program:
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000040)={[{@nobarrier}, {@resuid}, {@barrier_val={'barrier', 0x3d, 0x9}}]}, 0x1, 0x4b0, &(0x7f0000000b80)="$eJzs3c1rXOUaAPBnZpo0SXNvP+7l0vbCbaEXej9oJh9cmlzduFIXBbHgRqHGZBprJpmQmdQmdJHqrgsXoiiIC/f+BW7syiKIa92LC6lojaCCMHLOzKT5mjhompGc3w9Oc97zTs/zvhmel3Pec05OAJl1NvknFzEYEZ9GxNFGcfMHzjZ+rN2/OZUsuajXL3+TSz+XlFsfbf2/IxGxGhF9EfH04xEv5LbHrS6vzE6Wy6XFZrlYm1soVpdXLlybm5wpzZTmR8YvTkyMD4+NTuxZX2+/9tLtSx882fv+D6/eu/v6Rx8mzRps1m3sx15qdL0njm/YdigiHn0Ywbqg0OxPf7cbwm+SfH9/iYhzaf4fjUL6bQJZUK/X6z/XD7erXq0DB1Y+PQbO5YciorGezw8NNY7h/xoD+XKlWvvv1crS/HTjWPlY9OSvXiuXhpvnCseiJ5eUR9L1B+XRLeWxiPQY+I1Cf1oemqqUp/d3qAO2ONLM//5m/n9faOQ/kBE7n/K3PSkADhBTfpBd8h+yS/5Ddsl/yC75D9kl/yG75D9kl/yH7JL/kF3yHzLpqUuXkqXeev59+vry0mzl+oXpUnV2aG5pamiqsrgwNFOpzKTP7Mz92v7KlcrCyP9i6UaxVqrWitXllStzlaX52pX0uf4rpZ596RXQieNn7nyei4jV//enS6K3WSdX4WCr13PR7WeQge4odHsAArrG1B9kl3N8YIc/0btJX7uKhb1vC7A/8t1uANA150+5/gdZZf4fssv8P2SXY3zA/D9kj/l/yK7BNu//+tOGd3cNR8SfI+KzQs/h1ru+gIMg/1UuIp8c/58/+s/BrbW9uR/TSwS9EfHyO5ffujFZqy2OJNu/Xd9ee7u5fbQb7Qc61crTVh4DANm1dv/mVGvZz7hfP9a4CWF7/EPNucm+9BrlwFpu070KuT26d2H1VkSc3Cl+rvm+88aVj4G1wrb4J5o/c41dpO09lL43fX/in9oQ/x8b4p/+3b8VyIY7yfgzvFP+5dOcjvX82zz+DO7RvRPtx7/8+vhXaDP+nekwxovvvvJl2/i3Ik7vGL8Vry+NtTV+0rbznYXP3Xvumb+1q6y/19jPTvHXdxARxdrcQrG6vHIh/TtyM6X5kfGLExPjw2OjE8V0jrrYmqne7pGTn9zdrf8DbeLv1v9k278763/89PePnz27S/x/ndv5+z+xS/z+iPhPh/G/G/3i+XZ1SfzpNv3P7xI/2TbWYfzqm094lzgA/IFUl1dmJ8vl0qIVK1asrK90e2QCHrYHSd/tlgAAAAAAAAAAAACd2o/bibvdRwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAg+CXAAAA///8zdZA")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0)
syz_usb_control_io(r3, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000080)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ioctl$FS_IOC_GETVERSION(r4, 0x80015b11, &(0x7f0000000040))
r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r5, 0xc048aeca, &(0x7f0000000040)=0x8)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x2000000)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
perf_event_open(&(0x7f0000000200)={0x2, 0x80, 0x9a, 0x1, 0x0, 0x0, 0x0, 0x5, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffffffffff83}, 0x200, 0x0, 0x0, 0x3, 0x3}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r6, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x15, 0x1c, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x204]})
write$cgroup_int(r0, &(0x7f0000000380), 0xe754)
close(r0)

[   75.552660][   T47] Bluetooth: hci0: command tx timeout
[   75.596467][ T5332] loop0: detected capacity change from 0 to 512
[   75.681275][ T5332] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   75.686773][ T5332] ext4 filesystem being mounted at /0/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[   75.949483][ T5325] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   76.102577][ T5325] usb 5-1: Using ep0 maxpacket: 8
[   76.107673][ T5325] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[   76.113156][ T5325] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[   76.117856][ T5325] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[   76.123248][ T5325] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   76.128772][ T5325] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   76.133476][ T5325] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   76.350751][ T5325] usb 5-1: GET_CAPABILITIES returned 0
[   76.353709][ T5325] usbtmc 5-1:16.0: can't read capabilities
[   76.503256][ T1313] ieee802154 phy0 wpan0: encryption failed: -22
[   76.506059][ T1313] ieee802154 phy1 wpan1: encryption failed: -22
[   76.599651][ T5332] loop0: detected capacity change from 512 to 64
[   76.619952][ T5333] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory
[   76.635379][ T5333] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error
[   76.647551][ T5332] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory
[   76.654700][ T5332] EXT4-fs error (device loop0): ext4_splice_branch:479: inode #18: comm syz.0.0: mark_inode_dirty error
[   76.663078][ T5332] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory
[   76.667416][ T5332] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error
[   76.780525][ T5332] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory
[   76.785150][ T5332] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error
[   76.791588][ T5332] EXT4-fs error (device loop0) in ext4_reserve_inode_write:6298: Out of memory
[   76.795859][ T5332] EXT4-fs error (device loop0): ext4_dirty_inode:6502: inode #18: comm syz.0.0: mark_inode_dirty error
[   76.804658][ T5332] syz.0.0: attempt to access beyond end of device
[   76.804658][ T5332] loop0: rw=2049, sector=258, nr_sectors = 24 limit=64
[   76.810949][ T5332] EXT4-fs warning (device loop0): ext4_end_bio:372: I/O error 10 writing to inode 18 starting block 129)
[   76.816490][ T5332] Buffer I/O error on device loop0, logical block 129
[   76.819906][ T5332] Buffer I/O error on device loop0, logical block 130
[   76.822994][ T5332] Buffer I/O error on device loop0, logical block 131
[   76.825962][ T5332] Buffer I/O error on device loop0, logical block 132
[   76.828946][ T5332] Buffer I/O error on device loop0, logical block 133
[   76.831985][ T5332] Buffer I/O error on device loop0, logical block 134
[   76.835082][ T5332] Buffer I/O error on device loop0, logical block 135
[   76.837943][ T5332] Buffer I/O error on device loop0, logical block 136
[   76.841195][ T5332] Buffer I/O error on device loop0, logical block 137
[   76.843840][ T5332] Buffer I/O error on device loop0, logical block 138
[   76.960340][ T5332] ------------[ cut here ]------------
[   76.963209][ T5332] kernel BUG at fs/ext4/mballoc.c:4787!
[   76.965410][ T5332] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   76.968129][ T5332] CPU: 0 UID: 0 PID: 5332 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   76.971839][ T5332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   76.976615][ T5332] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   76.979254][ T5332] Code: e8 c4 4b a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 60 6f 40 ff 90 0f 0b e8 58 6f 40 ff 90 0f 0b e8 50 6f 40 ff 90 <0f> 0b e8 48 6f 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   76.987371][ T5332] RSP: 0018:ffffc9000c5bec28 EFLAGS: 00010283
[   76.989839][ T5332] RAX: ffffffff82815100 RBX: 00000000fffffff2 RCX: 0000000000100000
[   76.993317][ T5332] RDX: ffffc90021172000 RSI: 000000000000b15c RDI: 000000000000b15d
[   76.996512][ T5332] RBP: 1ffff11008e95f0c R08: ffff8880474b0503 R09: 1ffff11008e960a0
[   77.000038][ T5332] R10: dffffc0000000000 R11: ffffed1008e960a1 R12: 0000000000000000
[   77.003496][ T5332] R13: 000000000000002e R14: 1ffff11008e960a3 R15: ffff8880474b0518
[   77.006531][ T5332] FS:  00007fd801ff86c0(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000
[   77.009996][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.012768][ T5332] CR2: 00007f915ab85d50 CR3: 0000000037e85000 CR4: 0000000000352ef0
[   77.016221][ T5332] Call Trace:
[   77.017793][ T5332]  <TASK>
[   77.019144][ T5332]  ext4_mb_use_preallocated+0x660/0x13f0
[   77.021455][ T5332]  ext4_mb_new_blocks+0x5a1/0x46a0
[   77.023708][ T5332]  ? __pfx_ext4_new_meta_blocks+0x10/0x10
[   77.026240][ T5332]  ? __pfx_ext4_mb_new_blocks+0x10/0x10
[   77.028566][ T5332]  ? ext4_block_to_path+0x297/0x6f0
[   77.030800][ T5332]  ext4_ind_map_blocks+0xe22/0x2190
[   77.033239][ T5332]  ? __pfx_ext4_ind_map_blocks+0x10/0x10
[   77.035590][ T5332]  ? __pfx_down_write+0x10/0x10
[   77.037577][ T5332]  ? ext4_es_lookup_extent+0x6cd/0xb00
[   77.039986][ T5332]  ext4_map_blocks+0x7d2/0x16f0
[   77.042189][ T5332]  ? __pfx_ext4_map_blocks+0x10/0x10
[   77.044501][ T5332]  ? rcu_is_watching+0x15/0xb0
[   77.046556][ T5332]  ? trace_kmem_cache_alloc+0x1f/0xb0
[   77.049010][ T5332]  ? kmem_cache_alloc_noprof+0x3ce/0x710
[   77.051624][ T5332]  ext4_do_writepages+0x18bb/0x4500
[   77.054088][ T5332]  ? __pfx_ext4_do_writepages+0x10/0x10
[   77.056587][ T5332]  ? __lock_acquire+0x6b6/0x2cf0
[   77.058883][ T5332]  ? rcu_read_lock_any_held+0xb3/0x120
[   77.061444][ T5332]  ext4_writepages+0x203/0x350
[   77.063566][ T5332]  ? __pfx_ext4_writepages+0x10/0x10
[   77.066091][ T5332]  ? plist_check_list+0x2f4/0x310
[   77.068433][ T5332]  ? __pfx_ext4_writepages+0x10/0x10
[   77.070526][ T5332]  do_writepages+0x32e/0x550
[   77.072405][ T5332]  __writeback_single_inode+0x133/0x1240
[   77.074937][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   77.077086][ T5332]  writeback_single_inode+0x493/0xc70
[   77.079302][ T5332]  write_inode_now+0x160/0x1d0
[   77.081468][ T5332]  ? __pfx_write_inode_now+0x10/0x10
[   77.083743][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   77.085996][ T5332]  iput+0xa77/0x1030
[   77.087659][ T5332]  __dentry_kill+0x209/0x660
[   77.089763][ T5332]  ? finish_dput+0xad/0x480
[   77.091801][ T5332]  finish_dput+0xc9/0x480
[   77.093823][ T5332]  __fput+0x68e/0xa70
[   77.095685][ T5332]  fput_close_sync+0x113/0x220
[   77.097641][ T5332]  ? __pfx_fput_close_sync+0x10/0x10
[   77.099992][ T5332]  ? do_raw_spin_unlock+0x4d/0x240
[   77.102516][ T5332]  __x64_sys_close+0x7f/0x110
[   77.104900][ T5332]  do_syscall_64+0xfa/0xf80
[   77.107135][ T5332]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.110121][ T5332]  ? clear_bhb_loop+0x60/0xb0
[   77.112397][ T5332]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   77.115252][ T5332] RIP: 0033:0x7fd80118f7c9
[   77.117385][ T5332] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   77.125638][ T5332] RSP: 002b:00007fd801ff8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000003
[   77.129260][ T5332] RAX: ffffffffffffffda RBX: 00007fd8013e5fa0 RCX: 00007fd80118f7c9
[   77.132860][ T5332] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[   77.136272][ T5332] RBP: 00007fd801213f91 R08: 0000000000000000 R09: 0000000000000000
[   77.140659][ T5332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   77.144587][ T5332] R13: 00007fd8013e6038 R14: 00007fd8013e5fa0 R15: 00007ffcab9bbc08
[   77.148168][ T5332]  </TASK>
[   77.149592][ T5332] Modules linked in:
[   77.152003][ T5332] ---[ end trace 0000000000000000 ]---
[   77.154647][ T5332] RIP: 0010:ext4_mb_use_inode_pa+0x6c1/0x720
[   77.157081][ T5332] Code: e8 c4 4b a8 ff 48 ba 00 00 00 00 00 fc ff df e9 da fa ff ff e8 60 6f 40 ff 90 0f 0b e8 58 6f 40 ff 90 0f 0b e8 50 6f 40 ff 90 <0f> 0b e8 48 6f 40 ff 90 0f 0b 48 8b 0c 24 80 e1 07 80 c1 03 38 c1
[   77.164936][ T5332] RSP: 0018:ffffc9000c5bec28 EFLAGS: 00010283
[   77.167472][ T5332] RAX: ffffffff82815100 RBX: 00000000fffffff2 RCX: 0000000000100000
[   77.170956][ T5332] RDX: ffffc90021172000 RSI: 000000000000b15c RDI: 000000000000b15d
[   77.174515][ T5332] RBP: 1ffff11008e95f0c R08: ffff8880474b0503 R09: 1ffff11008e960a0
[   77.178113][ T5332] R10: dffffc0000000000 R11: ffffed1008e960a1 R12: 0000000000000000
[   77.181694][ T5332] R13: 000000000000002e R14: 1ffff11008e960a3 R15: ffff8880474b0518
[   77.184937][ T5332] FS:  00007fd801ff86c0(0000) GS:ffff88808d22f000(0000) knlGS:0000000000000000
[   77.188591][ T5332] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   77.191353][ T5332] CR2: 00007f915ab85d50 CR3: 0000000037e85000 CR4: 0000000000352ef0
[   77.194925][ T5332] Kernel panic - not syncing: Fatal exception
[   77.198049][ T5332] Kernel Offset: disabled
[   77.199969][ T5332] Rebooting in 86400 seconds..