program: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f00000002c0)='mmap_lock_acquire_returned\x00', r0, 0x0, 0x9}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x200000, @empty, 0x1}, 0x1c) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MTU={0x8, 0x4, 0x3ff}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0) listen(r2, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r4, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r5 = socket(0x2a, 0x2, 0x0) getsockname$packet(r5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) r7 = syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000002c0)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") r8 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x105042, 0x1c3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r8, 0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2cab03, 0x189) fallocate(r9, 0x20, 0x0, 0x8000) writev(r8, &(0x7f0000000580)=[{&(0x7f0000000440)="dd", 0x1}], 0x1) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x34, 0x24, 0xf0b, 0x4, 0x25dfdbfe, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x4}}]}, 0x34}}, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sync_file_range(r7, 0xffffffff, 0x7, 0x2) sendmmsg(r10, &(0x7f00000002c0), 0x40000000000009f, 0x0) r11 = dup(r4) write$6lowpan_enable(r11, &(0x7f0000000000)='0', 0xfffffd2c) [ 75.787649][ T4687] Bluetooth: hci0: command tx timeout [ 75.924792][ T5340] loop0: detected capacity change from 0 to 1024 [ 75.954555][ T5340] ======================================================= [ 75.954555][ T5340] WARNING: The mand mount option has been deprecated and [ 75.954555][ T5340] and is ignored by this kernel. Remove the mand [ 75.954555][ T5340] option from the mount to silence this warning. [ 75.954555][ T5340] ======================================================= [ 76.084742][ T5340] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 76.134283][ T5340] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.159709][ T25] audit: type=1800 audit(1767544168.633:2): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 76.175426][ T5340] EXT4-fs error (device loop0): ext4_map_blocks:825: inode #15: comm syz.0.0: lblock 0 mapped to illegal pblock 0 (length 1) [ 76.181644][ T25] audit: type=1800 audit(1767544168.653:3): pid=5340 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.0" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 76.191630][ T5340] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 76.198698][ T5344] EXT4-fs error (device loop0): ext4_validate_block_bitmap:441: comm ext4lazyinit: bg 0: block 112: padding at end of block bitmap is not set [ 76.209684][ T1313] ieee802154 phy0 wpan0: encryption failed: -22 [ 76.212135][ T1313] ieee802154 phy1 wpan1: encryption failed: -22 [ 76.217128][ T5340] EXT4-fs (loop0): This should not happen!! Data will be lost [ 76.217128][ T5340] [ 76.226270][ T5339] ------------[ cut here ]------------ [ 76.228554][ T5339] WARNING: mm/page-writeback.c:2710 at __folio_mark_dirty+0x202/0xe10, CPU#0: syz.0.0/5339 [ 76.232777][ T5339] Modules linked in: [ 76.234755][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.238473][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.243007][ T5339] RIP: 0010:__folio_mark_dirty+0x202/0xe10 [ 76.245579][ T5339] Code: 3c 20 00 74 08 48 89 df e8 fb ce 2a 00 4c 8b 33 4c 89 f6 48 83 e6 08 31 ff e8 2a 29 c3 ff 49 83 e6 08 75 20 e8 3f 24 c3 ff 90 <0f> 0b 90 eb 1a e8 34 24 c3 ff 48 8b 2c 24 e9 5d 07 00 00 e8 26 24 [ 76.254131][ T5339] RSP: 0000:ffffc9000a567968 EFLAGS: 00010093 [ 76.256773][ T5339] RAX: ffffffff81fde321 RBX: ffffea00008c5080 RCX: ffff88801fa224c0 [ 76.260238][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.263640][ T5339] RBP: ffff8880121b8e58 R08: ffffea00008c5087 R09: 1ffffd4000118a10 [ 76.267095][ T5339] R10: dffffc0000000000 R11: fffff94000118a11 R12: dffffc0000000000 [ 76.270503][ T5339] R13: ffff8880121b8e60 R14: 0000000000000000 R15: 0000000000000001 [ 76.273727][ T5339] FS: 0000555590859500(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000 [ 76.277052][ T5339] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 76.279780][ T5339] CR2: 00002000000002c0 CR3: 00000000410ef000 CR4: 0000000000352ef0 [ 76.282777][ T5339] Call Trace: [ 76.284167][ T5339] [ 76.285548][ T5339] ? do_raw_spin_unlock+0x4d/0x240 [ 76.287713][ T5339] block_dirty_folio+0x17a/0x1d0 [ 76.290047][ T5339] fault_dirty_shared_page+0x103/0x550 [ 76.292508][ T5339] do_wp_page+0x26ec/0x5810 [ 76.294851][ T5339] ? ___pte_offset_map+0x29/0x240 [ 76.297164][ T5339] ? __pfx_do_wp_page+0x10/0x10 [ 76.299511][ T5339] ? do_raw_spin_lock+0x121/0x290 [ 76.301540][ T5339] ? handle_mm_fault+0x1411/0x32b0 [ 76.303614][ T5339] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 76.305890][ T5339] handle_mm_fault+0x14c5/0x32b0 [ 76.308114][ T5339] ? handle_mm_fault+0xdb/0x32b0 [ 76.310296][ T5339] ? __pfx_handle_mm_fault+0x10/0x10 [ 76.312555][ T5339] ? lock_vma_under_rcu+0x42c/0x4a0 [ 76.314902][ T5339] ? __pfx_do_futex+0x10/0x10 [ 76.316946][ T5339] do_user_addr_fault+0xa7c/0x1380 [ 76.319128][ T5339] ? rcu_is_watching+0x15/0xb0 [ 76.321251][ T5339] ? trace_page_fault_user+0x84/0x1c0 [ 76.323558][ T5339] exc_page_fault+0x71/0xd0 [ 76.325610][ T5339] asm_exc_page_fault+0x26/0x30 [ 76.327742][ T5339] RIP: 0033:0x7f958f465619 [ 76.329706][ T5339] Code: ff ff ff 01 64 48 8b 04 25 00 00 00 00 48 8d b8 c8 fe ff ff e8 f8 5f 0c 00 85 c0 75 10 48 8b 44 24 68 48 8b b4 24 98 00 00 00 <48> 89 30 64 f0 83 2c 25 90 ff ff ff 01 48 8b 84 24 80 00 00 00 48 [ 76.338111][ T5339] RSP: 002b:00007ffdc84d9800 EFLAGS: 00010246 [ 76.340767][ T5339] RAX: 00002000000002c0 RBX: 0000000000000002 RCX: ffffe00000000000 [ 76.344157][ T5339] RDX: 2d1624217c061348 RSI: 0000000000000000 RDI: 00005555908593c8 [ 76.347609][ T5339] RBP: 00007f958f7e7da0 R08: 00007f958f3ff02c R09: 000000000000000f [ 76.351015][ T5339] R10: 0000000000000001 R11: 0000000000000006 R12: 00007f958f7e5fac [ 76.354377][ T5339] R13: 00007ffdc84d98f0 R14: fffffffffffffffe R15: 00007ffdc84d9910 [ 76.357749][ T5339] [ 76.359150][ T5339] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 76.362315][ T5339] CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) [ 76.366227][ T5339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 76.370896][ T5339] Call Trace: [ 76.372344][ T5339] [ 76.373642][ T5339] vpanic+0x1e0/0x670 [ 76.375399][ T5339] panic+0xb9/0xc0 [ 76.377009][ T5339] ? __pfx_panic+0x10/0x10 [ 76.378975][ T5339] __warn+0x317/0x4b0 [ 76.380817][ T5339] ? __folio_mark_dirty+0x202/0xe10 [ 76.383065][ T5339] ? __folio_mark_dirty+0x202/0xe10 [ 76.385561][ T5339] __report_bug+0x288/0x500 [ 76.387658][ T5339] ? check_path+0x21/0x40 [ 76.389443][ T5339] ? check_noncircular+0xda/0x150 [ 76.391643][ T5339] ? __folio_mark_dirty+0x202/0xe10 [ 76.393839][ T5339] ? __pfx___report_bug+0x10/0x10 [ 76.396246][ T5339] ? lockdep_unlock+0x6c/0xf0 [ 76.398533][ T5339] ? __lock_acquire+0x146f/0x2cf0 [ 76.400860][ T5339] ? __folio_mark_dirty+0x202/0xe10 [ 76.403315][ T5339] report_bug+0x16a/0x220 [ 76.405437][ T5339] ? __folio_mark_dirty+0x202/0xe10 [ 76.407953][ T5339] ? __folio_mark_dirty+0x204/0xe10 [ 76.410551][ T5339] handle_bug+0x98/0x200 [ 76.412672][ T5339] exc_invalid_op+0x1a/0x50 [ 76.414781][ T5339] asm_exc_invalid_op+0x1a/0x20 [ 76.416829][ T5339] RIP: 0010:__folio_mark_dirty+0x202/0xe10 [ 76.419482][ T5339] Code: 3c 20 00 74 08 48 89 df e8 fb ce 2a 00 4c 8b 33 4c 89 f6 48 83 e6 08 31 ff e8 2a 29 c3 ff 49 83 e6 08 75 20 e8 3f 24 c3 ff 90 <0f> 0b 90 eb 1a e8 34 24 c3 ff 48 8b 2c 24 e9 5d 07 00 00 e8 26 24 [ 76.428071][ T5339] RSP: 0000:ffffc9000a567968 EFLAGS: 00010093 [ 76.430605][ T5339] RAX: ffffffff81fde321 RBX: ffffea00008c5080 RCX: ffff88801fa224c0 [ 76.433820][ T5339] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 76.436954][ T5339] RBP: ffff8880121b8e58 R08: ffffea00008c5087 R09: 1ffffd4000118a10 [ 76.439913][ T5339] R10: dffffc0000000000 R11: fffff94000118a11 R12: dffffc0000000000 [ 76.442929][ T5339] R13: ffff8880121b8e60 R14: 0000000000000000 R15: 0000000000000001 [ 76.446319][ T5339] ? __folio_mark_dirty+0x201/0xe10 [ 76.448717][ T5339] ? __folio_mark_dirty+0x201/0xe10 [ 76.451036][ T5339] ? do_raw_spin_unlock+0x4d/0x240 [ 76.453272][ T5339] block_dirty_folio+0x17a/0x1d0 [ 76.455385][ T5339] fault_dirty_shared_page+0x103/0x550 [ 76.457751][ T5339] do_wp_page+0x26ec/0x5810 [ 76.459757][ T5339] ? ___pte_offset_map+0x29/0x240 [ 76.461803][ T5339] ? __pfx_do_wp_page+0x10/0x10 [ 76.463937][ T5339] ? do_raw_spin_lock+0x121/0x290 [ 76.466242][ T5339] ? handle_mm_fault+0x1411/0x32b0 [ 76.468587][ T5339] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 76.471149][ T5339] handle_mm_fault+0x14c5/0x32b0 [ 76.473480][ T5339] ? handle_mm_fault+0xdb/0x32b0 [ 76.475650][ T5339] ? __pfx_handle_mm_fault+0x10/0x10 [ 76.477937][ T5339] ? lock_vma_under_rcu+0x42c/0x4a0 [ 76.480117][ T5339] ? __pfx_do_futex+0x10/0x10 [ 76.482099][ T5339] do_user_addr_fault+0xa7c/0x1380 [ 76.484226][ T5339] ? rcu_is_watching+0x15/0xb0 [ 76.486356][ T5339] ? trace_page_fault_user+0x84/0x1c0 [ 76.488639][ T5339] exc_page_fault+0x71/0xd0 [ 76.490655][ T5339] asm_exc_page_fault+0x26/0x30 [ 76.492848][ T5339] RIP: 0033:0x7f958f465619 [ 76.494889][ T5339] Code: ff ff ff 01 64 48 8b 04 25 00 00 00 00 48 8d b8 c8 fe ff ff e8 f8 5f 0c 00 85 c0 75 10 48 8b 44 24 68 48 8b b4 24 98 00 00 00 <48> 89 30 64 f0 83 2c 25 90 ff ff ff 01 48 8b 84 24 80 00 00 00 48 [ 76.504287][ T5339] RSP: 002b:00007ffdc84d9800 EFLAGS: 00010246 [ 76.507071][ T5339] RAX: 00002000000002c0 RBX: 0000000000000002 RCX: ffffe00000000000 [ 76.510694][ T5339] RDX: 2d1624217c061348 RSI: 0000000000000000 RDI: 00005555908593c8 [ 76.514309][ T5339] RBP: 00007f958f7e7da0 R08: 00007f958f3ff02c R09: 000000000000000f [ 76.517900][ T5339] R10: 0000000000000001 R11: 0000000000000006 R12: 00007f958f7e5fac [ 76.521363][ T5339] R13: 00007ffdc84d98f0 R14: fffffffffffffffe R15: 00007ffdc84d9910 [ 76.524891][ T5339] [ 76.526648][ T5339] Kernel Offset: disabled [ 76.528511][ T5339] Rebooting in 86400 seconds..