program:
r0 = inotify_init1(0x80000)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f00000007c0)={[{@mblk_io_submit}]}, 0xfe, 0x526, &(0x7f0000001100)="$eJzs3U9vG2kZAPBnJnY2abPrLHBYVmJ3xS5KIqjTbOhuhNACEoLTSoVyDyFxoyhOXMVO20QVpOIDICEESFzgxAWJD4CE+hEQUiW4I0CgClo4cCgMsj1OQ2qnierYJfn9pDfzzj8/z2tnxvPOjDwBnFtvRcR0RGRZls1ERCmfnuYl9tqludyjh3eWmyWJLLv2tySSfFrntV7Khxfz1cYi4utfjfhW8nTc+s7u+lK1WtnKx2cbG8njLNu9tLaxtFpZrWzOvxLvLby/cGXhcl/aORkRH3z5zz/83s+/8sGvP3PrD4t/nf52u4FtB9vRT+2mF1vvRUchIrZOI9iQFFotbLsy5FwAADha83j/IxHxyYiYiVKMtI7mWmaGmxkAAADQL9kXJuJx0r7+BwAAAJxNaURMxNXRcn6/70Skabncvof3Y3EhrdbqjU9npf3zBZNRTK+vVSuX83sHJqOYNMfn8ntsO+PvHhqfj4hXI+IHpfHWeHm5Vl0Z6pkPAAAAOD8utvr8Sdrp//+z1O7/AwAAAGfM5LATAAAAAE6d/j8AAACcffr/AAAAcKZd/fDDZsk6z79eubmzvV67eWmlUl8vb2wvl5drWzfKq7Xa6oNCRG3jWa9XrdVufDY2t2/PNir1xmx9Z3dxo7a92Vhc+59HYAMAAAAD9Oqb936fRMTe58bTiMiSA/OKEdnIwYULg88POD3pSRb+0+nlAQzeyLATAIbGIT2cX8VhJwAM3bP2Az1v3vlN/3MBAABOx9TH96//t0rTaD4v6b7K3uCyA05Tfv0/6bGtA2eY6/9wfnXO+7sPAM6f4lFHADoFcOalx9jUn//6f5adKCkAAKDvJlolSct5P2Ai0rRcjni59ViAJ2cFX4mI35WKL11fq1bmWlMSpwcAAAAAAAAAAAAAAAAAAAAAAAAA4JiyLImsh/bTAGO013wAAADg/0NE+pckf/7XVOmdicPnB0aTf5Vaw4i49ZNrP7q91GhszTWn/31/euPH+fR3B376AgAAAOii00/v9OMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJ8ePbyz3CmDjPvgSxEx2S1+IcZaw7EoRsSFfyRROLBeEhEjfYi/dzciXusWP2mmFZN5FofjpxExPuT4F/sQH86ze839zxe7bX9pvNUadt/+Cnl5Xu3930jX+J3930iP/d/L3V4wfXrS6/d/Odsz/t2I1wvd9z+d+En+JhQOxG6Wt4/Zxm9+Y3e317zsZxFTXb9/kv1lmrXZpHBjtr6ze2ltY2m1slrZnJ+fe2/h/YUrC5dnr69VK/nfrjG+/4lf/eeo9l/oEX/ySfu7vv/vHLP9/75/++FH29XioVnF+GmWTb/d/f/vtXb8zy8eit/57vtU/nE3x6c69b12/aA3fvHbN948ov0rPdo/9oz2Tx+z/TNf++4fj7koADAA9Z3d9aVqtbJ1skoSsfccq6v0qozHC5FGnyvjMcCgS3HUMp2D2AHk85081AvxEZy4Mrx9EgAAcDqS/YP+YWcCAAAAAAAAAAAAAAAAAAAA51d9Z/TI3yc75s/RPcraui5zOObecJoKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCk/wYAAP//CIzIxg==")
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = socket$unix(0x1, 0x2, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000480), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010028bd7000fddbdf250700000008000300", @ANYRES32=r4, @ANYBLOB="0c009900ff070000070000001400040073797a6b616c6c6572300000000000000800050006"], 0x44}, 0x1, 0x0, 0x0, 0x81}, 0x24044884)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r5)
socket$inet_sctp(0x2, 0x1, 0x84)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff)
perf_event_open(&(0x7f00000004c0)={0x1, 0x80, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0xa16ae, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, @perf_bp={0x0, 0x8}, 0x90, 0xa4, 0x2, 0x1, 0xa1, 0x9b9b, 0x8, 0x0, 0x0, 0x0, 0x8}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x1)
r11 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r11, 0xaf01, 0x0)
mount$overlay(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f00000002c0), 0x25c00, &(0x7f0000000680)={[{@redirect_dir_nofollow}, {@default_permissions}, {@redirect_dir_on}, {@redirect_dir_off}], [{@flag='sync'}, {@mask={'mask', 0x3d, 'MAY_READ'}}, {@euid_lt}, {@smackfsroot={'smackfsroot', 0x3d, 'udp:syz2\x00'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '\x82/\\{'}}, {@fsname={'fsname', 0x3d, '\x00'}}, {@flag='silent'}, {@uid_lt}, {@dont_measure}]})
ioctl$VHOST_SET_VRING_ADDR(r11, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0})
ioctl$VHOST_SET_MEM_TABLE(r11, 0x4008af03, &(0x7f0000000140))
ioctl$VHOST_SET_VRING_ADDR(r11, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, 0x0})
ioctl$VHOST_VSOCK_SET_RUNNING(r11, 0x4004af61, &(0x7f00000000c0)=0x1)
sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4004810)
sendmsg$TIPC_NL_KEY_SET(r9, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x14, r10, 0x1, 0x0, 0x0, {0x3}}, 0x14}}, 0x0)
sendmsg$TIPC_NL_BEARER_SET(r8, &(0x7f00000001c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000180)={&(0x7f0000000800)=ANY=[@ANYBLOB="8c020000", @ANYRES16=r10, @ANYBLOB="100026bd7000fedbdf250500000030000180080003000400000008000300000800001c0002800800040008000000080001000600000008000200010000004c00018014000280080001000e000000080001001a00000008000300050000002c0004001400010002004e22ac1e010100000000000000001400020002004e23e00000020000000000000000100101800d0001007564703a73797a320000000008000300080000001200010069623a6e657464657673696d30000000080003000900000044000280080002000900000008000400080000000800020001800000080001001200000008000100000000000800030008000000080003008b01000048000400000400000800030008000000380004001400010002004e23ffffffff0000000000000000200002000a004e220000000afe8000000000000000000000000000aa0800000014000280080004000c000000080003000e00000034000280080004003f0c0000080001000400000008000200f565000008000400ff7f0000080004000300000008000300800000000c000280080004000300000020000280080001000400000008000100010000000400040008000200f9ffffff0c00038008000300090000000c000780080002005b000000b40005800c00028008000300070000004c000280080004000100000008000100150000000800030002000000080004000200000008000400030000000800020005000000080090ab8c953a010013000000080003000000009f08000300480e0000080001007564700014000280080002008bfa00000800020000000100080001007564700034000280080003000900000008000200a400000008000400080000000800040009000000080001001c000000080004"], 0x28c}, 0x1, 0x0, 0x0, 0x4048044}, 0x20004050)
r12 = socket$packet(0x11, 0x3, 0x300)
sendto$packet(r12, &(0x7f0000000540)="000a18000509000000eb55000000000116aa34745a1945da08e815b2183ef4ddaae57cdcf908841a5b259d75b79347a293f489f5297f814dc352e760748a9c115779cbb38954e932e3d66d276264e9db52d6c7a0b8385a1c851d47dc4c389f47328c2c52a218eaf4314c872d8483e5df541811fdb9ecaa146c5d576cbaf4c70078f0e3000000000000000000", 0x8c, 0x4000000, &(0x7f0000000380)={0x11, 0xf7, r7, 0x1, 0xd8, 0x6, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0x14)
inotify_add_watch(r0, &(0x7f0000000080)='./file1\x00', 0x81000300)

[   85.473734][   T45] Bluetooth: hci0: command tx timeout
qemu-system-x86_64: ahci: PRDT length for NCQ command (0x0) is smaller than the requested size (0xca000)
[   85.693412][ T5324] loop0: detected capacity change from 0 to 512
[   85.707919][ T5324] EXT4-fs: Ignoring removed mblk_io_submit option
[   85.800093][ T5324] EXT4-fs (loop0): revision level too high, forcing read-only mode
[   85.804076][ T5324] EXT4-fs (loop0): orphan cleanup on readonly fs
[   85.847610][ T5324] Quota error (device loop0): v2_read_file_info: Block with free entry 1 out of range (1, 6).
[   85.852524][ T5324] EXT4-fs warning (device loop0): ext4_enable_quotas:7236: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[   85.861936][ T5324] EXT4-fs (loop0): Cannot turn on quotas: error -117
[   85.866868][ T5324] EXT4-fs error (device loop0): ext4_orphan_get:1391: inode #16: comm syz.0.0: inode has both inline data and extents flags
[   85.873365][ T5324] loop0: lost file I/O error report for ino 16 type 5 pos 0x0 len 0x0 error -117
[   85.874622][ T5324] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.0: couldn't read orphan inode 16 (err -117)
[   85.878745][    C0] EXT4-fs (loop0): error count since last fsck: 1
[   85.878846][    C0] EXT4-fs (loop0): initial error at time 1772887702: ext4_orphan_get:1391: inode 16
[   85.878867][    C0] EXT4-fs (loop0): last error at time 1772887702: ext4_orphan_get:1391: inode 16
[   85.903954][ T5324] loop0: lost filesystem error report for type 5 error -117
[   85.915734][ T5324] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[   85.972257][ T5324] EXT4-fs error (device loop0): ext4_lookup:1785: inode #15: comm syz.0.0: iget: bad i_size value: 360287970189639690
[   85.990580][ T5324] ------------[ cut here ]------------
[   85.993341][ T5324] UBSAN: shift-out-of-bounds in net/mac80211/tx.c:2173:30
[   85.996544][ T5324] shift exponent 90 is too large for 64-bit type 'unsigned long'
[   86.000023][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.000044][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.000069][ T5324] Call Trace:
[   86.000080][ T5324]  <TASK>
[   86.000087][ T5324]  dump_stack_lvl+0xe8/0x150
[   86.000306][ T5324]  ubsan_epilogue+0xa/0x30
[   86.000319][ T5324]  __ubsan_handle_shift_out_of_bounds+0x385/0x410
[   86.000508][ T5324]  ieee80211_parse_tx_radiotap+0xadb/0x1950
[   86.000572][ T5324]  ? __pfx_ieee80211_parse_tx_radiotap+0x10/0x10
[   86.000601][ T5324]  ? ieee80211_select_queue_80211+0x241/0x380
[   86.000621][ T5324]  ieee80211_monitor_start_xmit+0xb1f/0x1250
[   86.000638][ T5324]  ? ieee80211_monitor_start_xmit+0x60d/0x1250
[   86.000655][ T5324]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[   86.000675][ T5324]  dev_hard_start_xmit+0x2d8/0x870
[   86.000703][ T5324]  __dev_queue_xmit+0x16d1/0x3890
[   86.000730][ T5324]  ? __dev_queue_xmit+0x277/0x3890
[   86.000749][ T5324]  ? _copy_from_iter+0x21b/0x1670
[   86.000780][ T5324]  ? __pfx___dev_queue_xmit+0x10/0x10
[   86.000793][ T5324]  ? sock_alloc_send_pskb+0x896/0x990
[   86.000815][ T5324]  ? __pfx__copy_from_iter+0x10/0x10
[   86.000832][ T5324]  ? packet_parse_headers+0x4c9/0x790
[   86.000851][ T5324]  ? packet_parse_headers+0x575/0x790
[   86.000869][ T5324]  ? __pfx_packet_parse_headers+0x10/0x10
[   86.000887][ T5324]  ? packet_xmit+0x68/0x320
[   86.000904][ T5324]  packet_sendmsg+0x3eb6/0x50f0
[   86.000924][ T5324]  ? __resched_curr+0x1ff/0x3f0
[   86.000997][ T5324]  ? __lock_acquire+0x6b5/0x2cf0
[   86.001024][ T5324]  ? aa_sk_perm+0x6d5/0x900
[   86.001076][ T5324]  ? __pfx_packet_sendmsg+0x10/0x10
[   86.001098][ T5324]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   86.001141][ T5324]  ? aa_sock_msg_perm+0xf1/0x1b0
[   86.001156][ T5324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.001180][ T5324]  ? __pfx_packet_sendmsg+0x10/0x10
[   86.001195][ T5324]  __sys_sendto+0x672/0x710
[   86.001211][ T5324]  ? __pfx___sys_sendto+0x10/0x10
[   86.001223][ T5324]  ? do_futex+0x395/0x420
[   86.001252][ T5324]  ? rcu_is_watching+0x15/0xb0
[   86.001273][ T5324]  __x64_sys_sendto+0xde/0x100
[   86.001289][ T5324]  do_syscall_64+0x14d/0xf80
[   86.001307][ T5324]  ? trace_irq_disable+0x3b/0x150
[   86.001325][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.001358][ T5324]  ? clear_bhb_loop+0x40/0x90
[   86.001374][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.001390][ T5324] RIP: 0033:0x7f7168b9c799
[   86.001404][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.001414][ T5324] RSP: 002b:00007f7169adcfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   86.001429][ T5324] RAX: ffffffffffffffda RBX: 00007f7168e15fa0 RCX: 00007f7168b9c799
[   86.001437][ T5324] RDX: 000000000000008c RSI: 0000200000000540 RDI: 000000000000000d
[   86.001445][ T5324] RBP: 00007f7168c32bd9 R08: 0000200000000380 R09: 0000000000000014
[   86.001455][ T5324] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[   86.001463][ T5324] R13: 00007f7168e16038 R14: 00007f7168e15fa0 R15: 00007ffd17c6e688
[   86.001482][ T5324]  </TASK>
[   86.001487][ T5324] ---[ end trace ]---
[   86.148400][ T5324] Kernel panic - not syncing: UBSAN: panic_on_warn set ...
[   86.151547][ T5324] CPU: 0 UID: 0 PID: 5324 Comm: syz.0.0 Not tainted syzkaller #0 PREEMPT(full) 
[   86.155732][ T5324] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
[   86.160428][ T5324] Call Trace:
[   86.162259][ T5324]  <TASK>
[   86.164105][ T5324]  vpanic+0x56c/0xa60
[   86.165930][ T5324]  ? __pfx_vpanic+0x10/0x10
[   86.168256][ T5324]  panic+0xc5/0xd0
[   86.170075][ T5324]  ? __pfx_panic+0x10/0x10
[   86.172149][ T5324]  ? __pfx__printk+0x10/0x10
[   86.174221][ T5324]  ? dump_stack_lvl+0x103/0x150
[   86.176491][ T5324]  check_panic_on_warn+0x89/0xb0
[   86.178843][ T5324]  __ubsan_handle_shift_out_of_bounds+0x385/0x410
[   86.182435][ T5324]  ieee80211_parse_tx_radiotap+0xadb/0x1950
[   86.185524][ T5324]  ? __pfx_ieee80211_parse_tx_radiotap+0x10/0x10
[   86.188527][ T5324]  ? ieee80211_select_queue_80211+0x241/0x380
[   86.191403][ T5324]  ieee80211_monitor_start_xmit+0xb1f/0x1250
[   86.194378][ T5324]  ? ieee80211_monitor_start_xmit+0x60d/0x1250
[   86.197385][ T5324]  ? __pfx_ieee80211_monitor_start_xmit+0x10/0x10
[   86.200591][ T5324]  dev_hard_start_xmit+0x2d8/0x870
[   86.203493][ T5324]  __dev_queue_xmit+0x16d1/0x3890
[   86.206197][ T5324]  ? __dev_queue_xmit+0x277/0x3890
[   86.208563][ T5324]  ? _copy_from_iter+0x21b/0x1670
[   86.210822][ T5324]  ? __pfx___dev_queue_xmit+0x10/0x10
[   86.213347][ T5324]  ? sock_alloc_send_pskb+0x896/0x990
[   86.216292][ T5324]  ? __pfx__copy_from_iter+0x10/0x10
[   86.219214][ T5324]  ? packet_parse_headers+0x4c9/0x790
[   86.221749][ T5324]  ? packet_parse_headers+0x575/0x790
[   86.224216][ T5324]  ? __pfx_packet_parse_headers+0x10/0x10
[   86.226839][ T5324]  ? packet_xmit+0x68/0x320
[   86.228962][ T5324]  packet_sendmsg+0x3eb6/0x50f0
[   86.231316][ T5324]  ? __resched_curr+0x1ff/0x3f0
[   86.233923][ T5324]  ? __lock_acquire+0x6b5/0x2cf0
[   86.237166][ T5324]  ? aa_sk_perm+0x6d5/0x900
[   86.240155][ T5324]  ? __pfx_packet_sendmsg+0x10/0x10
[   86.242694][ T5324]  ? tomoyo_socket_sendmsg_permission+0x1e0/0x300
[   86.245738][ T5324]  ? aa_sock_msg_perm+0xf1/0x1b0
[   86.248150][ T5324]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[   86.250696][ T5324]  ? __pfx_packet_sendmsg+0x10/0x10
[   86.253137][ T5324]  __sys_sendto+0x672/0x710
[   86.255162][ T5324]  ? __pfx___sys_sendto+0x10/0x10
[   86.257405][ T5324]  ? do_futex+0x395/0x420
[   86.259412][ T5324]  ? rcu_is_watching+0x15/0xb0
[   86.261702][ T5324]  __x64_sys_sendto+0xde/0x100
[   86.264019][ T5324]  do_syscall_64+0x14d/0xf80
[   86.266080][ T5324]  ? trace_irq_disable+0x3b/0x150
[   86.268513][ T5324]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.271303][ T5324]  ? clear_bhb_loop+0x40/0x90
[   86.273500][ T5324]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   86.276122][ T5324] RIP: 0033:0x7f7168b9c799
[   86.280798][ T5324] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[   86.289579][ T5324] RSP: 002b:00007f7169adcfe8 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[   86.295651][ T5324] RAX: ffffffffffffffda RBX: 00007f7168e15fa0 RCX: 00007f7168b9c799
[   86.299623][ T5324] RDX: 000000000000008c RSI: 0000200000000540 RDI: 000000000000000d
[   86.303751][ T5324] RBP: 00007f7168c32bd9 R08: 0000200000000380 R09: 0000000000000014
[   86.307878][ T5324] R10: 0000000004000000 R11: 0000000000000246 R12: 0000000000000000
[   86.311355][ T5324] R13: 00007f7168e16038 R14: 00007f7168e15fa0 R15: 00007ffd17c6e688
[   86.315136][ T5324]  </TASK>
[   86.316950][ T5324] Kernel Offset: disabled
[   86.318946][ T5324] Rebooting in 86400 seconds..