program:
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'nicvf0\x00', 0x1})
ioctl$TUNSETTXFILTER(r1, 0x400454d1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000017, 0x38011, r0, 0x4000)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040), 0x208e24b)
ioctl$FS_IOC_FSSETXATTR(r2, 0x401c5820, &(0x7f0000000240)={0x8, 0x8, 0x5, 0xfffffffc, 0x1000})
ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000180))
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
r3 = openat$sr(0xffffffffffffff9c, &(0x7f0000000280), 0x5c401, 0x0)
r4 = geteuid()
newfstatat(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x800)
getsockopt$inet6_IPV6_IPSEC_POLICY(r2, 0x29, 0x22, &(0x7f0000000380)={{{@in=@initdev, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@private0}, 0x0, @in6=@remote}}, &(0x7f0000000480)=0xe8)
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x102000, &(0x7f00000004c0)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, r4}, 0x2c, {'group_id', 0x3d, r5}, 0x2c, {[{@default_permissions}, {@blksize={'blksize', 0x3d, 0x2e00}}, {@allow_other}, {@allow_other}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x800}}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x600}}], [{@rootcontext={'rootcontext', 0x3d, 'staff_u'}}, {@euid_lt={'euid<', r6}}, {@dont_appraise}]}}, 0x0, 0x0, &(0x7f0000000640)="2a7c53734d8de8f370d8e3f0325fc3b1e943d89b39565d4372d22a191f1357a7f4e67d0278332aaaab1ab3411ea42343cc4ed95263e1fdad627ce85615baff702bbd9c2a5840723b0a14b265ce")
r7 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x121003, 0x0)
ioctl$FS_IOC_SETFLAGS(r7, 0x40081271, &(0x7f0000000980)=0x4000)
ioctl$TIOCL_SCROLLCONSOLE(0xffffffffffffffff, 0x541c, &(0x7f0000003d00)={0xd, 0x10000})
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0)
r9 = syz_open_dev$loop(&(0x7f00000000c0), 0xa, 0x46c42)
r10 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r10, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0xfffffed4, 0x20}}, 0x20)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x80e, &(0x7f00000000c0)={[{@quota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@barrier_val={'barrier', 0x3d, 0x5}}, {@stripe={'stripe', 0x3d, 0x4}}, {@block_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}]}, 0x3, 0x474, &(0x7f0000000880)="$eJzs28tvG0UYAPBv7Th901DaQh9AoCBFPJI2LVAJDoBA4gASEhzKMSRuFeo2qAkSrSIoCJUjqsSdMxJ/ASe4IOCExBXuqFKFcmnhZLT2buI4dp5OnOLfT9pkZnesmW93x57ZsQPoWYPpnyRib0T8ERH769nFBQbr/+7OzY7/Mzc7nkS1+s7fSa3cnbnZ8bxo/ro9WWaoEFH4IoljLeqdvnrt4lilUr6S5UdmLn04Mn312rOTl8YulC+UL4+ePXvm9KkXnh99riNxpm26c/STqeNH3njv5lvj526+/8t3SR5/UxwbsXMhObhcuSer1U5Ut23sa0gnfSuXz87ToX2b1iJWoxgR6eUq1fr//ijGwsXbH69/3tXGAZuqWq1W97Q/fL0K/I8l0e0WAN2Rf9Cn899826Khx7Zw+5X6BCiN+2621Y/0RSErU2qa33bSYEScu/7vN+kWHXwOAQDQzg/p+OeZVuO/QhxuKHdftjY0EBH3R8SBiHggIg5GxKGIWtkHI+KhNdbfvEiydPxTuLWuwFYpHf+9lK1tLR7/5aO/GChmuX21+EvFmKyUT2bnZChKO85PVsqnlqnjx9d+/6rdscbxX7ql9edjwawdt/p2LH7NxNjM2EZibnT7s4ijfa3iT+ZXApKIOBIRR9dZx+RT3x5vd2zl+JexinWmlcxPgOZmr0dT/Llk+fXJkZ1RKZ8cOZ/dFUv9+tuNt9vVv6H4OyC9/rtb3v/z8Q8k2XptqVIpX5leex03/vyy7Zxmzff/4fr935+8W8v2Z7s/HpuZuXIqoj95s97oxv2jCy/P83n5NP6hE637/4FYOBPHIiK9iR+OiEci4tGs7Y9FxOMRcWKZ+H9+9YkP1h//5krjn1jl9a+t1zck+qN5T+tE8eJP3y+qdGAt8afX/0wtNZTtWc37X155vrZRb87L0dzAjZw7AAAAuFcUImJvJIXh+XShMDxc/778wdhdqExNzzx9fuqjyxP13wgMRKmQP+mqPw8uJfnzz4GG/Gj2nfs8fzp7bvx1cVctPzw+VZnodvDQ4/a06f+pv4rdbh2w6Tqwjgbco5b2/11daQew9Xz+Q+/S/6F3tej/JgDQI1p9/n/auuiOzW4LsLWa+r9lP+gh5v/Qu/R/6F36P/Sk6V1LfhK/OPFif8TVaxfTsiv/0l9idYm92dnfLu1ZTyIK26IZEpuU6O77EgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKf8FwAA///kL9n0")
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000000)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000003c0)='./file1\x00')
getsockopt$PNPIPE_IFINDEX(r3, 0x113, 0x2, &(0x7f0000000700)=<r11=>0x0, &(0x7f0000000740)=0x4)
sendmsg$nl_route_sched(r3, &(0x7f0000000800)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000007c0)={&(0x7f0000000780)=@getqdisc={0x30, 0x26, 0x100, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r11, {0x9, 0x5}, {0xc, 0xfffa}, {0x7, 0xd}}, [{0x4}, {0x4}, {0x4}]}, 0x30}, 0x1, 0x0, 0x0, 0x55a3f69d35579c46}, 0x810)
ioctl$LOOP_CONFIGURE(r9, 0x4c0a, &(0x7f0000001ac0)={r8, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1c, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}})
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000100)={&(0x7f0000000140)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1b, 0x1b, 0x6, [@datasec={0x4, 0x0, 0x0, 0xf, 0x3, [], "491eaf"}, @fwd={0xa}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x3a, 0x0, 0x1}, 0x28)

[   75.671406][ T4671] Bluetooth: hci0: command tx timeout
[   75.909249][ T5322] ------------[ cut here ]------------
[   75.912023][ T5322] kernel BUG at ./include/linux/pagemap.h:1408!
[   75.914847][ T5322] Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI
[   75.917711][ T5322] CPU: 0 UID: 0 PID: 5322 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   75.921631][ T5322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.925966][ T5322] RIP: 0010:mpage_readahead+0x765/0x790
[   75.928440][ T5322] Code: c6 c0 2c 7a 8b e8 4b b9 dc fe 90 0f 0b e8 d3 e0 74 ff 4c 89 ff 48 c7 c6 a0 2b 7a 8b e8 34 b9 dc fe 90 0f 0b e8 bc e0 74 ff 90 <0f> 0b e8 b4 e0 74 ff 4c 89 ff 48 c7 c6 c0 2c 7a 8b e8 15 b9 dc fe
[   75.937708][ T5322] RSP: 0018:ffffc9000d42f000 EFLAGS: 00010287
[   75.940302][ T5322] RAX: ffffffff824b3574 RBX: 0000000000000004 RCX: 0000000000100000
[   75.943706][ T5322] RDX: ffffc9000e02a000 RSI: 0000000000083b20 RDI: 0000000000083b21
[   75.947091][ T5322] RBP: ffffc9000d42f1f0 R08: ffffea0001450907 R09: 1ffffd400028a120
[   75.950600][ T5322] R10: dffffc0000000000 R11: fffff9400028a121 R12: ffffc9000d42f468
[   75.954143][ T5322] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc9000d42f480
[   75.957518][ T5322] FS:  00007f35876a96c0(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000
[   75.961304][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   75.963874][ T5322] CR2: 00007f3586773360 CR3: 000000000b4ee000 CR4: 0000000000352ef0
[   75.967036][ T5322] Call Trace:
[   75.968541][ T5322]  <TASK>
[   75.969900][ T5322]  ? __pfx_mpage_readahead+0x10/0x10
[   75.972293][ T5322]  ? lru_add+0xa2f/0xd80
[   75.974110][ T5322]  ? __pfx_blkdev_get_block+0x10/0x10
[   75.976478][ T5322]  ? blk_start_plug+0x6f/0x1b0
[   75.978556][ T5322]  read_pages+0x17a/0x580
[   75.980468][ T5322]  ? xa_load+0x60/0x210
[   75.982322][ T5322]  ? __pfx_read_pages+0x10/0x10
[   75.984564][ T5322]  ? xa_load+0x1ea/0x210
[   75.986425][ T5322]  page_cache_ra_unbounded+0x3ea/0x9a0
[   75.988805][ T5322]  do_sync_mmap_readahead+0x25e/0x7a0
[   75.991162][ T5322]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[   75.993626][ T5322]  ? count_memcg_event_mm+0x1d/0x250
[   75.995879][ T5322]  ? count_memcg_event_mm+0x1d/0x250
[   75.998265][ T5322]  filemap_fault+0x6b9/0x12b0
[   76.000399][ T5322]  ? __pfx_filemap_fault+0x10/0x10
[   76.002608][ T5322]  ? __pfx_filemap_map_pages+0x10/0x10
[   76.004997][ T5322]  ? __handle_mm_fault+0x2789/0x5400
[   76.008280][ T5322]  __do_fault+0x138/0x390
[   76.010216][ T5322]  __handle_mm_fault+0x35e3/0x5400
[   76.012576][ T5322]  ? __pfx___handle_mm_fault+0x10/0x10
[   76.015021][ T5322]  ? find_vma+0xe7/0x160
[   76.017010][ T5322]  ? __pfx_find_vma+0x10/0x10
[   76.019137][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.021404][ T5322]  handle_mm_fault+0x40a/0x8e0
[   76.023457][ T5322]  do_user_addr_fault+0x764/0x1380
[   76.025709][ T5322]  exc_page_fault+0x82/0x100
[   76.027808][ T5322]  asm_exc_page_fault+0x26/0x30
[   76.030053][ T5322] RIP: 0010:fault_in_readable+0x8e/0x130
[   76.032518][ T5322] Code: a9 00 00 00 0f 01 cb 0f ae e8 4d 85 f6 40 0f 95 c5 4c 89 ff 4c 89 f6 e8 80 0a b5 ff 4d 39 f7 0f 97 c0 40 84 c5 74 43 4d 89 f5 <41> 8a 45 00 88 44 24 07 49 81 e5 00 f0 ff ff 4d 8d a5 00 10 00 00
[   76.040939][ T5322] RSP: 0018:ffffc9000d42faa8 EFLAGS: 00050202
[   76.043593][ T5322] RAX: ffffffff820b0e01 RBX: 0000000000000040 RCX: ffff88803e442480
[   76.047087][ T5322] RDX: 0000000000000002 RSI: 0000200000300000 RDI: 0000200000300040
[   76.050565][ T5322] RBP: dffffc0000000001 R08: ffff88803e442480 R09: 0000000000000002
[   76.054008][ T5322] R10: 0000000000000001 R11: 0000000000000002 R12: 00007ffffffff000
[   76.057413][ T5322] R13: 0000200000300000 R14: 0000200000300000 R15: 0000200000300040
[   76.060904][ T5322]  ? fault_in_readable+0x71/0x130
[   76.063192][ T5322]  ? fault_in_readable+0x80/0x130
[   76.065529][ T5322]  fault_in_iov_iter_readable+0x1b4/0x2f0
[   76.068147][ T5322]  generic_perform_write+0x7b5/0x900
[   76.070546][ T5322]  ? __pfx_generic_perform_write+0x10/0x10
[   76.073214][ T5322]  ? down_write+0x162/0x1f0
[   76.075302][ T5322]  ? file_update_time+0x2da/0x490
[   76.077620][ T5322]  shmem_file_write_iter+0xf8/0x120
[   76.079992][ T5322]  vfs_write+0x5c9/0xb30
[   76.081884][ T5322]  ? __pfx_shmem_file_write_iter+0x10/0x10
[   76.084509][ T5322]  ? __pfx_vfs_write+0x10/0x10
[   76.086734][ T5322]  ? __fget_files+0x2a/0x420
[   76.088869][ T5322]  ksys_write+0x145/0x250
[   76.090860][ T5322]  ? __pfx_ksys_write+0x10/0x10
[   76.093076][ T5322]  ? do_syscall_64+0xbe/0xfa0
[   76.095205][ T5322]  do_syscall_64+0xfa/0xfa0
[   76.097226][ T5322]  ? lockdep_hardirqs_on+0x9c/0x150
[   76.099609][ T5322]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.102233][ T5322]  ? clear_bhb_loop+0x60/0xb0
[   76.104247][ T5322]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   76.106681][ T5322] RIP: 0033:0x7f358678f6c9
[   76.108529][ T5322] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   76.116625][ T5322] RSP: 002b:00007f35876a9038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   76.120204][ T5322] RAX: ffffffffffffffda RBX: 00007f35869e5fa0 RCX: 00007f358678f6c9
[   76.123739][ T5322] RDX: 000000000208e24b RSI: 0000200000000040 RDI: 0000000000000005
[   76.127224][ T5322] RBP: 00007f3586811f91 R08: 0000000000000000 R09: 0000000000000000
[   76.130762][ T5322] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   76.134175][ T5322] R13: 00007f35869e6038 R14: 00007f35869e5fa0 R15: 00007ffcbc953048
[   76.137763][ T5322]  </TASK>
[   76.139214][ T5322] Modules linked in:
[   76.142068][ T5322] ---[ end trace 0000000000000000 ]---
[   76.197178][ T5326] loop0: detected capacity change from 0 to 512
[   76.204761][ T5326] /dev/loop0: Can't open blockdev
[   76.211760][ T5322] RIP: 0010:mpage_readahead+0x765/0x790
[   76.218822][ T5322] Code: c6 c0 2c 7a 8b e8 4b b9 dc fe 90 0f 0b e8 d3 e0 74 ff 4c 89 ff 48 c7 c6 a0 2b 7a 8b e8 34 b9 dc fe 90 0f 0b e8 bc e0 74 ff 90 <0f> 0b e8 b4 e0 74 ff 4c 89 ff 48 c7 c6 c0 2c 7a 8b e8 15 b9 dc fe
[   76.228576][ T5322] RSP: 0018:ffffc9000d42f000 EFLAGS: 00010287
[   76.232238][ T5322] RAX: ffffffff824b3574 RBX: 0000000000000004 RCX: 0000000000100000
[   76.235742][ T5322] RDX: ffffc9000e02a000 RSI: 0000000000083b20 RDI: 0000000000083b21
[   76.239067][ T5322] RBP: ffffc9000d42f1f0 R08: ffffea0001450907 R09: 1ffffd400028a120
[   76.242905][ T5322] R10: dffffc0000000000 R11: fffff9400028a121 R12: ffffc9000d42f468
[   76.245930][ T5322] R13: dffffc0000000000 R14: 0000000000000001 R15: ffffc9000d42f480
[   76.252198][ T5322] FS:  00007f35876a96c0(0000) GS:ffff88808d732000(0000) knlGS:0000000000000000
[   76.256178][ T5322] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   76.259134][ T5322] CR2: 00007f8605d909c0 CR3: 000000000b4ee000 CR4: 0000000000352ef0
[   76.262966][ T5322] Kernel panic - not syncing: Fatal exception
[   76.266059][ T5322] Kernel Offset: disabled
[   76.268098][ T5322] Rebooting in 86400 seconds..