program:
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x0, &(0x7f0000000280), 0x1, 0x792, &(0x7f0000001a40)="$eJzs3ctrXFUYAPDvTl5NWk0EQesqINhA6cTU2Cq4qLgQwUJB17ZhMg01k0zJTEoTAraI4EZQcSHopmsfdefWx1b/CxdSKZoWKy4kciczybSZSSdpZiaQ3w9O5pz7yDnfnPs4d+5lJoADazT9k4k4GhEfJxHD1elJRPRVcr0RZ9aXu7e6kktTEmtrb/2ZVJa5u7qSi7p1Uoerhacj4qcPIo5nttZbWlqenSoU8gvV8nh57vJ4aWn5xKW5qZn8TH7+1MTk5MnTL54+tXex/v3r8pE/Pnn92Ldn/n3/qZsf/ZzEmThSnVcfx14ZjdHqe9KXvoX3eW2vK+uypNsNYFfSXbNnfS+PozEcPZVcE4Ob2YnljjQPAGiD9yJiDQA4YBLnfwA4YGqfA9xdXcnVUnc/keis269GxKH1+Gv3N9fn9Fbv2R2q3Acdupvcd2ckiYiRPah/NCK+/P6dr9MU1X5wLw3ohGvXI+LCyOjW43+y5ZmFnXp+u5lrA5WX0QcmH7TzD3TTD+n456VG47/MxvgnGox/Bhrsu7vx8P0/c2sPqmkqHf+9Uvds2726+KtGeqqlxypjvr7k4qVCPj22PR4RY9E3kJYnKos2HrmN3fnvTrP668d/f3367ldp/enr5hKZW70D968zPVWeetS4a25fj3imt1H8yUb/J03Gv+darOONlz/8otm8NP403lraGn97rd2IeK5h/2/2ZbLt84njlc1hvLZRNPDdb58PNat/9Fj/Rv+nKa2/di3QCWn/D20f/0hS/7xmaed1/HJj+Mdm8+q3/8bxN97++5O3K/n+6rSrU+XywkREf/Lm1uknN9etlWvLp/GPPdt4/1+vtvH2n14TXmgx/t7e+Gb38bdXGv/0jvp/55mb92Z7mtXfWv9PVnJj1SmtHP9abeCjvHcAAAAAAAAAAAAAAAAAAAAAAAAA0KpMRByJJJPdyGcy2ez6b3g/GUOZQrFUPn6xuDg/HZXfyh6Jvkztqy6H674PdaL6ffi18skHyi9ExBMR8dnAYKWczRUL090OHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACqDjf5/f/U7wPdbh0A0DaHut0AAKDjnP8B4ODZ2fl/sG3tAAA6x/U/ABw8LZ//L7S3HQBA57j+BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM3OnT2bprV/VldyaXn6ytLibPHKiel8aTY7t5jL5ooLl7MzxeJMIZ/NFeea/qNr6y+FYvHyZMwvXh0v50vl8dLS8vm54uJ8+fyluamZ/Pl8X8ciAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDWlZaWZ6cKhfyCzLaZwf3RjH2T6Y190QyZh2QyEbG71euPEoPdO0ABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7HP/BwAA///F9Cf0")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0) (async)
openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x141842, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0) (async)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x1c1002, 0x0)
write(r0, &(0x7f0000004200)='t', 0x1)
r1 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000100)) (async)
io_setup(0x202, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x20000000000002c9, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r1, &(0x7f0000000000), 0x4000}])
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) (async)
preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r4 = open(&(0x7f0000000000)='./bus\x00', 0x185302, 0x2f)
ftruncate(r4, 0x2007ffb)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r4, 0x0)

[   75.206948][ T5315] Bluetooth: hci0: command tx timeout
[   75.282486][ T5334] loop0: detected capacity change from 0 to 2048
[   75.357391][ T5334] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   75.449542][ T5335] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   76.074590][ T5333] ------------[ cut here ]------------
[   76.077427][ T5333] kernel BUG at fs/ext4/inode.c:2748!
[   76.083981][ T5333] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   76.086695][ T5333] CPU: 0 UID: 0 PID: 5333 Comm: syz.0.0 Not tainted 6.16.0-rc6-syzkaller-00002-g155a3c003e55 #0 PREEMPT(full) 
[   76.091582][ T5333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.096268][ T5333] RIP: 0010:ext4_do_writepages+0x3f2b/0x3f30
[   76.098992][ T5333] Code: c1 0f 8c 2a fd ff ff 4c 89 e7 e8 e0 53 b0 ff e9 1d fd ff ff e8 e6 d3 4c ff 90 0f 0b e8 de d3 4c ff 90 0f 0b e8 d6 d3 4c ff 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66
[   76.107294][ T5333] RSP: 0018:ffffc9000d53f4a0 EFLAGS: 00010293
[   76.110093][ T5333] RAX: ffffffff82735f9a RBX: 0000004a10000000 RCX: ffff888033180000
[   76.114231][ T5333] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
[   76.118074][ T5333] RBP: ffffc9000d53f8b0 R08: ffff888043b089e7 R09: 1ffff1100876113c
[   76.121569][ T5333] R10: dffffc0000000000 R11: ffffed100876113d R12: 0000000000000001
[   76.124945][ T5333] R13: 0000000000400040 R14: 0000004000000000 R15: ffffc9000d53f900
[   76.128367][ T5333] FS:  00005555709c6500(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000
[   76.132291][ T5333] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.135116][ T5333] CR2: 0000200000038000 CR3: 00000000435a3000 CR4: 0000000000352ef0
[   76.138911][ T5333] Call Trace:
[   76.140613][ T5333]  <TASK>
[   76.142010][ T5333]  ? cpuacct_charge+0x117/0x320
[   76.144164][ T5333]  ? kvm_sched_clock_read+0x11/0x20
[   76.146462][ T5333]  ? sched_clock_cpu+0x74/0x430
[   76.148640][ T5333]  ? __lock_acquire+0xab9/0xd20
[   76.150683][ T5333]  ? __pfx_ext4_do_writepages+0x10/0x10
[   76.152961][ T5333]  ? look_up_lock_class+0x74/0x170
[   76.154988][ T5333]  ? register_lock_class+0x51/0x320
[   76.157116][ T5333]  ? __lock_acquire+0xab9/0xd20
[   76.159353][ T5333]  ? rcu_read_lock_any_held+0xb3/0x120
[   76.162075][ T5333]  ext4_writepages+0x205/0x350
[   76.164349][ T5333]  ? __pfx_ext4_writepages+0x10/0x10
[   76.166728][ T5333]  ? do_raw_spin_unlock+0x4d/0x240
[   76.168822][ T5333]  ? __pfx_ext4_writepages+0x10/0x10
[   76.170864][ T5333]  do_writepages+0x32b/0x550
[   76.172569][ T5333]  ? do_raw_spin_unlock+0x4d/0x240
[   76.174707][ T5333]  filemap_flush+0x189/0x220
[   76.176518][ T5333]  ? __pfx_filemap_flush+0x10/0x10
[   76.178690][ T5333]  ? __pfx___might_resched+0x10/0x10
[   76.181002][ T5333]  ? rcu_is_watching+0x15/0xb0
[   76.183208][ T5333]  ext4_release_file+0x82/0x310
[   76.185411][ T5333]  ? __pfx_ext4_release_file+0x10/0x10
[   76.187933][ T5333]  __fput+0x449/0xa70
[   76.189717][ T5333]  task_work_run+0x1d1/0x260
[   76.191711][ T5333]  ? __pfx_task_work_run+0x10/0x10
[   76.194204][ T5333]  ? exit_to_user_mode_loop+0x40/0x110
[   76.196738][ T5333]  exit_to_user_mode_loop+0xec/0x110
[   76.199198][ T5333]  do_syscall_64+0x2bd/0x3b0
[   76.200979][ T5333]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.203181][ T5333]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.205719][ T5333]  ? clear_bhb_loop+0x60/0xb0
[   76.207872][ T5333]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.210607][ T5333] RIP: 0033:0x7f412818e929
[   76.212496][ T5333] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.221329][ T5333] RSP: 002b:00007ffda49017a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[   76.225016][ T5333] RAX: 0000000000000000 RBX: 00007f41283b7ba0 RCX: 00007f412818e929
[   76.228707][ T5333] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[   76.232109][ T5333] RBP: 00007f41283b7ba0 R08: 0000000000000000 R09: 00000010a4901a9f
[   76.235448][ T5333] R10: 00007f41283b7ac0 R11: 0000000000000246 R12: 0000000000012882
[   76.238942][ T5333] R13: 00007ffda49018a0 R14: ffffffffffffffff R15: 00007ffda49018c0
[   76.242376][ T5333]  </TASK>
[   76.243653][ T5333] Modules linked in:
[   76.246057][ T5333] ---[ end trace 0000000000000000 ]---
[   76.437042][ T5333] RIP: 0010:ext4_do_writepages+0x3f2b/0x3f30
[   76.439727][ T5333] Code: c1 0f 8c 2a fd ff ff 4c 89 e7 e8 e0 53 b0 ff e9 1d fd ff ff e8 e6 d3 4c ff 90 0f 0b e8 de d3 4c ff 90 0f 0b e8 d6 d3 4c ff 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66
[   76.456932][ T5333] RSP: 0018:ffffc9000d53f4a0 EFLAGS: 00010293
[   76.466164][ T5333] RAX: ffffffff82735f9a RBX: 0000004a10000000 RCX: ffff888033180000
[   76.476790][ T5333] RDX: 0000000000000000 RSI: 0000004000000000 RDI: 0000000000000000
[   76.480350][ T5333] RBP: ffffc9000d53f8b0 R08: ffff888043b089e7 R09: 1ffff1100876113c
[   76.487249][ T5333] R10: dffffc0000000000 R11: ffffed100876113d R12: 0000000000000001
[   76.490985][ T5333] R13: 0000000000400040 R14: 0000004000000000 R15: ffffc9000d53f900
[   76.504892][ T5333] FS:  00005555709c6500(0000) GS:ffff88808d21b000(0000) knlGS:0000000000000000
[   76.515066][ T5333] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.525265][ T5333] CR2: 0000200000038000 CR3: 00000000435a3000 CR4: 0000000000352ef0
[   76.529269][ T5333] Kernel panic - not syncing: Fatal exception
[   76.532161][ T5333] Kernel Offset: disabled
[   76.534004][ T5333] Rebooting in 86400 seconds..