program:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)={0x24, r1, 0x5, 0x4000000, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x8}]}, 0x24}}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="050000000000000000020000000008000600", @ANYRES32=r5, @ANYBLOB="0a0034000202020202020000080026006c090000"], 0x30}}, 0x0) (async)
r6 = syz_open_dev$evdev(&(0x7f0000000000), 0x1, 0x101000)
ioctl$EVIOCGUNIQ(r6, 0x80404508, &(0x7f0000000540)=""/238) (async)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=ANY=[@ANYBLOB="5000000008021100000108021100000008000000000064000100000602020202020201018200"/47], 0x2f)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, 0x0)
syz_80211_inject_frame(&(0x7f00000003c0)=@broadcast, &(0x7f0000000040)=@ctrl_frame=@cf_end={{}, {0x4}, @device_b, @from_mac}, 0x19) (async)
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000240)='./bus\x00', 0x8008, &(0x7f0000000100)=ANY=[@ANYRES64=0x0], 0xf, 0xab, &(0x7f0000010140)="$eJzs1zGKwkAYBeB/s7CbdptFsLBO4x08ilhqI1aK4A3Ei3gVj5DewiKtiCOYiIidRQT5vmLgzWPgtbM7brubIiKtIlLRme7T3Wy+GA8n9Rl8pCwifiMij4jeX50Pg7r7avqyWo7K6vv58c+69b0AAMDrsug/5nNqLk7NL/Aa/m993vI+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHe7BAAA//+dfyiL")
rename(&(0x7f0000000680)='./bus\x00', &(0x7f00000006c0)='./bus\x00') (async)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='rdma.current\x00', 0x275a, 0x0)
write$binfmt_script(r7, &(0x7f00000008c0), 0xfecc) (async)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000000100), 0xfecc)
r9 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NL80211_CMD_JOIN_IBSS(r8, &(0x7f0000000640)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000380)={&(0x7f0000000180)={0x40, r1, 0x400, 0x70bd25, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_HT_CAPABILITY={0x1e, 0x1f, {0x80, 0x0, 0x3, 0x0, {0x40000000, 0xf, 0x0, 0x380, 0x0, 0x1, 0x1, 0x1, 0x1}, 0x800, 0xffffffff, 0x7}}, @NL80211_ATTR_MCAST_RATE={0x8, 0x6b, 0x9}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4004) (async)
sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) (async)
r10 = syz_open_procfs(0x0, &(0x7f0000001100)='gid_map\x00')
writev(r10, &(0x7f0000001540)=[{&(0x7f0000001180)="7f", 0x1}], 0x2) (async)
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val, @void}, 0x20)
syz_80211_inject_frame(&(0x7f0000000300)=@device_b, &(0x7f00000008c0)=@mgmt_frame=@beacon={{{}, {}, @device_b, @device_b, @from_mac}, 0x0, @default, 0x1, @void, @void, @val={0x3, 0x1, 0x88}, @val={0x4, 0x6, {0xf5, 0x1, 0x51b2, 0xb}}, @void, @val={0x5, 0x3, {0x7e, 0x1f, 0x8}}, @void, @val={0x2a, 0x1, {0x1, 0x1}}, @val={0x3c, 0x4, {0x0, 0x79, 0xa1, 0x5}}, @val={0x2d, 0xfffffffffffffed5, {0x800, 0x3, 0x1, 0x0, {0x5, 0x5, 0x0, 0x6, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x6, 0x4, 0x5}}, @void, @void, @val={0x76, 0x6, {0x0, 0x9, 0x3d, 0x1}}}, 0x6a)

[   74.695070][ T5305] Bluetooth: hci0: command tx timeout
[   74.811261][ T5326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.876317][ T5330] loop0: detected capacity change from 0 to 64
[   74.881667][ T5326] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[   74.909262][ T5325] ------------[ cut here ]------------
[   74.912101][ T5325] WARNING: CPU: 0 PID: 5325 at fs/buffer.c:1189 mark_buffer_dirty+0x2a9/0x410
[   74.916203][ T5325] Modules linked in:
[   74.918248][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[   74.923140][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   74.927817][ T5325] RIP: 0010:mark_buffer_dirty+0x2a9/0x410
[   74.930451][ T5325] Code: 4c 89 f7 e8 c9 b9 dd ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 94 33 fc ff e8 df 36 7a ff eb 8c e8 d8 36 7a ff 90 <0f> 0b 90 e9 95 fd ff ff e8 ca 36 7a ff 90 0f 0b 90 e9 bf fd ff ff
[   74.938513][ T5325] RSP: 0018:ffffc9000d66f608 EFLAGS: 00010293
[   74.941223][ T5325] RAX: ffffffff82461648 RBX: ffff888031cb29f8 RCX: ffff888000d62440
[   74.944457][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   74.947896][ T5325] RBP: ffff8880351be001 R08: ffff888031cb29ff R09: 1ffff1100639653f
[   74.951290][ T5325] R10: dffffc0000000000 R11: ffffed1006396540 R12: ffff88804d25e000
[   74.954645][ T5325] R13: ffff888031ca9910 R14: ffff888031cb29f8 R15: 0000000000000010
[   74.958063][ T5325] FS:  00007f8ff52626c0(0000) GS:ffff88808d251000(0000) knlGS:0000000000000000
[   74.961908][ T5325] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   74.964694][ T5325] CR2: 0000200000001000 CR3: 0000000030b59000 CR4: 0000000000352ef0
[   74.968065][ T5325] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   74.971534][ T5325] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   74.974878][ T5325] Call Trace:
[   74.976364][ T5325]  <TASK>
[   74.977703][ T5325]  bfs_get_block+0x5da/0xae0
[   74.979718][ T5325]  __block_write_begin_int+0x6b5/0x1900
[   74.982211][ T5325]  ? __pfx_bfs_get_block+0x10/0x10
[   74.984557][ T5325]  ? __pfx___block_write_begin_int+0x10/0x10
[   74.987193][ T5325]  ? __filemap_get_folio+0x79f/0xaf0
[   74.989472][ T5325]  ? __pfx_bfs_get_block+0x10/0x10
[   74.991924][ T5325]  block_write_begin+0x8a/0x120
[   74.994060][ T5325]  ? bfs_write_begin+0x1e/0xd0
[   74.996053][ T5325]  bfs_write_begin+0x35/0xd0
[   74.998039][ T5325]  generic_perform_write+0x2c7/0x910
[   75.000191][ T5325]  ? __pfx_generic_perform_write+0x10/0x10
[   75.002953][ T5325]  ? file_update_time+0x2da/0x490
[   75.005056][ T5325]  ? __generic_file_write_iter+0xf9/0x230
[   75.007488][ T5325]  ? generic_file_write_iter+0xfb/0x540
[   75.009875][ T5325]  generic_file_write_iter+0x10f/0x540
[   75.012470][ T5325]  ? __pfx_generic_file_write_iter+0x10/0x10
[   75.015508][ T5325]  ? __lock_acquire+0xab9/0xd20
[   75.018044][ T5325]  ? rcu_read_lock_any_held+0xb3/0x120
[   75.020920][ T5325]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   75.023802][ T5325]  vfs_write+0x54b/0xa90
[   75.025765][ T5325]  ? __pfx_generic_file_write_iter+0x10/0x10
[   75.028379][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   75.030595][ T5325]  ? __fget_files+0x2a/0x420
[   75.032623][ T5325]  ksys_write+0x145/0x250
[   75.034460][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   75.036561][ T5325]  ? rcu_is_watching+0x15/0xb0
[   75.038579][ T5325]  ? do_syscall_64+0xbe/0x3b0
[   75.040710][ T5325]  do_syscall_64+0xfa/0x3b0
[   75.042679][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.044802][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.047335][ T5325]  ? clear_bhb_loop+0x60/0xb0
[   75.049378][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.051992][ T5325] RIP: 0033:0x7f8ff438e929
[   75.053948][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.062023][ T5325] RSP: 002b:00007f8ff5262038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.065517][ T5325] RAX: ffffffffffffffda RBX: 00007f8ff45b5fa0 RCX: 00007f8ff438e929
[   75.068737][ T5325] RDX: 000000000000fecc RSI: 00002000000008c0 RDI: 0000000000000007
[   75.072224][ T5325] RBP: 00007f8ff4410b39 R08: 0000000000000000 R09: 0000000000000000
[   75.075527][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.078908][ T5325] R13: 0000000000000000 R14: 00007f8ff45b5fa0 R15: 00007ffdd90be838
[   75.082605][ T5325]  </TASK>
[   75.083980][ T5325] Kernel panic - not syncing: kernel: panic_on_warn set ...
[   75.087136][ T5325] CPU: 0 UID: 0 PID: 5325 Comm: syz.0.0 Not tainted 6.16.0-rc3-syzkaller-00044-g7595b66ae9de #0 PREEMPT(full) 
[   75.091984][ T5325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   75.096595][ T5325] Call Trace:
[   75.098135][ T5325]  <TASK>
[   75.099521][ T5325]  dump_stack_lvl+0x99/0x250
[   75.101591][ T5325]  ? __asan_memcpy+0x40/0x70
[   75.103558][ T5325]  ? __pfx_dump_stack_lvl+0x10/0x10
[   75.105821][ T5325]  ? __pfx__printk+0x10/0x10
[   75.107821][ T5325]  panic+0x2db/0x790
[   75.109595][ T5325]  ? __pfx_panic+0x10/0x10
[   75.111554][ T5325]  ? show_trace_log_lvl+0x4fb/0x550
[   75.113790][ T5325]  __warn+0x31b/0x4b0
[   75.115554][ T5325]  ? mark_buffer_dirty+0x2a9/0x410
[   75.117680][ T5325]  ? mark_buffer_dirty+0x2a9/0x410
[   75.119827][ T5325]  report_bug+0x2be/0x4f0
[   75.121721][ T5325]  ? mark_buffer_dirty+0x2a9/0x410
[   75.123865][ T5325]  ? mark_buffer_dirty+0x2a9/0x410
[   75.126067][ T5325]  ? mark_buffer_dirty+0x2ab/0x410
[   75.128161][ T5325]  handle_bug+0x84/0x160
[   75.130020][ T5325]  exc_invalid_op+0x1a/0x50
[   75.132071][ T5325]  asm_exc_invalid_op+0x1a/0x20
[   75.134184][ T5325] RIP: 0010:mark_buffer_dirty+0x2a9/0x410
[   75.136539][ T5325] Code: 4c 89 f7 e8 c9 b9 dd ff 49 8b 3e be 20 00 00 00 5b 41 5c 41 5e 41 5f 5d e9 94 33 fc ff e8 df 36 7a ff eb 8c e8 d8 36 7a ff 90 <0f> 0b 90 e9 95 fd ff ff e8 ca 36 7a ff 90 0f 0b 90 e9 bf fd ff ff
[   75.144626][ T5325] RSP: 0018:ffffc9000d66f608 EFLAGS: 00010293
[   75.147186][ T5325] RAX: ffffffff82461648 RBX: ffff888031cb29f8 RCX: ffff888000d62440
[   75.150482][ T5325] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[   75.153766][ T5325] RBP: ffff8880351be001 R08: ffff888031cb29ff R09: 1ffff1100639653f
[   75.156955][ T5325] R10: dffffc0000000000 R11: ffffed1006396540 R12: ffff88804d25e000
[   75.160315][ T5325] R13: ffff888031ca9910 R14: ffff888031cb29f8 R15: 0000000000000010
[   75.163652][ T5325]  ? mark_buffer_dirty+0x2a8/0x410
[   75.165865][ T5325]  ? mark_buffer_dirty+0x2a8/0x410
[   75.168115][ T5325]  bfs_get_block+0x5da/0xae0
[   75.170088][ T5325]  __block_write_begin_int+0x6b5/0x1900
[   75.172460][ T5325]  ? __pfx_bfs_get_block+0x10/0x10
[   75.174725][ T5325]  ? __pfx___block_write_begin_int+0x10/0x10
[   75.177317][ T5325]  ? __filemap_get_folio+0x79f/0xaf0
[   75.179611][ T5325]  ? __pfx_bfs_get_block+0x10/0x10
[   75.181838][ T5325]  block_write_begin+0x8a/0x120
[   75.183904][ T5325]  ? bfs_write_begin+0x1e/0xd0
[   75.185987][ T5325]  bfs_write_begin+0x35/0xd0
[   75.188078][ T5325]  generic_perform_write+0x2c7/0x910
[   75.190389][ T5325]  ? __pfx_generic_perform_write+0x10/0x10
[   75.192947][ T5325]  ? file_update_time+0x2da/0x490
[   75.195116][ T5325]  ? __generic_file_write_iter+0xf9/0x230
[   75.197508][ T5325]  ? generic_file_write_iter+0xfb/0x540
[   75.199942][ T5325]  generic_file_write_iter+0x10f/0x540
[   75.202409][ T5325]  ? __pfx_generic_file_write_iter+0x10/0x10
[   75.205036][ T5325]  ? __lock_acquire+0xab9/0xd20
[   75.207155][ T5325]  ? rcu_read_lock_any_held+0xb3/0x120
[   75.209526][ T5325]  ? __pfx_rcu_read_lock_any_held+0x10/0x10
[   75.211905][ T5325]  vfs_write+0x54b/0xa90
[   75.213555][ T5325]  ? __pfx_generic_file_write_iter+0x10/0x10
[   75.215964][ T5325]  ? __pfx_vfs_write+0x10/0x10
[   75.217860][ T5325]  ? __fget_files+0x2a/0x420
[   75.219882][ T5325]  ksys_write+0x145/0x250
[   75.221886][ T5325]  ? __pfx_ksys_write+0x10/0x10
[   75.224044][ T5325]  ? rcu_is_watching+0x15/0xb0
[   75.225968][ T5325]  ? do_syscall_64+0xbe/0x3b0
[   75.227715][ T5325]  do_syscall_64+0xfa/0x3b0
[   75.229414][ T5325]  ? lockdep_hardirqs_on+0x9c/0x150
[   75.231387][ T5325]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.233793][ T5325]  ? clear_bhb_loop+0x60/0xb0
[   75.235938][ T5325]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   75.238515][ T5325] RIP: 0033:0x7f8ff438e929
[   75.240218][ T5325] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   75.248112][ T5325] RSP: 002b:00007f8ff5262038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[   75.251746][ T5325] RAX: ffffffffffffffda RBX: 00007f8ff45b5fa0 RCX: 00007f8ff438e929
[   75.255251][ T5325] RDX: 000000000000fecc RSI: 00002000000008c0 RDI: 0000000000000007
[   75.258642][ T5325] RBP: 00007f8ff4410b39 R08: 0000000000000000 R09: 0000000000000000
[   75.262143][ T5325] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   75.265310][ T5325] R13: 0000000000000000 R14: 00007f8ff45b5fa0 R15: 00007ffdd90be838
[   75.268771][ T5325]  </TASK>
[   75.270491][ T5325] Kernel Offset: disabled
[   75.272371][ T5325] Rebooting in 86400 seconds..