391][ T5358] ---[ end trace 0000000000000000 ]--- [ 76.567078][ T5358] RIP: 0010:__ext4_journal_stop+0x191/0x1a0 [ 76.569671][ T5358] Code: e8 44 ac 51 ff e9 f8 fe ff ff 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 10 ff ff ff e8 9a 96 b6 ff e9 06 ff ff ff e8 20 ac 51 ff 90 <0f> 0b 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 90 90 [ 76.578589][ T5358] RSP: 0018:ffffc9000d2bf840 EFLAGS: 00010293 [ 76.581876][ T5358] RAX: ffffffff826e0f10 RBX: 0000000000000000 RCX: ffff888000ad4880 [ 76.586279][ T5358] RDX: 0000000000000000 RSI: 000000000000034a RDI: ffffffff8da8b0ea [ 76.589744][ T5358] RBP: ffffc9000d2bf968 R08: ffffffff8fa3a737 R09: 1ffffffff1f474e6 [ 76.593455][ T5358] R10: dffffc0000000000 R11: fffffbfff1f474e7 R12: 0000000000000002 [ 76.597846][ T5358] R13: 000000000000034a R14: ffffffff8da8b0ea R15: ffff888043b20298 [ 76.601874][ T5358] FS: 00007f7d667f56c0(0000) GS:ffff88808d210000(0000) knlGS:0000000000000000 [ 76.606472][ T5358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.609308][ T5358] CR2: 0000000000000000 CR3: 000000003f3f0000 CR4: 0000000000352ef0 [ 76.612973][ T5358] Kernel panic - not syncing: Fatal exception [ 76.615854][ T5358] Kernel Offset: disabled [ 76.617727][ T5358] Rebooting in 86400 seconds..