program:
r0 = gettid()
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f00000003c0)=0x1, 0x4)
dup3(r1, r2, 0x0)
r3 = fcntl$dupfd(r2, 0x0, r2)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r3, 0x6, 0x15, 0x0, &(0x7f0000001400))
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH")
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r4, 0x0)
process_vm_writev(r0, &(0x7f0000c22000)=[{&(0x7f000034afa4)=""/1, 0x1}], 0x1, &(0x7f0000000000)=[{&(0x7f0000000400)=""/4096, 0x700800}], 0x1, 0x0)
r5 = syz_open_dev$radio(&(0x7f0000000080), 0x2, 0x2)
ioctl$VIDIOC_S_HW_FREQ_SEEK(r5, 0x40305652, &(0x7f00000002c0)={0x0, 0x1, 0x1, 0x0, 0x0, 0x2080, 0x6ae0})
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[   85.460302][ T4689] Bluetooth: hci0: command tx timeout
[   85.532562][ T5349] loop0: detected capacity change from 0 to 2048
[   85.606864][ T5349] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[   85.690054][ T5349] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[   85.699408][ T5349] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 558 with error 28
[   85.704886][ T5349] EXT4-fs (loop0): This should not happen!! Data will be lost
[   85.704886][ T5349] 
[   85.710339][ T5349] EXT4-fs (loop0): Total free blocks count 0
[   85.713044][ T5349] EXT4-fs (loop0): Free/Dirty block details
[   85.716953][ T5349] EXT4-fs (loop0): free_blocks=2415919104
[   85.719407][ T5349] EXT4-fs (loop0): dirty_blocks=560
[   85.721880][ T5349] EXT4-fs (loop0): Block reservation details
[   85.724492][ T5349] EXT4-fs (loop0): i_reserved_data_blocks=35
[   85.783096][ T5350] ------------[ cut here ]------------
[   85.785715][ T5350] WARNING: CPU: 0 PID: 5350 at fs/ext4/inode.c:3931 ext4_dirty_folio+0x167/0x1b0
[   85.789682][ T5350] Modules linked in:
[   85.791459][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[   85.796533][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.801074][ T5350] RIP: 0010:ext4_dirty_folio+0x167/0x1b0
[   85.803433][ T5350] Code: 3f 90 ae ff 49 83 3f 00 74 1a e8 64 0d 4b ff 4c 89 e7 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 bf dd d0 ff e8 4a 0d 4b ff 90 <0f> 0b 90 eb e0 e8 3f 0d 4b ff 90 0f 0b 90 eb a7 e8 34 0d 4b ff 48
[   85.811648][ T5350] RSP: 0018:ffffc9000d4c7aa0 EFLAGS: 00010283
[   85.814187][ T5350] RAX: ffffffff82755146 RBX: ffffea0001342080 RCX: 0000000000100000
[   85.817623][ T5350] RDX: ffffc9000ea43000 RSI: 000000000002e0de RDI: 000000000002e0df
[   85.820877][ T5350] RBP: 1ffffd4000268410 R08: ffffea0001342087 R09: 1ffffd4000268410
[   85.824166][ T5350] R10: dffffc0000000000 R11: fffff94000268411 R12: ffff888043ea97d8
[   85.827589][ T5350] R13: 1ffffd4000268411 R14: 0000000000000001 R15: ffffea00013420a8
[   85.830898][ T5350] FS:  00007fbcc98c26c0(0000) GS:ffff88808d21c000(0000) knlGS:0000000000000000
[   85.834616][ T5350] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.837563][ T5350] CR2: 000020000034afa4 CR3: 00000000437d3000 CR4: 0000000000352ef0
[   85.841004][ T5350] Call Trace:
[   85.842537][ T5350]  <TASK>
[   85.843852][ T5350]  unpin_user_pages_dirty_lock+0x37d/0x510
[   85.846778][ T5350]  process_vm_rw+0x85a/0xb40
[   85.848719][ T5350]  ? __pfx_process_vm_rw+0x10/0x10
[   85.850869][ T5350]  ? rcu_is_watching+0x15/0xb0
[   85.852966][ T5350]  __x64_sys_process_vm_writev+0xe0/0x100
[   85.855837][ T5350]  do_syscall_64+0xfa/0x3b0
[   85.858019][ T5350]  ? lockdep_hardirqs_on+0x9c/0x150
[   85.860302][ T5350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.862805][ T5350]  ? clear_bhb_loop+0x60/0xb0
[   85.864756][ T5350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.867348][ T5350] RIP: 0033:0x7fbcc898e929
[   85.869320][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   85.878519][ T5350] RSP: 002b:00007fbcc98c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[   85.882118][ T5350] RAX: ffffffffffffffda RBX: 00007fbcc8bb6080 RCX: 00007fbcc898e929
[   85.886009][ T5350] RDX: 0000000000000001 RSI: 0000200000c22000 RDI: 0000000000000004
[   85.889453][ T5350] RBP: 00007fbcc8a10b39 R08: 0000000000000001 R09: 0000000000000000
[   85.892843][ T5350] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.896509][ T5350] R13: 0000000000000000 R14: 00007fbcc8bb6080 R15: 00007fffdc2d9738
[   85.899789][ T5350]  </TASK>
[   85.901180][ T5350] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.904120][ T5350] CPU: 0 UID: 0 PID: 5350 Comm: syz.0.0 Not tainted 6.16.0-rc4-syzkaller-00308-ga79a588fc176 #0 PREEMPT(full) 
[   85.909119][ T5350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   85.913479][ T5350] Call Trace:
[   85.914934][ T5350]  <TASK>
[   85.916195][ T5350]  dump_stack_lvl+0x99/0x250
[   85.918163][ T5350]  ? __asan_memcpy+0x40/0x70
[   85.920107][ T5350]  ? __pfx_dump_stack_lvl+0x10/0x10
[   85.922262][ T5350]  ? __pfx__printk+0x10/0x10
[   85.924075][ T5350]  panic+0x2db/0x790
[   85.925939][ T5350]  ? __pfx_panic+0x10/0x10
[   85.927988][ T5350]  ? show_trace_log_lvl+0x4fb/0x550
[   85.930382][ T5350]  __warn+0x31b/0x4b0
[   85.932192][ T5350]  ? ext4_dirty_folio+0x167/0x1b0
[   85.934447][ T5350]  ? ext4_dirty_folio+0x167/0x1b0
[   85.936749][ T5350]  report_bug+0x2be/0x4f0
[   85.938673][ T5350]  ? ext4_dirty_folio+0x167/0x1b0
[   85.940823][ T5350]  ? ext4_dirty_folio+0x167/0x1b0
[   85.943099][ T5350]  ? ext4_dirty_folio+0x169/0x1b0
[   85.945452][ T5350]  handle_bug+0x84/0x160
[   85.947347][ T5350]  exc_invalid_op+0x1a/0x50
[   85.949294][ T5350]  asm_exc_invalid_op+0x1a/0x20
[   85.951417][ T5350] RIP: 0010:ext4_dirty_folio+0x167/0x1b0
[   85.953768][ T5350] Code: 3f 90 ae ff 49 83 3f 00 74 1a e8 64 0d 4b ff 4c 89 e7 48 89 de 5b 41 5c 41 5d 41 5e 41 5f 5d e9 bf dd d0 ff e8 4a 0d 4b ff 90 <0f> 0b 90 eb e0 e8 3f 0d 4b ff 90 0f 0b 90 eb a7 e8 34 0d 4b ff 48
[   85.962783][ T5350] RSP: 0018:ffffc9000d4c7aa0 EFLAGS: 00010283
[   85.965541][ T5350] RAX: ffffffff82755146 RBX: ffffea0001342080 RCX: 0000000000100000
[   85.969039][ T5350] RDX: ffffc9000ea43000 RSI: 000000000002e0de RDI: 000000000002e0df
[   85.972377][ T5350] RBP: 1ffffd4000268410 R08: ffffea0001342087 R09: 1ffffd4000268410
[   85.975866][ T5350] R10: dffffc0000000000 R11: fffff94000268411 R12: ffff888043ea97d8
[   85.979318][ T5350] R13: 1ffffd4000268411 R14: 0000000000000001 R15: ffffea00013420a8
[   85.982754][ T5350]  ? ext4_dirty_folio+0x166/0x1b0
[   85.985230][ T5350]  unpin_user_pages_dirty_lock+0x37d/0x510
[   85.987837][ T5350]  process_vm_rw+0x85a/0xb40
[   85.989878][ T5350]  ? __pfx_process_vm_rw+0x10/0x10
[   85.992055][ T5350]  ? rcu_is_watching+0x15/0xb0
[   85.994044][ T5350]  __x64_sys_process_vm_writev+0xe0/0x100
[   85.996592][ T5350]  do_syscall_64+0xfa/0x3b0
[   85.998692][ T5350]  ? lockdep_hardirqs_on+0x9c/0x150
[   86.001038][ T5350]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.003664][ T5350]  ? clear_bhb_loop+0x60/0xb0
[   86.005791][ T5350]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.008124][ T5350] RIP: 0033:0x7fbcc898e929
[   86.010025][ T5350] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   86.018196][ T5350] RSP: 002b:00007fbcc98c2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137
[   86.021810][ T5350] RAX: ffffffffffffffda RBX: 00007fbcc8bb6080 RCX: 00007fbcc898e929
[   86.025113][ T5350] RDX: 0000000000000001 RSI: 0000200000c22000 RDI: 0000000000000004
[   86.028428][ T5350] RBP: 00007fbcc8a10b39 R08: 0000000000000001 R09: 0000000000000000
[   86.031984][ T5350] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.035303][ T5350] R13: 0000000000000000 R14: 00007fbcc8bb6080 R15: 00007fffdc2d9738
[   86.038993][ T5350]  </TASK>
[   86.041196][ T5350] Kernel Offset: disabled
[   86.043770][ T5350] Rebooting in 86400 seconds..