program:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0}) (async)
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f00000008c0), 0xfecc) (async)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r4, &(0x7f0000000100), 0xfecc)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}]}, 0x4c}}, 0x2) (async)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_JOIN_IBSS(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000003c0)={0x40, r7, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x6}], @NL80211_ATTR_BSS_BASIC_RATES={0x5, 0x24, [{}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x40}}, 0x0) (async)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r9, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) (async)
r10 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) (async)
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) (async)
r11 = socket$nl_generic(0x10, 0x3, 0x10)
r12 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r11, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r13=>0x0})
sendmsg$NL80211_CMD_CONNECT(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x30, r12, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r13}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x30}}, 0x0) (async)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000540)=ANY=[@ANYBLOB="5000000008021100000108021100000008021100000000000200000000000000640001000006020202020202010112"], 0x57)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0) (async)
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e) (async)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20) (async)
r14 = socket$nl_generic(0x10, 0x3, 0x10)
r15 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0), r14)
sendmsg$TIPC_NL_BEARER_ENABLE(r14, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000042c0)={&(0x7f0000000040)={0x6c, r15, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x58, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x0, 0x0, @loopback}}, {0x20, 0x2, @in6={0xa, 0x0, 0x0, @loopback}}}}]}]}, 0x6c}}, 0x0)

[   85.595222][ T5295] Bluetooth: hci0: command tx timeout
[   85.713798][ T5316] loop0: detected capacity change from 0 to 64
[   85.802602][ T5317] ------------[ cut here ]------------
[   85.805555][ T5317] !buffer_uptodate(bh)
[   85.805566][ T5317] WARNING: fs/buffer.c:1180 at mark_buffer_dirty+0x299/0x440, CPU#0: syz.0.0/5317
[   85.811508][ T5317] Modules linked in:
[   85.813422][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.817463][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.821884][ T5317] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   85.824565][ T5317] Code: 4c 89 f7 e8 99 05 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 54 61 fb ff e8 1f 52 6e ff eb 8c e8 18 52 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 0a 52 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   85.833049][ T5317] RSP: 0018:ffffc9000dd97608 EFLAGS: 00010293
[   85.835917][ T5317] RAX: ffffffff82574908 RBX: ffff888047b72910 RCX: ffff88801f7cc900
[   85.839440][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   85.842757][ T5317] RBP: ffff88801f44a001 R08: ffff888047b72917 R09: 1ffff11008f6e522
[   85.846484][ T5317] R10: dffffc0000000000 R11: ffffed1008f6e523 R12: ffff88805611b000
[   85.849966][ T5317] R13: ffff888047b69740 R14: ffff888047b72910 R15: 0000000000000010
[   85.853444][ T5317] FS:  00007fd4980056c0(0000) GS:ffff88808ca5b000(0000) knlGS:0000000000000000
[   85.857391][ T5317] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   85.860250][ T5317] CR2: 0000200000001000 CR3: 0000000038a5a000 CR4: 0000000000352ef0
[   85.863736][ T5317] Call Trace:
[   85.865513][ T5317]  <TASK>
[   85.866939][ T5317]  bfs_get_block+0x5da/0xae0
[   85.868997][ T5317]  __block_write_begin_int+0x6c6/0x1910
[   85.871561][ T5317]  ? __pfx_bfs_get_block+0x10/0x10
[   85.873880][ T5317]  ? __pfx___block_write_begin_int+0x10/0x10
[   85.876669][ T5317]  ? __pfx_bfs_get_block+0x10/0x10
[   85.879035][ T5317]  block_write_begin+0x8d/0x120
[   85.881217][ T5317]  ? bfs_write_begin+0x1e/0xd0
[   85.883335][ T5317]  bfs_write_begin+0x35/0xd0
[   85.885493][ T5317]  generic_perform_write+0x2e2/0x8f0
[   85.887908][ T5317]  ? __pfx_generic_perform_write+0x10/0x10
[   85.890533][ T5317]  ? file_update_time_flags+0x219/0x4a0
[   85.893035][ T5317]  ? __generic_file_write_iter+0xf9/0x230
[   85.895676][ T5317]  ? generic_file_write_iter+0x136/0x680
[   85.898579][ T5317]  generic_file_write_iter+0x14a/0x680
[   85.900989][ T5317]  ? __pfx_generic_file_write_iter+0x10/0x10
[   85.903663][ T5317]  ? add_lock_to_list+0xc7/0x100
[   85.906235][ T5317]  ? lockdep_unlock+0x5d/0xd0
[   85.908343][ T5317]  ? __lock_acquire+0x146e/0x2cf0
[   85.910681][ T5317]  vfs_write+0x61d/0xb90
[   85.912607][ T5317]  ? __pfx_vfs_write+0x10/0x10
[   85.914933][ T5317]  ? __fget_files+0x2a/0x420
[   85.917045][ T5317]  ksys_write+0x150/0x270
[   85.919025][ T5317]  ? __pfx_ksys_write+0x10/0x10
[   85.921155][ T5317]  do_syscall_64+0x14d/0xf80
[   85.923271][ T5317]  ? trace_irq_disable+0x3b/0x150
[   85.925678][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.928329][ T5317]  ? clear_bhb_loop+0x40/0x90
[   85.930429][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   85.933074][ T5317] RIP: 0033:0x7fd49719c629
[   85.935162][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   85.943617][ T5317] RSP: 002b:00007fd498005028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   85.947325][ T5317] RAX: ffffffffffffffda RBX: 00007fd497416090 RCX: 00007fd49719c629
[   85.950781][ T5317] RDX: 000000000000fecc RSI: 0000200000000100 RDI: 0000000000000006
[   85.954412][ T5317] RBP: 00007fd497232b39 R08: 0000000000000000 R09: 0000000000000000
[   85.957931][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   85.961339][ T5317] R13: 00007fd497416128 R14: 00007fd497416090 R15: 00007fff3dc487e8
[   85.964928][ T5317]  </TASK>
[   85.966358][ T5317] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   85.969538][ T5317] CPU: 0 UID: 0 PID: 5317 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   85.973393][ T5317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   85.977628][ T5317] Call Trace:
[   85.979154][ T5317]  <TASK>
[   85.980319][ T5317]  vpanic+0x56c/0xa60
[   85.981883][ T5317]  ? __pfx__printk+0x10/0x10
[   85.983816][ T5317]  ? __pfx_vpanic+0x10/0x10
[   85.985789][ T5317]  ? is_bpf_text_address+0x292/0x2b0
[   85.988077][ T5317]  ? is_bpf_text_address+0x26/0x2b0
[   85.990303][ T5317]  panic+0xc5/0xd0
[   85.991965][ T5317]  ? __pfx_panic+0x10/0x10
[   85.994057][ T5317]  __warn+0x315/0x4f0
[   85.995795][ T5317]  ? mark_buffer_dirty+0x299/0x440
[   85.997974][ T5317]  ? mark_buffer_dirty+0x299/0x440
[   86.000130][ T5317]  __report_bug+0x29a/0x540
[   86.002155][ T5317]  ? filemap_get_entry+0xca/0x320
[   86.004377][ T5317]  ? mark_buffer_dirty+0x299/0x440
[   86.006617][ T5317]  ? __pfx___report_bug+0x10/0x10
[   86.008782][ T5317]  ? __pfx_folio_mark_accessed+0x10/0x10
[   86.011260][ T5317]  ? trace_kmem_cache_alloc+0x29/0xf0
[   86.013655][ T5317]  ? mark_buffer_dirty+0x299/0x440
[   86.016039][ T5317]  report_bug+0x16a/0x220
[   86.017933][ T5317]  ? mark_buffer_dirty+0x299/0x440
[   86.020054][ T5317]  ? mark_buffer_dirty+0x29b/0x440
[   86.022311][ T5317]  handle_bug+0x98/0x200
[   86.024156][ T5317]  exc_invalid_op+0x1a/0x50
[   86.026222][ T5317]  asm_exc_invalid_op+0x1a/0x20
[   86.028217][ T5317] RIP: 0010:mark_buffer_dirty+0x299/0x440
[   86.030487][ T5317] Code: 4c 89 f7 e8 99 05 da ff 49 8b 3e be 40 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 54 61 fb ff e8 1f 52 6e ff eb 8c e8 18 52 6e ff 90 <0f> 0b 90 e9 a5 fd ff ff e8 0a 52 6e ff 90 0f 0b 90 e9 cf fd ff ff
[   86.038163][ T5317] RSP: 0018:ffffc9000dd97608 EFLAGS: 00010293
[   86.041164][ T5317] RAX: ffffffff82574908 RBX: ffff888047b72910 RCX: ffff88801f7cc900
[   86.045078][ T5317] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   86.048793][ T5317] RBP: ffff88801f44a001 R08: ffff888047b72917 R09: 1ffff11008f6e522
[   86.052407][ T5317] R10: dffffc0000000000 R11: ffffed1008f6e523 R12: ffff88805611b000
[   86.055968][ T5317] R13: ffff888047b69740 R14: ffff888047b72910 R15: 0000000000000010
[   86.059577][ T5317]  ? mark_buffer_dirty+0x298/0x440
[   86.061932][ T5317]  ? mark_buffer_dirty+0x298/0x440
[   86.064112][ T5317]  bfs_get_block+0x5da/0xae0
[   86.066138][ T5317]  __block_write_begin_int+0x6c6/0x1910
[   86.068596][ T5317]  ? __pfx_bfs_get_block+0x10/0x10
[   86.070670][ T5317]  ? __pfx___block_write_begin_int+0x10/0x10
[   86.073152][ T5317]  ? __pfx_bfs_get_block+0x10/0x10
[   86.075410][ T5317]  block_write_begin+0x8d/0x120
[   86.077543][ T5317]  ? bfs_write_begin+0x1e/0xd0
[   86.079640][ T5317]  bfs_write_begin+0x35/0xd0
[   86.081703][ T5317]  generic_perform_write+0x2e2/0x8f0
[   86.084078][ T5317]  ? __pfx_generic_perform_write+0x10/0x10
[   86.086598][ T5317]  ? file_update_time_flags+0x219/0x4a0
[   86.088980][ T5317]  ? __generic_file_write_iter+0xf9/0x230
[   86.091447][ T5317]  ? generic_file_write_iter+0x136/0x680
[   86.093847][ T5317]  generic_file_write_iter+0x14a/0x680
[   86.096330][ T5317]  ? __pfx_generic_file_write_iter+0x10/0x10
[   86.098921][ T5317]  ? add_lock_to_list+0xc7/0x100
[   86.101057][ T5317]  ? lockdep_unlock+0x5d/0xd0
[   86.103382][ T5317]  ? __lock_acquire+0x146e/0x2cf0
[   86.105715][ T5317]  vfs_write+0x61d/0xb90
[   86.107579][ T5317]  ? __pfx_vfs_write+0x10/0x10
[   86.109762][ T5317]  ? __fget_files+0x2a/0x420
[   86.111911][ T5317]  ksys_write+0x150/0x270
[   86.113859][ T5317]  ? __pfx_ksys_write+0x10/0x10
[   86.115957][ T5317]  do_syscall_64+0x14d/0xf80
[   86.117972][ T5317]  ? trace_irq_disable+0x3b/0x150
[   86.120163][ T5317]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.122739][ T5317]  ? clear_bhb_loop+0x40/0x90
[   86.124825][ T5317]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.127254][ T5317] RIP: 0033:0x7fd49719c629
[   86.129035][ T5317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.137127][ T5317] RSP: 002b:00007fd498005028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   86.140791][ T5317] RAX: ffffffffffffffda RBX: 00007fd497416090 RCX: 00007fd49719c629
[   86.144085][ T5317] RDX: 000000000000fecc RSI: 0000200000000100 RDI: 0000000000000006
[   86.147556][ T5317] RBP: 00007fd497232b39 R08: 0000000000000000 R09: 0000000000000000
[   86.151117][ T5317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   86.154500][ T5317] R13: 00007fd497416128 R14: 00007fd497416090 R15: 00007fff3dc487e8
[   86.157632][ T5317]  </TASK>
[   86.159436][ T5317] Kernel Offset: disabled
[   86.161417][ T5317] Rebooting in 86400 seconds..