program:
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000cc0)={[{@user_xattr}, {@nogrpid}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x58}}, {@noauto_da_alloc}, {@noinit_itable}, {@grpquota}, {@usrjquota}]}, 0x2, 0x44a, &(0x7f0000000400)="$eJzs281vG0UbAPBn10n6vv1KKOWjpUCgQkR8JE1aoAcuIJA4FIEEh3IMTlpVdRvUBIlWFQ0IlQsSqgRnxBGJv4AbFwSckLjCHVWqoJcWTkG73m1t106b1rFD/ftJm8x4x555PDve2R07gIE1nv1JIrZGxG8RMVrPNhcYr/+7evls9e/LZ6tJrKy89WeSl7ty+Wy1LFo+b0uRmUgj0k+SopJmi6fPHJ+t1eZPFfmppRPvTS2ePvPssROzR+ePzp+cOXjwwP7pF56fea4rcWZxXdn94cKeXa+9c+H16uEL7/70bdbercX+xji6ZTwL/K+VXOu+J7pdWZ9ta0gnQ31sCGtSiYisu4bz8T8albjeeaPx6sd9bRywrrJz06bOu5dXgLtYEv1uAdAf5Yk+u/4ttx5NPTaESy/VL4CyuK8WW33PUKRFmeGW69tuGo+Iw8v/fJVtsU73IQAAGn1W/fJQPNNu/pfG/Q3lthdrKGMRcU9E7IiIeyNiZ0TcF5GXfSAiHlxj/a1LQzfOf9KLtxXYLcrmfy8Wa1vN879y9hdjlSK3LY9/ODlyrDa/r3hPJmJ4U5afXqWO71/59fNO+xrnf9mW1V/OBYt2XBxquUE3N7s0m09Ku+DSRxG7h9rFn1xbCUgiYldE7F7bS28vE8ee+mZPp0I3j38VXVhnWvk64sl6/y9HS/ylZPX1yan/RW1+31R5VNzo51/Ov9mp/juKvwuy/t/cfPy3FhlLGtdrF9dex/nfP+14TXO7x/9I8nbeLyPFYx/MLi2dmo4YSQ7l+abHZ64/t8yX5bP4J/a2H/87iudk9TwUEdlB/HBEPBIRjxZtfywiHo+IvavE/+PLnfdthP6fa/v5d+34b+n/tScqx3/4rlP9t9b/B/LURPFI/vl3E7fawDt57wAAAOC/Is2/A5+kk9fSaTo5Wf8O/87YnNYWFpeePrLw/sm5+nflx2I4Le90jTbcD51OlotXrOdninvF5f79xX3jLyr/z/OT1YXaXJ9jh0G3pcP4z/xR6XfrgHXXbh1tZqQPDQF6rnX8p83Zc2/0sjFAT/m9Ngyum4z/tFftAHrP+R8GV7vxf64lby0A7k7O/zC4jH8YXMY/DC7jHwbSnfyuX2KQE5FuiGZIrFOi359MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3fFvAAAA//+uEO7O")
r0 = openat$ptp1(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PTP_PEROUT_REQUEST2(r0, 0x40043d14, 0x0)
chdir(&(0x7f0000000440)='./file0\x00')
r1 = creat(&(0x7f0000000380)='./bus\x00', 0x0)
io_setup(0x202, &(0x7f0000000200)=<r2=>0x0)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r3 = socket(0x10, 0x3, 0x0)
r4 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000004640)={&(0x7f00000004c0)=@newqdisc={0x50, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_DELAY_DIST={0x4, 0xd}]}}}]}, 0x50}}, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x8005, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
r7 = socket(0x27, 0x800, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r7, 0x8933, &(0x7f0000000100)={'team0\x00', <r8=>0x0})
sendmsg$nl_route_sched(r7, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)=@newqdisc={0x30, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0)
r9 = syz_open_dev$cec(&(0x7f0000000000), 0xffffffffffffffff, 0x0)
ioctl$CEC_ADAP_S_LOG_ADDRS(r9, 0xc05c6104, &(0x7f0000000140)={"fbff0a00", 0x5b, 0x6, 0x3, 0x14625b, 0x3, "000000ff00070000000900", '\x00', "05030400", '\x00', ["9ef806070000007eff7d7f00", "0000000081000053e58000", "ffffff0200ffff7f00", "00720cfcffffff00e9002000"]})
write$UHID_DESTROY(r1, &(0x7f0000000080), 0x4)
io_submit(r2, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x2, 0x1, 0x0, r1, &(0x7f0000000000), 0x100000}])

[   74.577083][ T5335] Bluetooth: hci0: command tx timeout
[   74.628255][ T5356] loop0: detected capacity change from 0 to 512
[   74.678119][ T5356] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.0: corrupted in-inode xattr: invalid ea_ino
[   74.699317][ T5356] EXT4-fs error (device loop0): ext4_orphan_get:1397: comm syz.0.0: couldn't read orphan inode 15 (err -117)
[   74.708296][ T5356] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   74.731833][ T5356] netem: change failed
[   74.766938][ T5356] loop0: detected capacity change from 512 to 64
[   74.802026][ T5356] syz.0.0: attempt to access beyond end of device
[   74.802026][ T5356] loop0: rw=2049, sector=74, nr_sectors = 24 limit=64
[   74.819864][ T5356] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 37)
[   74.826695][ T5356] Buffer I/O error on device loop0, logical block 37
[   74.830108][ T5356] Buffer I/O error on device loop0, logical block 38
[   74.833098][ T5356] Buffer I/O error on device loop0, logical block 39
[   74.835982][ T5356] Buffer I/O error on device loop0, logical block 40
[   74.848103][ T5356] Buffer I/O error on device loop0, logical block 41
[   74.851023][ T5356] Buffer I/O error on device loop0, logical block 42
[   74.853952][ T5356] Buffer I/O error on device loop0, logical block 43
[   74.856860][ T5356] Buffer I/O error on device loop0, logical block 44
[   74.860997][ T5356] Buffer I/O error on device loop0, logical block 45
[   74.864594][ T5356] Buffer I/O error on device loop0, logical block 46
[   74.873160][ T5356] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm syz.0.0: corrupted inode contents
[   74.881162][ T5356] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm syz.0.0: mark_inode_dirty error
[   74.888219][ T5356] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm syz.0.0: corrupted inode contents
[   74.895363][ T5356] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm syz.0.0: mark_inode_dirty error
[   75.009169][ T5356] EXT4-fs error (device loop0): ext4_do_update_inode:5653: inode #18: comm syz.0.0: corrupted inode contents
[   75.014607][ T5356] EXT4-fs error (device loop0): ext4_dirty_inode:6538: inode #18: comm syz.0.0: mark_inode_dirty error
[   75.020727][ T5356] ------------[ cut here ]------------
[   75.023351][ T5356] kernel BUG at fs/ext4/mballoc.c:4755!
[   75.026028][ T5356] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   75.029568][ T5356] CPU: 0 UID: 0 PID: 5356 Comm: syz.0.0 Not tainted 6.16.0-syzkaller-12288-g2b38afce25c4 #0 PREEMPT(full) 
[   75.035239][ T5356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.039916][ T5356] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   75.043154][ T5356] Code: e8 14 d0 aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 70 e4 45 ff 90 0f 0b e8 68 e4 45 ff 90 0f 0b e8 60 e4 45 ff 90 <0f> 0b e8 58 e4 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   75.053048][ T5356] RSP: 0018:ffffc9000f4b67e8 EFLAGS: 00010287
[   75.055549][ T5356] RAX: ffffffff8279d700 RBX: 00000000ffffffcc RCX: 0000000000100000
[   75.058930][ T5356] RDX: ffffc9000dc7a000 RSI: 000000000001324a RDI: 000000000001324b
[   75.062439][ T5356] RBP: 1ffff11008769a5e R08: ffff888043b4e5eb R09: 1ffff11008769cbd
[   75.065878][ T5356] R10: dffffc0000000000 R11: ffffed1008769cbe R12: 0000000000000000
[   75.069431][ T5356] R13: 0000000000000054 R14: 1ffff11008769cc0 R15: ffff888043b4e600
[   75.073487][ T5356] FS:  00007fea7f38a6c0(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
[   75.078362][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.081483][ T5356] CR2: 0000558dae31d168 CR3: 000000001162d000 CR4: 0000000000352ef0
[   75.085016][ T5356] Call Trace:
[   75.086581][ T5356]  <TASK>
[   75.087937][ T5356]  ext4_mb_use_preallocated+0x660/0x13f0
[   75.090658][ T5356]  ext4_mb_new_blocks+0x5b4/0x4720
[   75.093698][ T5356]  ? __pfx_ext4_new_meta_blocks+0x10/0x10
[   75.096280][ T5356]  ? __pfx_ext4_mb_new_blocks+0x10/0x10
[   75.098755][ T5356]  ? ext4_block_to_path+0x297/0x6f0
[   75.101062][ T5356]  ext4_ind_map_blocks+0xe21/0x21b0
[   75.103292][ T5356]  ? __pfx_ext4_ind_map_blocks+0x10/0x10
[   75.105880][ T5356]  ? __pfx_down_write+0x10/0x10
[   75.108339][ T5356]  ? ext4_es_lookup_extent+0x622/0xa70
[   75.111240][ T5356]  ext4_map_blocks+0x7fe/0x1740
[   75.113556][ T5356]  ? __pfx_ext4_map_blocks+0x10/0x10
[   75.115941][ T5356]  ? rcu_is_watching+0x15/0xb0
[   75.118875][ T5356]  ext4_do_writepages+0x16a1/0x4610
[   75.121403][ T5356]  ? __free_object+0x4e3/0x6d0
[   75.123931][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.126658][ T5356]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[   75.129345][ T5356]  ? __pfx_ext4_do_writepages+0x10/0x10
[   75.131768][ T5356]  ? __lock_acquire+0xab9/0xd20
[   75.134191][ T5356]  ? __lock_acquire+0xab9/0xd20
[   75.136457][ T5356]  ? rcu_read_lock_any_held+0xb3/0x120
[   75.139032][ T5356]  ext4_writepages+0x205/0x350
[   75.141482][ T5356]  ? __pfx_ext4_writepages+0x10/0x10
[   75.144209][ T5356]  ? __lock_acquire+0xab9/0xd20
[   75.146435][ T5356]  ? __pfx_ext4_writepages+0x10/0x10
[   75.148786][ T5356]  do_writepages+0x32e/0x550
[   75.151159][ T5356]  ? do_raw_spin_unlock+0x4d/0x240
[   75.153820][ T5356]  file_write_and_wait_range+0x23e/0x340
[   75.156816][ T5356]  ? __pfx_file_write_and_wait_range+0x10/0x10
[   75.160140][ T5356]  ? generic_perform_write+0x809/0x900
[   75.162847][ T5356]  generic_buffers_fsync_noflush+0x6c/0x180
[   75.165422][ T5356]  ext4_sync_file+0x332/0xb20
[   75.167516][ T5356]  ext4_buffered_write_iter+0x2ca/0x3a0
[   75.170141][ T5356]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   75.173465][ T5356]  ext4_file_write_iter+0x298/0x1bc0
[   75.175980][ T5356]  ? __lock_acquire+0xab9/0xd20
[   75.178119][ T5356]  ? __pfx_ext4_file_write_iter+0x10/0x10
[   75.180683][ T5356]  ? aio_write+0x4c4/0x7a0
[   75.182789][ T5356]  aio_write+0x535/0x7a0
[   75.184869][ T5356]  ? __pfx_aio_write+0x10/0x10
[   75.187259][ T5356]  ? __might_fault+0xb0/0x130
[   75.189833][ T5356]  io_submit_one+0x78b/0x1310
[   75.192133][ T5356]  ? __pfx_io_submit_one+0x10/0x10
[   75.194651][ T5356]  ? __might_fault+0xb0/0x130
[   75.196809][ T5356]  ? __might_fault+0xb0/0x130
[   75.199278][ T5356]  __se_sys_io_submit+0x185/0x2f0
[   75.202432][ T5356]  ? __pfx___se_sys_io_submit+0x10/0x10
[   75.205367][ T5356]  ? do_syscall_64+0xbe/0x3b0
[   75.207554][ T5356]  do_syscall_64+0xfa/0x3b0
[   75.209628][ T5356]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.211951][ T5356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.215311][ T5356]  ? clear_bhb_loop+0x60/0xb0
[   75.217960][ T5356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.221009][ T5356] RIP: 0033:0x7fea7e58ebe9
[   75.223112][ T5356] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.231287][ T5356] RSP: 002b:00007fea7f38a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1
[   75.235114][ T5356] RAX: ffffffffffffffda RBX: 00007fea7e7b5fa0 RCX: 00007fea7e58ebe9
[   75.239201][ T5356] RDX: 0000200000000540 RSI: 000000000000003b RDI: 00007fea7f340000
[   75.242645][ T5356] RBP: 00007fea7e611e19 R08: 0000000000000000 R09: 0000000000000000
[   75.246256][ T5356] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.250105][ T5356] R13: 00007fea7e7b6038 R14: 00007fea7e7b5fa0 R15: 00007ffe038195f8
[   75.254657][ T5356]  </TASK>
[   75.256214][ T5356] Modules linked in:
[   75.258635][ T5356] ---[ end trace 0000000000000000 ]---
[   75.261052][ T5356] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   75.263921][ T5356] Code: e8 14 d0 aa ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 70 e4 45 ff 90 0f 0b e8 68 e4 45 ff 90 0f 0b e8 60 e4 45 ff 90 <0f> 0b e8 58 e4 45 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   75.273439][ T5356] RSP: 0018:ffffc9000f4b67e8 EFLAGS: 00010287
[   75.276753][ T5356] RAX: ffffffff8279d700 RBX: 00000000ffffffcc RCX: 0000000000100000
[   75.280068][ T5356] RDX: ffffc9000dc7a000 RSI: 000000000001324a RDI: 000000000001324b
[   75.283517][ T5356] RBP: 1ffff11008769a5e R08: ffff888043b4e5eb R09: 1ffff11008769cbd
[   75.287726][ T5356] R10: dffffc0000000000 R11: ffffed1008769cbe R12: 0000000000000000
[   75.291329][ T5356] R13: 0000000000000054 R14: 1ffff11008769cc0 R15: ffff888043b4e600
[   75.294777][ T5356] FS:  00007fea7f38a6c0(0000) GS:ffff88808d211000(0000) knlGS:0000000000000000
[   75.298312][ T5356] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.301320][ T5356] CR2: 0000558dae31d168 CR3: 000000001162d000 CR4: 0000000000352ef0
[   75.305304][ T5356] Kernel panic - not syncing: Fatal exception
[   75.308851][ T5356] Kernel Offset: disabled
[   75.311394][ T5356] Rebooting in 86400 seconds..