program:
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000040)={[{@nobarrier}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4b0, &(0x7f0000000b80)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9cmlzduFIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLOzKT5mjhompGc3w9Oc97zTs/zvhmel3Pec05OAJl1NvknFzEYEZ9GxNFGcfMHzjZ+rN2/OZUsuajXL3+TSz+XlFsfbf2/IxGxGhF9EfH04xEv5LbHrS6vzE6Wy6XFZrlYm1soVpdXLlybm5wpzZTmR8YvTkyMD4+NTuxZX2+/9tLtSx882fv+D6/eu/v6Rx8mzRps1m3sx15qdL0njm/YdigiHn0Ywbqg0OxPf7cbwm+SfH9/iYhzaf4fjUL6bQJZUK/X6z/XD7erXq0DB1Y+PQbO5YciorGezw8NNY7h/xoD+XKlWvvv1crS/HTjWPlY9OSvXiuXhpvnCseiJ5eUR9L1B+XRLeWxiPQY+I1Cf1oemqqUp/d3qAO2ONLM//5m/n9faOQ/kBE7n/K3PSkADhBTfpBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yHzLpqUuXkqXeev59+vry0mzl+oXpUnV2aG5pamiqsrgwNFOpzKTP7Mz92v7KlcrCyP9i6UaxVqrWitXllStzlaX52pX0uf4rpZ596RXQieNn7nyei4jV//enS6K3WSdX4WCr13PR7WeQge4odHsAArrG1B9kl3N8YIc/0btJX7uKhb1vC7A/8t1uANA150+5/gdZZf4fssv8P2SXY3zA/D9kj/l/yK7BNu//+tOGd3cNR8SfI+KzQs/h1ru+gIMg/1UuIp8c/58/+s/BrbW9uR/TSwS9EfHyO5ffujFZqy2OJNu/Xd9ee7u5fbQb7Qc61crTVh4DANm1dv/mVGvZz7hfP9a4CWF7/EPNucm+9BrlwFpu070KuT26d2H1VkSc3Cl+rvm+88aVj4G1wrb4J5o/c41dpO09lL43fX/in9oQ/x8b4p/+3b8VyIY7yfgzvFP+5dOcjvX82zz+DO7RvRPtx7/8+vhXaDP+nekwxovvvvJl2/i3Ik7vGL8Vry+NtTV+0rbznYXP3Xvumb+1q6y/19jPTvHXdxARxdrcQrG6vHIh/TtyM6X5kfGLExPjw2OjE8V0jrrYmqne7pGTn9zdrf8DbeLv1v9k278763/89PePnz27S/x/ndv5+z+xS/z+iPhPh/G/G/3i+XZ1SfzpNv3P7xI/2TbWYfzqm094lzgA/IFUl1dmJ8vl0qIVK1asrK90e2QCHrYHSd/tlgAAAAAAAAAAAACd2o/bibvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg+CXAAAA///8zdZA")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x2000000)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r1 = perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9a, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffffffffff83}, 0x200, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8) (async)
pipe(&(0x7f0000019480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
vmsplice(r3, &(0x7f0000000500)=[{&(0x7f00000000c0)="dc", 0x1}, {&(0x7f0000000100)="7681", 0x2}, {&(0x7f0000000480)="eb", 0x1}, {&(0x7f0000000a80)='&', 0x1}, {&(0x7f00000001c0)="ca", 0x1}, {&(0x7f00000011c0)="b4", 0x1}, {&(0x7f0000001440)='4', 0x1}], 0x7, 0x3) (async)
close(r3) (async)
r4 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f0000000300)=0x1, 0x4)
connect$inet(r4, &(0x7f00000006c0)={0x2, 0x0, @empty}, 0x10) (async)
fcntl$dupfd(r1, 0x0, r1)
setsockopt$inet_tcp_TCP_REPAIR(r4, 0x6, 0x13, &(0x7f0000000900)=0xffffffffffffffff, 0x4)
sendmmsg$inet(r4, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001000)=[{&(0x7f0000000780)="92", 0x1}, {&(0x7f0000000940)="a6", 0x1}, {&(0x7f00000009c0)="e3", 0x1}, {&(0x7f0000000b80)='a', 0x1}, {&(0x7f0000000c80)='_', 0x1}], 0x5}}, {{0x0, 0x0, &(0x7f00000013c0)=[{&(0x7f00000008c0)='f', 0x1}, {&(0x7f0000001f40)="2ae0a79f886ac8fd105493a2585ebcaf5142ac47ae6624d854c0126b1229c57735ceeffa23ad416df2d58615e69565387f3847c32160cdd68811ccf2e3e56c2457a07581d6a5bd7d1a756e13c4c86874df9a65e724f9480162cbd8864919a3658311e3738d1a558df6766a845840e4b903d84ed5ae604e47dedf8b5ba991d7b910a80eab67a9f8a77e8e7b893cda1733a543566b27a1178767d1cc01cc9efe17ebad47d8640d0fb3788ddafe8cdcf47cdfa6c4b4c061712fd454cdfd05fe54cc33", 0xc1}, {&(0x7f00000012c0)="74c1", 0x2}, {&(0x7f0000000d80)="dd", 0x1}, {&(0x7f0000001dc0)="81", 0x1}], 0x5}}], 0x2, 0x4008440)
splice(r2, 0x0, r3, 0x0, 0x10500, 0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0) (async)
r5 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r5, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]}) (async, rerun: 32)
write$cgroup_int(r0, &(0x7f0000000380), 0x1040c) (async, rerun: 32)
close(r0)

[   85.887086][ T4678] Bluetooth: hci0: command tx timeout
[   86.058844][ T5333] loop0: detected capacity change from 0 to 512
[   86.117618][ T5333] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.123397][ T5333] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   86.210624][ T5334] loop0: detected capacity change from 512 to 64
[   86.223753][   T13] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #18: comm kworker/u4:1: corrupted inode contents
[   86.252766][   T13] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm kworker/u4:1: mark_inode_dirty error
[   86.295700][   T13] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #18: comm kworker/u4:1: corrupted inode contents
[   86.310536][   T13] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm kworker/u4:1: mark_inode_dirty error
[   86.319727][   T13] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #18: comm kworker/u4:1: corrupted inode contents
[   86.326217][   T13] EXT4-fs error (device loop0): mpage_map_and_submit_extent:2542: inode #18: comm kworker/u4:1: mark_inode_dirty error
[   86.332493][   T13] EXT4-fs error (device loop0): mpage_map_and_submit_extent:2546: comm kworker/u4:1: Failed to mark inode 18 dirty
[   86.340618][   T13] kworker/u4:1: attempt to access beyond end of device
[   86.340618][   T13] loop0: rw=1, sector=104, nr_sectors = 24 limit=64
[   86.346747][   T13] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 52)
[   86.351602][   T13] Buffer I/O error on device loop0, logical block 52
[   86.354756][   T13] Buffer I/O error on device loop0, logical block 53
[   86.358132][   T13] Buffer I/O error on device loop0, logical block 54
[   86.361144][   T13] Buffer I/O error on device loop0, logical block 55
[   86.364237][   T13] Buffer I/O error on device loop0, logical block 56
[   86.367077][   T13] Buffer I/O error on device loop0, logical block 57
[   86.369917][   T13] Buffer I/O error on device loop0, logical block 58
[   86.372688][   T13] Buffer I/O error on device loop0, logical block 59
[   86.375534][   T13] Buffer I/O error on device loop0, logical block 60
[   86.378316][   T13] Buffer I/O error on device loop0, logical block 61
[   86.384904][ T5334] EXT4-fs error (device loop0): ext4_do_update_inode:5617: inode #18: comm syz.0.0: corrupted inode contents
[   86.391910][ T5334] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error
[   86.397929][ T5334] ------------[ cut here ]------------
[   86.400419][ T5334] kernel BUG at fs/ext4/mballoc.c:4787!
[   86.402642][ T5334] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   86.405194][ T5334] CPU: 0 UID: 0 PID: 5334 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.408573][ T5334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   86.412693][ T5334] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   86.415278][ T5334] Code: e8 64 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 e0 b6 40 ff 90 0f 0b e8 d8 b6 40 ff 90 0f 0b e8 d0 b6 40 ff 90 <0f> 0b e8 c8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   86.423389][ T5334] RSP: 0018:ffffc9000ece6848 EFLAGS: 00010293
[   86.426062][ T5334] RAX: ffffffff828050e0 RBX: 00000000ffffffec RCX: ffff888000f08000
[   86.429240][ T5334] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000040
[   86.432596][ T5334] RBP: 1ffff11008c7950c R08: ffff8880463cb333 R09: 1ffff11008c79666
[   86.435868][ T5334] R10: dffffc0000000000 R11: ffffed1008c79667 R12: 0000000000000000
[   86.439274][ T5334] R13: 0000000000000054 R14: 1ffff11008c79669 R15: ffff8880463cb348
[   86.442642][ T5334] FS:  0000000000000000(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   86.446371][ T5334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.448906][ T5334] CR2: 00007f23c6f92000 CR3: 00000000436df000 CR4: 0000000000352ef0
[   86.451745][ T5334] Call Trace:
[   86.453014][ T5334]  <TASK>
[   86.454072][ T5334]  ext4_mb_use_preallocated+0x660/0x13f0
[   86.456065][ T5334]  ext4_mb_new_blocks+0x5a1/0x46a0
[   86.458207][ T5334]  ? _raw_spin_unlock+0x28/0x50
[   86.460431][ T5334]  ? __pfx_ext4_new_meta_blocks+0x10/0x10
[   86.462692][ T5334]  ? __bfs+0x154/0x290
[   86.464240][ T5334]  ? __pfx_ext4_mb_new_blocks+0x10/0x10
[   86.466426][ T5334]  ? ext4_block_to_path+0x297/0x6f0
[   86.468502][ T5334]  ext4_ind_map_blocks+0xe22/0x2190
[   86.470641][ T5334]  ? __pfx_ext4_ind_map_blocks+0x10/0x10
[   86.472852][ T5334]  ? ext4_map_blocks+0x73f/0x16f0
[   86.474815][ T5334]  ? __pfx_down_write+0x10/0x10
[   86.476775][ T5334]  ? ext4_es_lookup_extent+0x6cd/0xb00
[   86.479109][ T5334]  ext4_map_blocks+0x7d2/0x16f0
[   86.481173][ T5334]  ? __pfx_ext4_map_blocks+0x10/0x10
[   86.483442][ T5334]  ? rcu_is_watching+0x15/0xb0
[   86.485509][ T5334]  ? trace_kmem_cache_alloc+0x1f/0xb0
[   86.487797][ T5334]  ? kmem_cache_alloc_noprof+0x3ce/0x710
[   86.490230][ T5334]  ? __ext4_journal_ensure_credits+0x30/0x450
[   86.492794][ T5334]  ext4_do_writepages+0x18bb/0x4500
[   86.495009][ T5334]  ? __pfx_ext4_do_writepages+0x10/0x10
[   86.497319][ T5334]  ? __lock_acquire+0x6b6/0x2cf0
[   86.499460][ T5334]  ? finish_task_switch+0x23d/0x940
[   86.501721][ T5334]  ? lockdep_hardirqs_on+0x7b/0x110
[   86.503874][ T5334]  ? ext4_writepages+0x1ca/0x350
[   86.506016][ T5334]  ? ext4_writepages+0x1ca/0x350
[   86.507888][ T5334]  ext4_writepages+0x203/0x350
[   86.509915][ T5334]  ? __pfx_ext4_writepages+0x10/0x10
[   86.512155][ T5334]  ? __pfx_ext4_writepages+0x10/0x10
[   86.514690][ T5334]  do_writepages+0x32e/0x550
[   86.516716][ T5334]  ? _raw_spin_unlock_irqrestore+0x4c/0x80
[   86.519209][ T5334]  ? inode_wait_for_writeback+0x2a5/0x370
[   86.521601][ T5334]  ? __pfx_inode_wait_for_writeback+0x10/0x10
[   86.524101][ T5334]  __writeback_single_inode+0x133/0x1240
[   86.526322][ T5334]  ? do_raw_spin_unlock+0x4d/0x240
[   86.528436][ T5334]  writeback_single_inode+0x493/0xc70
[   86.530773][ T5334]  write_inode_now+0x160/0x1d0
[   86.532716][ T5334]  ? __pfx_write_inode_now+0x10/0x10
[   86.535020][ T5334]  ? do_raw_spin_unlock+0x4d/0x240
[   86.537251][ T5334]  iput+0xa77/0x1030
[   86.539095][ T5334]  __dentry_kill+0x209/0x660
[   86.541109][ T5334]  ? finish_dput+0xad/0x480
[   86.542728][ T5334]  finish_dput+0xc9/0x480
[   86.544372][ T5334]  __fput+0x68e/0xa70
[   86.546041][ T5334]  task_work_run+0x1d4/0x260
[   86.548240][ T5334]  ? __pfx_task_work_run+0x10/0x10
[   86.550554][ T5334]  ? do_raw_spin_unlock+0x4d/0x240
[   86.552715][ T5334]  do_exit+0x694/0x22f0
[   86.554460][ T5334]  ? kasan_quarantine_put+0xbb/0x1f0
[   86.556655][ T5334]  ? __pfx_do_exit+0x10/0x10
[   86.558793][ T5334]  do_group_exit+0x21c/0x2d0
[   86.560727][ T5334]  ? _raw_spin_unlock_irq+0x23/0x50
[   86.562802][ T5334]  get_signal+0x1285/0x1340
[   86.564585][ T5334]  arch_do_signal_or_restart+0x9a/0x7a0
[   86.566944][ T5334]  ? __pfx_arch_do_signal_or_restart+0x10/0x10
[   86.569711][ T5334]  ? __pfx_blkdev_ioctl+0x10/0x10
[   86.571836][ T5334]  exit_to_user_mode_loop+0x87/0x4e0
[   86.574119][ T5334]  ? rcu_is_watching+0x15/0xb0
[   86.575970][ T5334]  do_syscall_64+0x2b7/0xf80
[   86.577905][ T5334]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.580390][ T5334]  ? trace_irq_disable+0x37/0x100
[   86.582319][ T5334]  ? clear_bhb_loop+0x60/0xb0
[   86.584172][ T5334]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.586656][ T5334] RIP: 0033:0x7fd14458f7c9
[   86.588504][ T5334] Code: Unable to access opcode bytes at 0x7fd14458f79f.
[   86.591465][ T5334] RSP: 002b:00007fd1453ce038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   86.595138][ T5334] RAX: 0000000000000000 RBX: 00007fd1447e6090 RCX: 00007fd14458f7c9
[   86.598781][ T5334] RDX: 0000200000000540 RSI: 0000000000004c04 RDI: 0000000000000008
[   86.602052][ T5334] RBP: 00007fd144613f91 R08: 0000000000000000 R09: 0000000000000000
[   86.605066][ T5334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.608278][ T5334] R13: 00007fd1447e6128 R14: 00007fd1447e6090 R15: 00007ffd127b7a28
[   86.611527][ T5334]  </TASK>
[   86.612934][ T5334] Modules linked in:
[   86.615360][ T5334] ---[ end trace 0000000000000000 ]---
[   86.618036][ T5334] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   86.620538][ T5334] Code: e8 64 61 a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 e0 b6 40 ff 90 0f 0b e8 d8 b6 40 ff 90 0f 0b e8 d0 b6 40 ff 90 <0f> 0b e8 c8 b6 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   86.628594][ T5334] RSP: 0018:ffffc9000ece6848 EFLAGS: 00010293
[   86.631272][ T5334] RAX: ffffffff828050e0 RBX: 00000000ffffffec RCX: ffff888000f08000
[   86.634752][ T5334] RDX: 0000000000000000 RSI: 0000000000000054 RDI: 0000000000000040
[   86.638073][ T5334] RBP: 1ffff11008c7950c R08: ffff8880463cb333 R09: 1ffff11008c79666
[   86.641461][ T5334] R10: dffffc0000000000 R11: ffffed1008c79667 R12: 0000000000000000
[   86.644854][ T5334] R13: 0000000000000054 R14: 1ffff11008c79669 R15: ffff8880463cb348
[   86.648297][ T5334] FS:  0000000000000000(0000) GS:ffff88808d414000(0000) knlGS:0000000000000000
[   86.651727][ T5334] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   86.654243][ T5334] CR2: 00007f23c6f92000 CR3: 00000000436df000 CR4: 0000000000352ef0
[   86.657174][ T5334] Kernel panic - not syncing: Fatal exception
[   86.659850][ T5334] Kernel Offset: disabled
[   86.661708][ T5334] Rebooting in 86400 seconds..