$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
link(0x0, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
fdatasync(0xffffffffffffffff)

03:37:59 executing program 7:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
fcntl$notify(r0, 0x402, 0x2)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = getpgid(0x0)
waitid(0x1, r2, &(0x7f0000000040), 0x80000000, 0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff}, './file0\x00'})
r4 = memfd_secret(0x0)
r5 = perf_event_open(&(0x7f0000001700)={0x5, 0x80, 0x81, 0x8, 0x1, 0x77, 0x0, 0x8, 0x2000, 0xa, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x5, 0x1, @perf_bp={&(0x7f00000016c0), 0xa}, 0x0, 0xb97, 0x5, 0x0, 0x1, 0xc78, 0x3, 0x0, 0x9, 0x0, 0xfff}, r2, 0x2, r4, 0x1)
r6 = syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x9, 0x4, &(0x7f0000001400)=[{&(0x7f0000000280)="24cc8f6e7da7bd28d16e63362c67c2dc450fbe9941420d55a19f1b0b068ca8a70d7956ccc840", 0x26, 0x398}, {&(0x7f00000002c0)="8599801a30f9b86d2bf679dc84dcaabddcd2f2a672db76f5859f0590e0f02887ddd321c82c81fd1b29d4a57a16e14f2a059333edca6b5638a34bbaafe72dc308d7f0bc2323d879ca580a6d7050574ae3d05fff34f1a495f67956458d58a418f093bf16c88cc330ed548d96c95f25fc2c3bfea573c84ccd7f52fea075da5515ec9dc12024312f6e49e5a6e3cda59d70ea5c9900736091d0b8", 0x98, 0x8}, {&(0x7f0000000380)="91b0e976b516a745c1eef952ce95b9a28b04b9e6126bff88b3370231a24fc71d4dcd4da3af0477262ce7c6a9e76aa17e5e481856a80ba73c6041f6e4b2a81e75b58a223612edc3d6ad87fce6b94e1435344d5ec5ecea991db6070add5fc04cbd2d3bfa6ae4c570556c4b0255626d1b68a05c2285fa3a0ce600a31b7a53c8db0285192bbb17b0852daa95c299195f11b7688a4077925eab50b5521c4f8f469fa0487052ab1eab0a47b78f830b591665d69c9f33b6a9f6520cd22b715157d8f78a3889c7067e605312dfbb7ce636e79b75e93369321e3a593b108b476f78ce1de4621cce0aa29d0794a85d64e7cc694e28638edc6b2952408cdf6172beb855c3ad8d180f0b39fee1b111c9488577e768bc7ad8f384fb9e2701c3b7b45de3826ab3715cc51045c4aba296bc2167784c60df4fb83a61b1d71b138f8559f716e67435629cad23ee579fe0edf91803c7ac3a7c257221501afa3f3c34718f9ce984dc56065a0eac9fc71c4b81a36a219dcd6c95356e5e2b6b60b99afb94fc87a15f3ae59a121d95f4acf5b13dfc4004504040022652a89a39be6eadff18f9f9c58122eefd7748d9b8d56b00f2556e27551bee47aec1c71f745f12ab5cac878da047fdfe5c361f4ee6a3afbf37c8a54dd63482b5660a7c6e7859d648987fc00cc6270f2352bd54315ea0387465e531c186591d47eaf650bbd40ef43f38f31714cff92d57ff544bff8f02cb0ae4eacfe20f0f9fa67ded1843fdde94d82b670fd6dd1c00584f3aeebc10bfcf1555514e7dbd097f97ee700239d992922af4945c9641ce624c7c11d85f92e14665f93669279db3575f92fb9d21847f2757e4b34edca4dc65cc2c0ee9d667c140002b2dc35e32a227685ac04121189e4fcf8283d40d7064ebba6382110d30e387e582c13de3f242de992db269c6a09be956f233e1f3ad6eb6f58c4988ba88fc941b35fcffb247dab7563b5b3d34c451f22108fc33cde8a2d91c82a82cabe4e5b57ef75f02e9fbbbaf9e5b7ebb1a88f289af635343f915b13607ce92c6931ffd8781de5a18da6cd8df78ad9234e78f09f1edc78134c00826fa65b83ca26f66df56accfbcfe702a34d0c9f6330af4f6e20e9e36563b26ba069ad73045f396a450f17393a74e45be7991e98bb96c0df66afbe0a09dc0c64bdaeee1b4bc7aa5d7e0273a88597c29ff90f6c6db587c02b1d26d26c66bf5217c6060e578a107d71f653139212c38c6c40d98e0a42092e5758ec303b7df8ba7e09c5599c51fd087e5c341e58ca4ea4d59d0433a729ee3c3e54bf6176bdbb953ca66774036dbd6571d407cd64f0a37a8a0e8ebdb68ae99a2b5c738c88cc499e8362430bdb14907dcfce09c73c5731dd09a54380e8ae1d4970c9d80b012f3e7a34935a049b17814afc77ea4c7aca457933a56b45c59762dff518dab8799d754de5c8ec6dceff66cecbcfb0ae34335a889dcf76da8277f5c17cf788ab25856499eb827332dff1681f197a5a24567dca3115a3dbb00e2acb36cf07a9989f354b4146dcd9ce4a6e0eacbae2edf60c5d15e47206922d8d804784fb3cc1f5f2d9f6d4b232ce7f61a26580c047ddd5210954e04311c07ded290e504b5b43d5ca0300316e3c565e81a93dca3a545a31854055c48b05f344409c759aa1977ee367ae83a2b1cbc1cc04b4afd75a42bb1f04dd402560721c50a3cd3fc5ad74598608a9ee7dc8405b417ea52840164f6c864f65022cb8b5e8c8a7ef26b1f7a4cb01ff79a808d34860f9b909cee047a9483027250d6d9e627cfcefc1a3fb54bb0d496fb8d970501f04c40a6e231b5fbe5a9e08399899bb813e402372c2b313eaf1d12df7603902cb513f051542b40fc84f781115a40455a68c68eabba300ae421550598aad6b9c391448993a83fd36a78fb77e40b2e20ed4c464a77dac77ad49f1ca6e2f991666d1acedb157a74de2e0978ef1b2c109880f3f5dd29251b4eee121b14a84bbc080acbf33723c6278955a727d104ef76c18f74aef1a186a0d20da02544b515cca8239e41e801846c308a40b1768ff61139bc1382f819c84caf481251775b42f67fb768063eab43ab1cbf087eb98dc364ace91de559387c37fa8f27f9804382f70367e1f752aa4e7950e3bc323cc3e1e7da5d78c08139735fd35071abeedd2ba3a03f5e6805a9d3715cf6c78724a1333637ededccb4ef4085e77d34ae36a51c81c0c0e8d0954c3f082811da23e286fd469ee564c39dd125eb37de7c350974f9fe897afbb27706c06af78888e902aaf03d100f77ed9e00c0a8916115ff954f38ea8bafb4283540e3c78475df825fdc8a836e5ddac3f65a71914357b8bbd04665cbc8c0b321f5f3ab16b3f4905882f04c5c1745c6ccd6e3d7331704ef301a25b803e38f2c5955d18c514e00ec01ea16145cec11467619ec79d31ffdaa9fdf16fd423466a3099d1f72d5512c2565610da946279bbe46d9ce904861d0fd651fea90d947714f06ffed1420dd3f33404e85a0cba8629b25011903f992c7d1f2ad25fe0d04967a390ccc37e904ff0161f9c3e082abc20568a4d9a52d49a18e2811c2890fbb3da205b6077341e9dd4698a586c7e70d1f4d724e88b75f8374c2fa1a7c068a7b24f4ff5339bf2a66cc617fa8594bd2e4b14ac9ae914576b5a85d1fe48f42f53f015bb894803276a4770af6822ed8d4a29e93b660626c14053492f262d5df1baf2371cb144a85b28dc84e3acd2b86aa25308641cdaf23b5fad44a96f02cc7051fa88a505f7f23aa9d90ff66152654d8f130d576d030990626ed1d93e3e4a87bca07e0218b93615701297599bb0b2696c3285b8033c23ac1c36447390eaccab251f28ef569a0f51a9d08f7ce690e605269bc2040a8868de72e7d6478f6645248ef47a4832685863483d2794882a43637c917197352d519e631175079bd3cb95f3914c94313e885c1ed512048b5d52635f9d823fc3d333f6ed111d7c6dc277ecb4fee169f1d9d01074240a7febefb64e0e8f4e57639c799937ad8784f5dd3fdec12421950738103a26c7d2f81c117c579e32ccd10a7d40619f4d825409b9fb099948b6f29039f6a9426e05775785f1b7e0114e60e9c3a36bd900afe58aec62a102520e2fd488d1a1b3d82be4c40e16ad715979629511f27b40bb28f95b64d11df87a5580bb7b4f71e7b05707c706e6816d9a4cbd67cfd25a5afbae446e020d7ef5676495173ded8eeb554bcca2a5a09e1f818be65d941d30d1e8d3912f4211243e19515761234d8dce71a7e4f8e0bc03e5935bdbd709f58a5312e72585e80e66b9e6c21b792c5aa6a12577cb1876783e1faf85aa212a430e691eab73f3246af6ea749df23e951531cad0452264b7cf3262eeb1318b8219794cf14335424bc096877622df24271b09d927c3a71133d56a9ae17aabe2918af4c44fba541444a2781b7863184181b16eff73a71cbc76386bdb8e1febeb2bafeee09e9da71f27eea97a2f6143a485c649c89f28aa6b2f9990fc16fea918f8e03cfc39ba2a2dc82d7a9d9714f2aaa8396cb2b16a812c48e21b47e1b5cb86d23c8fd520ef8d251508a17394a70e02001afb36dfdf4b27266cafc20dcb816009793d3c300eaadf6f160298a83681ee5fdeb709e1ef44e3949fa0373b70ce5a6ac3afeca04ae623336868a453a574951d2f75acea6c82d648516a994faed5579cd866ece5a918b5e511ad4d489eec44308bfceee89b9204d9399182ac78987a977388199117d488a9dc4e26dd26f3a9d3e551a66485cb5f85af4d38091d580c85b57e1b5e3f5f7adcc9c90bd775bbea7afda9c9e64435b166a802159da826fb75789e701cf004ef3462ed6accf801b5cb3c2412eb0e7986d565fd28b886d4e01e1f0df750142e77ab0e6ab51dbbf5d139331704cf21d63baa2fcbbd5a781f6ffb09d8aa4515743b17528b63fed455f58d8b7efdda98370326dce8b2c20580c1a56bf3fbd6b56a3799c77f01d03da01a41ab3d156814c2b8e60c975c020adb93e0db1f7232db4aa9c4b2982a9ccc2c39a9ecab6043b811ed09b4c5f2f1110d4477677a714b3eda84d3b746d20de4b613452bb3bc28a24bbe5673212ec93efc7051616dd5b289cae4260d77aae403d9cbc8254209c18610b534bdc1e182b90e0daf6e48749d9a0ba36dfc6923fa148684573c66a3932947c5f30ae9788181a6e63d7956c8756a376a1c5d8276a39fe6cc10b7336ec53f54ccae66c5cc1bfe7393cf347915561050b5577bfd635b87aafbfb17f835baf735524d05994c3fc99e976c2e0756bf13361ade123b441072b991115a094c4161d1ea73832e0983eacf71a57c6c0d8b71b75ef1c047182405ba1687ff349324712089d13ab385f08956a8fa8ea766df82328ae660aa2e60f4b573dd4d9dd0dcb407839beffa79d06852fe6629b1dc5fd0ed36e5ab386a99ff131d6f629e4a509665f0f18389549d9f54cf8c7267e3cad381aad4690bd9655b1d4c4f186b4fc4f77d6f73d634b31ba26e449f7811f254b7a9541dad522587075e1b2d250b32d1106053f4d895a8c2df6c235cbe194c4cabdf3ce7905822076dd5d7622a684f64177f1093add03eff4c1a7e4fa8d0d48699c7fea8ec8da2f30fa8478920eaed9b217fd66494a40680b39420b1793346651a72022c160170b1fbb4098515f7fd9af4c49cc2e027c8fc476e3f19bfda163c4641065d50edfaf195908abdc98f570c05089cc4fee8ff9ef8e5c82595e694b742e8cb883befd141e66a8fdc01836698b5bddcaab21e04968054a08da5f7e2f640ff1ee61743e95e366dd079d5278c6486d40403de6e0a602ac0b879536e750fbace0fc8608569824da9967ac997c0088d9c67b76bb51dd430fefe176e9a9e1b0fa132120bf0d17f47dc08314ae855aa66a4a318d3905336944bc58297965671bb95440b4baaa39d88e2a15f107a41fe885a35a018bf2150f3ee3738cff02ac92efba51e0b58c432d917d2a391a2a25a974efcac6ade105bf11d47a5d1957887a6c4edd2ddc8ae1b0737fb5d181cc67fbce0651d058e92f258d1e182dbde6d67d25ee0fa5556cb68d3137ee64d1e9f559102ef7d132cf9e975296fbf36eee5776cca5008c262348739f4d0e02dcba19bec9535c111782faae08dc6bde3684289ded08bfee5f62e775021760a86f23944c83b62921410c7c41da8034ce5d2a30e1be5d5c45ae682001a3158b7bde682f63034af3a8bf685e2e8e6a425122077423b1872d8619a260289b4cc4ba54f675212933d120c75c149c2364231f317383687ad8a5e414e3a5249a1ab2810e1e6ecd7bc96d794a04832e2487f23b704352570333e9ebbe2247c7e403d5fa41fc522369e7f7b52be7466a12da75ab584075a03eb6c9a0e805517ba1c3a6cb1047698e7fac9b668869b7d872a94a9766459624ee9c80565278600d820440bfb2b3274d6e2f29eda94561773515317b711a5291d8fabdc0ac6100991bcb290aa247a06f7333ef4acc8e2f82b6aa64a136420bc1dfeb14bd2923a1b5efa02eca5e0f3375e7b937c26aee275e58f3b25d4ad3e8f95de88b3700f125d649865dcdc4ceeb816a8bac4bd5a758ae5e266ee9e529dc5eefbccdb2a5d387c5d68c2b5b888c92cf017c334e66630b6673a3262338845b84131794465f5d3f7a7a2b017598f7bbf0a8ba158bc4bbe6523022b0e8685f191bae774f75d0e3285ec88b338cb770cc2c1e7faaa43c9b6556b7c57abea423ac4c378a07b6c343dbc42a95ee2330b3e7dfeb6f4303a61c6f9637f9ed1f30786222e3c0615510c1414503879a", 0x1000, 0xffffffffffffffe1}, {&(0x7f0000001380)="68889ff0f69040c15e461707c00fdf79ed72f2f45f4f4ca697c3c781a2c16ba1b221116d962842612ac10dbd5160cbd4ae3ea2016b7ce66d9e3dd9c830bb6da658492ed307ceebb1", 0x48, 0xc1f}], 0x8, &(0x7f0000001780)=ANY=[@ANYBLOB="73686f72746e616d653d6c6f7765722c6e6f6e756d7461696c3d302c6e6e6f6e756d7461696c3d312c6e6e6f6e756d7461696c3d312c756e695f786c6174653d312c73686f72746e616d653d6c6f7765722c6e6e6f6e756d7461696c3d312c726f6469722c696f636861727365743d69736f383835392d342c696f636861727365743d771490d8dc167f95dd185f82eb7f1f126d61636761656c69632c66736e616d653d2e2f6367726f75702e6370752f73797a30002c736d61636b66736861743d2e2f6367726f75702e6370752f73797a30002c72646f6e745f686173682c6d61736b3d5e4d41595f524541442c7375626a5f757365723da2272c736d61636b66737472616e736d7574653d2e2f6367726f75702e6370752f73797a30002c726f6f74636f6e746578743d73797374656d5f752c0000000000000000000000000000000000e45018f53ab1668fb80019f302bf87b85e7a431dcf28f6a8e6a6df26f289fc81af11159058aca4ec3b31c4cba818b858aca055aef9eaee2e0c26fe76f83e442a80fea514241605541ad9d43695e8fc3a5d59ca56140eb9230e8b829155331adba3577e0977ebd998612cb56cad621e590fa35bbc2f132c9806b9f0e1a72a7e57e679982fc871ac5d2daf9ef163df8b0570750dfaf71852bdae9af192e42cd411e2817e234f35f1e845d68596941f2316e89bee622db92b5e"])
fallocate(r5, 0x4, 0x5, 0xfff)
r7 = syz_open_dev$loop(&(0x7f00000015c0), 0x5, 0x680403)
r8 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r4, 0xc0189374, &(0x7f0000001480)={{0x1, 0x1, 0x18, <r9=>r7, {0x2}}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f00000014c0)='\x00', &(0x7f0000001500)='./cgroup.cpu/syz0\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r8, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r8, 0x0, 0x0)
ppoll(&(0x7f0000001600)=[{r1, 0xa0}, {r3, 0x610}, {r6, 0x80}, {r7, 0x4002}, {r8, 0x80}], 0x5, &(0x7f0000001640)={0x77359400}, &(0x7f0000001680)={[0x1]}, 0x8)
sched_setattr(r2, &(0x7f0000000000)={0x38, 0x3, 0x0, 0x6c9, 0x9, 0x7, 0x2, 0x286c, 0xd3, 0x4}, 0x0)

03:37:59 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x60ff)

03:37:59 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x2c00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:37:59 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
perf_event_open(&(0x7f0000004240)={0x5, 0x80, 0x1, 0x3, 0x40, 0xe, 0x0, 0x20, 0x100, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8ef, 0x1, @perf_bp={&(0x7f0000001ec0), 0xc}, 0x208, 0xc039, 0x4, 0x2, 0xe6a5, 0x8000, 0x7, 0x0, 0x3, 0x0, 0x2}, 0x0, 0x6, r1, 0x9)
[ 1347.321325] FAULT_INJECTION: forcing a failure.
[ 1347.321325] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1347.322391] CPU: 1 UID: 0 PID: 10177 Comm: syz-executor.5 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004040)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)=""/93, 0x5d}, {&(0x7f0000000080)=""/16, 0x10}, {&(0x7f0000000100)=""/22, 0x16}, {&(0x7f00000002c0)=""/190, 0xbe}, {&(0x7f0000000380)=""/206, 0xce}, {&(0x7f0000000480)=""/40, 0x28}, {&(0x7f00000004c0)=""/143, 0x8f}, {&(0x7f0000000580)=""/234, 0xea}], 0x8, &(0x7f0000000700)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x40}}, {{&(0x7f0000000740)=@abs, 0x6e, &(0x7f0000001e00)=[{&(0x7f00000007c0)=""/55, 0x37}, {&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000001800)=""/237, 0xed}, {&(0x7f0000001900)=""/168, 0xa8}, {&(0x7f00000019c0)=""/230, 0xe6}, {&(0x7f0000001ac0)=""/71, 0x47}, {&(0x7f0000001b40)=""/136, 0x88}, {&(0x7f0000001c00)=""/215, 0xd7}, {&(0x7f0000001d00)=""/99, 0x63}, {&(0x7f0000001d80)=""/70, 0x46}], 0xa, &(0x7f0000001ec0)}}, {{0x0, 0x0, &(0x7f0000002200)=[{&(0x7f0000001f00)=""/98, 0x62}, {&(0x7f0000001f80)=""/213, 0xd5}, {&(0x7f0000002080)=""/28, 0x1c}, {&(0x7f00000020c0)=""/14, 0xe}, {&(0x7f0000002100)=""/251, 0xfb}], 0x5, &(0x7f0000002280)=ANY=[@ANYBLOB="18000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYBLOB="24000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="00000000100000000000000001000000010000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000069000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00'], 0x90}}, {{&(0x7f0000002340)=@abs, 0x6e, &(0x7f0000003440)=[{&(0x7f00000023c0)=""/4096, 0x1000}, {&(0x7f00000033c0)=""/59, 0x3b}, {&(0x7f0000003400)=""/63, 0x3f}], 0x3, &(0x7f0000003480)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x38, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {<r2=>0x0}}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xd8}}, {{&(0x7f0000003580), 0x6e, &(0x7f0000003840)=[{&(0x7f0000003600)=""/153, 0x99}, {&(0x7f00000036c0)=""/70, 0x46}, {&(0x7f0000003740)}, {&(0x7f0000003780)=""/154, 0x9a}], 0x4, &(0x7f0000003880)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x50}}, {{&(0x7f0000003900)=@abs, 0x6e, &(0x7f0000003d40)=[{&(0x7f0000003980)=""/49, 0x31}, {&(0x7f00000039c0)=""/139, 0x8b}, {&(0x7f0000003a80)=""/12, 0xc}, {&(0x7f0000003ac0)=""/233, 0xe9}, {&(0x7f0000003bc0)=""/203, 0xcb}, {&(0x7f0000003cc0)=""/76, 0x4c}], 0x6, &(0x7f0000003dc0)=[@rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x18}}, {{&(0x7f0000003e00), 0x6e, &(0x7f0000003f40)=[{&(0x7f0000003e80)=""/161, 0xa1}], 0x1, &(0x7f0000003f80)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0x98}}], 0x7, 0x10001, &(0x7f0000004200))
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0xe7, 0x6, 0x1, 0x81, 0x0, 0xf64b, 0x200, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x4, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x14054, 0x2, 0x2, 0x3, 0x9801, 0x2, 0x8000, 0x0, 0x9, 0x0, 0x2}, r2, 0x10, r0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:37:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 23)

03:37:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000001b00)=0xfc)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

[ 1347.322407] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1347.322414] Call Trace:
[ 1347.322418]  <TASK>
[ 1347.322422]  dump_stack_lvl+0xfa/0x120
[ 1347.322443]  should_fail_ex+0x4d7/0x5e0
[ 1347.322459]  _copy_to_user+0x32/0xd0
[ 1347.322476]  simple_read_from_buffer+0xe0/0x180
[ 1347.322493]  proc_fail_nth_read+0x189/0x270
[ 1347.322513]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1347.322531]  ? security_file_permission+0x22/0x90
[ 1347.322545]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1347.322563]  vfs_read+0x1eb/0xbe0
[ 1347.322584]  ? __pfx_vfs_read+0x10/0x10
[ 1347.322602]  ? lock_release+0xc8/0x290
[ 1347.322618]  ? __fget_files+0x20d/0x3b0
[ 1347.322641]  ksys_read+0x121/0x240
[ 1347.322662]  ? __pfx_ksys_read+0x10/0x10
[ 1347.322678]  ? syscall_user_dispatch+0x78/0x140
[ 1347.322696]  do_syscall_64+0xbf/0x360
[ 1347.322713]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.322726] RIP: 0033:0x7f343dbb469c
[ 1347.322735] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1347.322746] RSP: 002b:00007f343b177170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1347.322757] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f343dbb469c
[ 1347.322765] RDX: 000000000000000f RSI: 00007f343b1771e0 RDI: 0000000000000004
[ 1347.322771] RBP: 00007f343b1771d0 R08: 0000000000000000 R09: 0000000000000000
[ 1347.322778] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1347.322785] R13: 00007ffc72d99f0f R14: 00007f343b177300 R15: 0000000000022000
[ 1347.322800]  </TASK>
[ 1347.339122] loop7: detected capacity change from 0 to 16383
[ 1347.345390] vfat: Unknown parameter 'nnonumtail'
[ 1347.353535] loop7: detected capacity change from 0 to 16383
03:37:59 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xed41)

[ 1347.369565] vfat: Unknown parameter 'nnonumtail'
[ 1347.374274] No source specified
03:37:59 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:37:59 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
link(0x0, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fdatasync(0xffffffffffffffff)

03:37:59 executing program 2:
semtimedop(0xffffffffffffffff, &(0x7f0000000000)=[{0x3, 0x7, 0x800}, {0x0, 0xff00}], 0x2, &(0x7f0000000080)={0x77359400})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:37:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 24)

03:37:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:37:59 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
r4 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x3c92c0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0), &(0x7f0000000280)="793bfe6e17b9c5b9d69f31c05d3e9776bebdbb5221f4f2b68e6a9630605c2f779ee6c7723c1fe53b5c292555a6180395364529dc18ae5217446c41276f0e57129f15b3f1f0953027e37ad1196c76e47430ba5687d0c30730b7a4d6b715c69369", 0x60)
read(r2, 0x0, 0x0)
read(r2, &(0x7f00000001c0)=""/183, 0xb7)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:37:59 executing program 7:
perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf1, 0xfd, 0x0, 0x0, 0x0, 0x4696c20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:37:59 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
link(0x0, 0x0)
fdatasync(0xffffffffffffffff)

[ 1347.555394] FAULT_INJECTION: forcing a failure.
[ 1347.555394] name failslab, interval 1, probability 0, space 0, times 0
[ 1347.557112] CPU: 0 UID: 0 PID: 10206 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1347.557142] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1347.557155] Call Trace:
[ 1347.557162]  <TASK>
[ 1347.557170]  dump_stack_lvl+0xfa/0x120
[ 1347.557209]  should_fail_ex+0x4d7/0x5e0
[ 1347.557236]  ? ext4_mb_new_blocks+0x244c/0x4570
[ 1347.557268]  should_failslab+0xc2/0x120
[ 1347.557289]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1347.557328]  ext4_mb_new_blocks+0x244c/0x4570
[ 1347.557371]  ? kasan_save_track+0x14/0x30
[ 1347.557392]  ? __kasan_kmalloc+0x7f/0x90
[ 1347.557413]  ? trace_kmalloc+0x1f/0xb0
[ 1347.557434]  ? __kmalloc_noprof+0x215/0x4b0
[ 1347.557465]  ? __pfx_ext4_mb_new_blocks+0x10/0x10
[ 1347.557497]  ? ext4_ext_search_right+0x2e8/0xbd0
[ 1347.557517]  ? ext4_inode_to_goal_block+0x323/0x430
[ 1347.557556]  ext4_ext_map_blocks+0x1c55/0x5f30
[ 1347.557592]  ? finish_task_switch.isra.0+0x206/0x840
[ 1347.557631]  ? trace_sched_exit_tp+0xc9/0x110
[ 1347.557658]  ? __pfx_ext4_ext_map_blocks+0x10/0x10
[ 1347.557701]  ? lock_acquire+0x15e/0x2f0
[ 1347.557724]  ? ext4_map_blocks+0x569/0x15a0
[ 1347.557768]  ? __pfx_down_write+0x10/0x10
[ 1347.557795]  ? ext4_es_lookup_extent+0xc8/0xb20
[ 1347.557830]  ext4_map_blocks+0x630/0x15a0
[ 1347.557864]  ? __up_read+0x197/0x750
[ 1347.557891]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 1347.557920]  ? __pfx___up_read+0x10/0x10
[ 1347.557947]  ? lock_release+0xc8/0x290
[ 1347.557976]  ? ext4_map_blocks+0x23b/0x15a0
[ 1347.558012]  ext4_getblk+0x682/0x8e0
[ 1347.558043]  ? __pfx_ext4_getblk+0x10/0x10
[ 1347.558080]  ? crc32c+0x1ae/0x320
[ 1347.558108]  ext4_bread+0x2e/0x1a0
[ 1347.558139]  ext4_append+0x224/0x530
[ 1347.558175]  ? __pfx_ext4_append+0x10/0x10
[ 1347.558213]  ? __pfx___ext4_new_inode+0x10/0x10
[ 1347.558252]  ext4_init_new_dir+0x21e/0x460
[ 1347.558277]  ? __pfx_ext4_init_new_dir+0x10/0x10
[ 1347.558310]  ext4_mkdir+0x3c5/0xb30
[ 1347.558338]  ? __pfx_ext4_mkdir+0x10/0x10
[ 1347.558362]  ? security_inode_permission+0x72/0xe0
[ 1347.558408]  vfs_mkdir+0x59a/0x8d0
[ 1347.558440]  do_mkdirat+0x19f/0x3d0
[ 1347.558477]  ? __pfx_do_mkdirat+0x10/0x10
[ 1347.558521]  __x64_sys_mkdir+0xf3/0x140
[ 1347.558557]  do_syscall_64+0xbf/0x360
[ 1347.558587]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1347.558609] RIP: 0033:0x7f691f5d3c27
[ 1347.558626] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1347.558646] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1347.558667] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d3c27
[ 1347.558681] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020001800
[ 1347.558694] RBP: 00007f691cb4a040 R08: 0000000000000000 R09: 0000000000000000
[ 1347.558706] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200017c0
[ 1347.558719] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1347.558749]  </TASK>
03:37:59 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x80000)

03:37:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x2, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:37:59 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000000)='^$\x00')
r0 = getpgid(0x0)
pidfd_open(r0, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:38:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
msgsnd(0x0, &(0x7f0000000080)={0x2, "9f0c003dd062a55d22babd06d169db81ebcedc62352f833a84e6cad99d31f2377cccc3ef101a076165541ac47d5ad88d7db912ddf23ef13416a200e29f8cdf7a2ae97273aca20425e909de4b4e7eb4bdfb9ebe0b5aa81ed85abceda06169c41946ffd11a8319aacdb77640d67967c4bd4ef274fcf944daf974ce795fe0f953bfd1ad513f675a5f2b8a13cb3a53cc89176d5ac0a5ca36b2e1473eea0cdd58a1e95768d65a52409b6fae4882f38e8b24fd1a1d0b78b2f7daed2d565ee603d76aea25f64063fc57db521604e4ead63b3505ba15e8480ecff5b3c752e909ded02370049de1fe77f84b054004daaffb97643e952187"}, 0xfb, 0x800)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsmount(r0, 0x0, 0x0)

03:38:09 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:38:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x3, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:09 executing program 7:
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000040)='.pending_reads\x00', 0x501203, 0x2)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(r0, 0x50009418, &(0x7f0000000240)={{r1}, 0x0, 0x1a, @inherit={0x80, &(0x7f00000001c0)={0x0, 0x7, 0x5, 0x473, {0x2, 0x2, 0x2, 0x100}, [0x3, 0x2b, 0x4, 0x9, 0x9, 0x8, 0x2]}}, @subvolid=0x4})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f0000000000)={0x38, 0x5, 0xd, 0x0, 0xfffffffe, 0x5, 0x101, 0x1, 0x40, 0x9}, 0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:38:09 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xf0ff1f)

03:38:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 25)

03:38:09 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x3a00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:38:09 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xa, 0xffffffffffffffff, 0xf)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1357.741572] No source specified
03:38:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x4, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:09 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x1000000)

03:38:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 26)

03:38:09 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
fdatasync(0xffffffffffffffff)

03:38:09 executing program 6:
r0 = socket$netlink(0x10, 0x3, 0x6)
sendmsg$DEVLINK_CMD_RATE_NEW(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x28, 0x0, 0xd16fecbb6d1be3cc, 0x70fd2a, 0x25dfdbfe, {}, [@DEVLINK_ATTR_RATE_TX_MAX={0xc}, @DEVLINK_ATTR_PORT_INDEX={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0xc0000)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1357.836562] FAULT_INJECTION: forcing a failure.
[ 1357.836562] name failslab, interval 1, probability 0, space 0, times 0
[ 1357.837654] CPU: 1 UID: 0 PID: 10256 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1357.837674] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1357.837681] Call Trace:
[ 1357.837686]  <TASK>
[ 1357.837690]  dump_stack_lvl+0xfa/0x120
[ 1357.837713]  should_fail_ex+0x4d7/0x5e0
[ 1357.837729]  ? __es_insert_extent+0xed2/0x1370
[ 1357.837745]  should_failslab+0xc2/0x120
[ 1357.837758]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1357.837777]  ? __pfx___es_remove_extent+0x10/0x10
[ 1357.837791]  ? ext4_es_can_be_merged.isra.0+0x13b/0x160
[ 1357.837809]  __es_insert_extent+0xed2/0x1370
[ 1357.837830]  ext4_es_insert_extent+0x4d0/0x1100
[ 1357.837850]  ? __pfx_ext4_es_insert_extent+0x10/0x10
[ 1357.837866]  ? lock_acquire+0x15e/0x2f0
[ 1357.837880]  ? ext4_map_blocks+0x569/0x15a0
[ 1357.837903]  ? __pfx_down_write+0x10/0x10
[ 1357.837919]  ? ext4_es_lookup_extent+0xc8/0xb20
[ 1357.837938]  ext4_map_blocks+0x815/0x15a0
[ 1357.837956]  ? __up_read+0x197/0x750
[ 1357.837971]  ? __pfx_ext4_map_blocks+0x10/0x10
[ 1357.837987]  ? __pfx___up_read+0x10/0x10
[ 1357.838002]  ? lock_release+0xc8/0x290
[ 1357.838017]  ? ext4_map_blocks+0x23b/0x15a0
[ 1357.838037]  ext4_getblk+0x682/0x8e0
[ 1357.838054]  ? __pfx_ext4_getblk+0x10/0x10
[ 1357.838073]  ? crc32c+0x1ae/0x320
[ 1357.838088]  ext4_bread+0x2e/0x1a0
[ 1357.838105]  ext4_append+0x224/0x530
[ 1357.838125]  ? __pfx_ext4_append+0x10/0x10
[ 1357.838145]  ? __pfx___ext4_new_inode+0x10/0x10
[ 1357.838167]  ext4_init_new_dir+0x21e/0x460
[ 1357.838181]  ? __pfx_ext4_init_new_dir+0x10/0x10
[ 1357.838199]  ext4_mkdir+0x3c5/0xb30
[ 1357.838215]  ? __pfx_ext4_mkdir+0x10/0x10
[ 1357.838227]  ? security_inode_permission+0x72/0xe0
[ 1357.838253]  vfs_mkdir+0x59a/0x8d0
[ 1357.838271]  do_mkdirat+0x19f/0x3d0
[ 1357.838291]  ? __pfx_do_mkdirat+0x10/0x10
[ 1357.838315]  __x64_sys_mkdir+0xf3/0x140
[ 1357.838334]  do_syscall_64+0xbf/0x360
[ 1357.838351]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1357.838364] RIP: 0033:0x7f691f5d3c27
[ 1357.838373] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1357.838384] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1357.838396] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d3c27
[ 1357.838403] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020001800
[ 1357.838411] RBP: 00007f691cb4a040 R08: 0000000000000000 R09: 0000000000000000
[ 1357.838418] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200017c0
[ 1357.838425] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1357.838441]  </TASK>
03:38:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xffffffffffffff7e, &(0x7f0000001b00)=0xff)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x401, &(0x7f0000000000))

[ 1357.880224] No source specified
03:38:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x5, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1357.902323] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=10263 comm=syz-executor.6
[ 1357.914283] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=0 sclass=netlink_xfrm_socket pid=10263 comm=syz-executor.6
03:38:09 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x2000000)

03:38:09 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000000)={0x2, 0x1})
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:38:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x96, &(0x7f0000001b00)=0xfc)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x101, 0xf17, &(0x7f0000000000)=0x1)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:38:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 27)

03:38:09 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = syz_io_uring_complete(0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:38:09 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
fdatasync(0xffffffffffffffff)

03:38:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x6, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:09 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x3000000)

[ 1358.057807] No source specified
03:38:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 28)

03:38:19 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x4000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:38:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
msgrcv(0x0, &(0x7f00000001c0), 0x8, 0x0, 0x3800)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='\x00', &(0x7f0000000180)='\x00', 0x0)
r1 = memfd_secret(0x0)
syz_io_uring_setup(0x73d0, &(0x7f0000000080)={0x0, 0x66da, 0x4, 0x1, 0x3b9, 0x0, r1}, &(0x7f0000ffc000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000000), &(0x7f0000000100))
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000200)='rw\x00', 0x0, 0x0)

03:38:19 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, 0xffffffffffffffff)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000000)={0x1, 0x3})

03:38:19 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
sendmsg$NL80211_CMD_DEL_PMKSA(r1, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, 0x0, 0x10, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_SSID={0x16, 0x34, @random="60c9d4d63538087d92f2528adb66ee5f167c"}, @NL80211_ATTR_PMKID={0x14, 0x55, "3651233aab9be07a244b7b4546274a5b"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x100}, @NL80211_ATTR_SSID={0x6, 0x34, @random='g:'}, @NL80211_ATTR_PMK={0x14, 0xfe, "c247e0815d1befb867ee2814d09c3391"}]}, 0x70}, 0x1, 0x0, 0x0, 0x4040080}, 0x4800)
fdatasync(0xffffffffffffffff)

03:38:19 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x9000000)

03:38:19 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000000)='.pending_reads\x00', 0xd0482, 0x6d)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x208800, 0x0)
fsync(r3)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:38:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x7, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1367.192924] FAULT_INJECTION: forcing a failure.
[ 1367.192924] name failslab, interval 1, probability 0, space 0, times 0
03:38:19 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x10000000)

[ 1367.195002] CPU: 0 UID: 0 PID: 10308 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
03:38:19 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000004c0)={0x4c, r0, 0x1, 0xffffffff, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x38, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_LONG={0x5, 0x8, 0xc3}]}, {0x28, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_AMPDU_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_TX_RATE_TYPE={0x5, 0xc, 0x2}, @NL80211_TID_CONFIG_ATTR_RTSCTS_CTRL={0x5}, @NL80211_TID_CONFIG_ATTR_OVERRIDE={0x4}]}]}]}, 0x4c}}, 0x20004040)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

[ 1367.195038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1367.195052] Call Trace:
[ 1367.195062]  <TASK>
[ 1367.195072]  dump_stack_lvl+0xfa/0x120
[ 1367.195114]  should_fail_ex+0x4d7/0x5e0
[ 1367.195147]  ? jbd2_journal_add_journal_head+0x367/0x5d0
[ 1367.195194]  should_failslab+0xc2/0x120
[ 1367.195226]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1367.195276]  jbd2_journal_add_journal_head+0x367/0x5d0
[ 1367.195325]  jbd2_journal_get_create_access+0x44/0x560
[ 1367.195360]  ? lock_is_held_type+0x9e/0x120
[ 1367.195394]  __ext4_journal_get_create_access+0x54/0x1b0
[ 1367.195446]  ext4_getblk+0x3c9/0x8e0
[ 1367.195485]  ? __pfx_ext4_getblk+0x10/0x10
[ 1367.195528]  ? crc32c+0x1ae/0x320
[ 1367.195560]  ext4_bread+0x2e/0x1a0
[ 1367.195597]  ext4_append+0x224/0x530
[ 1367.195641]  ? __pfx_ext4_append+0x10/0x10
[ 1367.195694]  ? __pfx___ext4_new_inode+0x10/0x10
[ 1367.195745]  ext4_init_new_dir+0x21e/0x460
[ 1367.195777]  ? __pfx_ext4_init_new_dir+0x10/0x10
[ 1367.195816]  ext4_mkdir+0x3c5/0xb30
[ 1367.195850]  ? __pfx_ext4_mkdir+0x10/0x10
[ 1367.195889]  ? security_inode_permission+0x72/0xe0
[ 1367.195946]  vfs_mkdir+0x59a/0x8d0
[ 1367.195985]  do_mkdirat+0x19f/0x3d0
[ 1367.196029]  ? __pfx_do_mkdirat+0x10/0x10
[ 1367.196081]  __x64_sys_mkdir+0xf3/0x140
[ 1367.196124]  do_syscall_64+0xbf/0x360
[ 1367.196161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1367.196188] RIP: 0033:0x7f691f5d3c27
[ 1367.196209] Code: 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1367.196233] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 1367.196258] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d3c27
[ 1367.196274] RDX: 0000000000000000 RSI: 00000000000001ff RDI: 0000000020001800
[ 1367.196290] RBP: 00007f691cb4a040 R08: 0000000000000000 R09: 0000000000000000
[ 1367.196306] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000200017c0
[ 1367.196321] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1367.196357]  </TASK>
[ 1367.228499] ENOMEM in journal_alloc_journal_head, retrying.
03:38:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc5a5, 0x4, &(0x7f0000000000)=0x4)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='Huget\x10bfs\x00', &(0x7f0000000140)=',\xab\xd3i}\x00\x8fO\xac\xf2\x00\xe2T\x82\x8e^\xcc\xba\xe7\xd8\x0e\xe2\x81\xe4\x83~5\xf9\xeaf\xedm\xe0\am\xbe\x8e\x93\xcf\x8f`^u\xde\fOa\xfc\xe8\x84\x1cG1\xf1\xdb\x1c\xca\xd7$|KZ5\xd9\xae\x04\x82\xdb\xa6w\xea5\x1b\xbfV\xbe\x97\x95\xd9(M\xb7\xb2m\xc6#\xce\'\xd6\x88QT\x90\xbd\xa2l\xfc\xf5\xc5n\xe9\x8c\xb4\xf0\x8d\xdc\xbb\xc2\xa8\x13w\aF\xd5\x8d\xaf\xaf\xabh\x83D\x01\x84\xe3\xdbE\xf6\xc4\x0f\xfcZ3\x9f\xbf\xfe\xf4g\xe8\x85\xeav\x9b,\x069\xf6\x8e\xde`S\xa0\r]\xd8\xe2\xc6Z\xd5E\xe0\x9fV\xb4\xceQ\xadW\xdbMOFv\xd0\x9e\xc9\x9a)\xf5{iX\x97!\xac#@\xee\xe1r\x15\x9fl\xe4\xdbU\x87\x841o\x95\xf1\x16\x95v\x937\xdc\x80\xa7\xdf\xccg\xdb\x94\xf7ZU\xd4\xe7>*Y+A\xc7\x8f\x13\xb0\xfc]\x00\xd2\x85\xeew\xdeB\t\xb8o\x8e\x8a\xee\a\xe7\x80\x99F\xec\x01\xfc\x00\x86\x12\xa3]T\xfa\xbf2Z\xd2\xc8;&\x05\x80C|\xcc\xee[\xea\n\xd5R\xd5SM\x89\'\x9b8\xad\xfb\xb7\x8c@\xdd\xf3T\x12P\xa3|\xfc\x13\xbd\xb6\xc7\xab\xccg\x9b]\xd0\v?\xbb+\x1b\xe0\xcf\xab\n1T\x8f\xf3|\x01\xbcC\xff\x85\xb1\xd6\x99\xca\xf6G\xf0\xaf\xfd\xd7\xde\xcaN\x16\x7f\x17\x198\xba\x05\xad\xeb\xd2\xa1{=\x16\xca<j\x8cK\xba\x8d9]\r;u<Nx\xe2H\xed', 0x0)

03:38:19 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

[ 1367.299251] No source specified
03:38:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x8, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = msgget$private(0x0, 0x0)
perf_event_open(&(0x7f0000000340)={0x5, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000200), 0x4}, 0x71}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe(0x0)
r1 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lsetxattr$security_capability(0x0, 0x0, 0x0, 0x0, 0x0)
syz_io_uring_setup(0x3e63, &(0x7f0000000a80)={0x0, 0x0, 0x26}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000000b00), &(0x7f0000000b40))
msgctl$MSG_STAT(r0, 0xb, 0x0)
msgctl$IPC_STAT(r0, 0x2, &(0x7f00000004c0)=""/156)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xeb0, 0x100000000, &(0x7f00000000c0))
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
splice(r2, &(0x7f0000000180), r1, &(0x7f00000001c0)=0xffffffffffffffff, 0x9, 0x2)
r3 = syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000140)='./file0/file0\x00', 0x1, 0x2, &(0x7f0000000440)=[{&(0x7f0000000280)="632e008a7382daac8687f9838e34593ea8d5277d2b6c6b6b01615de76cb46d76b96653490657f3c4893d11e75c067fcded0bbcd644793599f1dc5c8b3e900581e685cbfca5d805adfa4e75f016c8c2af944249cf0ca632a77148a09f26600d53db483467e255e106df22ccddf0c711f0457a87000099a61a59aac84c58a5b2b9799441b4473638012b9b40097abf0df38cc40344da8ca675bddf18087c1c78994bc1c9203f83a9b8378697c29d2e275ad88a66bfeb3317ea2f52a3847c81324f391328b8b7a71496fe7cad10b61b711eadd41411c709e8f6abfb9cd3bedf23faa19b191fadb91d21c4eb0a3cd0340892f1917dd56757211c29349cdad7", 0xfd, 0x4}, {&(0x7f0000000380)="b06a0348bb92534657f42c55ab5e040ac6aaa569237c0be5080ccab4a78020471eeb59aa3196b2e47ecdeb7d3531ce0e4bc4cfaa3cc241fcac72fb5dd13567e4e75f8f8ea8ab33d66fde1b51bb86a3307d7c19ab062627dcf7a719bc89c228406adadff9db6339ebb404f7c683e45faae8923fb233ec294bd88c4686ba05298aa162af01cf051cf2", 0x88, 0xc6e4}], 0x1825, &(0x7f0000000480)={[{@iocharset={'iocharset', 0x3d, 'cp775'}}, {@numtail}, {@utf8}]})
dup(r3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x1)
syz_emit_vhci(&(0x7f0000000580)=ANY=[@ANYBLOB="02d8801c00180005001906140020000700060009000600060054000700ffff04009c7e75cabfaf03a161155bb5ac72292aedee2a7628bd9ada53ce0cae600317c5529470c3e195c8f09eb8d91214375826d241014766e6545af43bc477e33195b61d7c3f60fa80562a4e6a4ede428352dd652b0a191b0f883c499f5b631525adbd4f0fc8f08724c4fba95544bb3770dc04000000fa743551542943099606592ea2a802f19cc9a44268ec5774d836e6307fce68da1666021a350158220accd4731ac165e2d44c8f27631f9bb6038c94aca8331954e5df10a0750b72172b80"], 0x21)
syz_emit_vhci(&(0x7f0000000080)=@HCI_EVENT_PKT={0x4, @hci_ev_remote_oob_data_request={{0x35, 0x6}}}, 0x9)
creat(&(0x7f0000000000)='./file0\x00', 0x80)

03:38:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x300, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:19 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
ioprio_get$pid(0x0, r1)

03:38:29 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x6000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:38:29 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 29)

03:38:29 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x4, 0x10010, 0xffffffffffffffff, 0x8000000)
syz_io_uring_setup(0x1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f00000a0000)=nil, &(0x7f00000b0000)=nil, &(0x7f0000000100), &(0x7f0000000140)=<r2=>0x0)
syz_io_uring_submit(0x0, r2, 0x0, 0x8001)
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r3, 0x0, 0x20, 0x0, &(0x7f0000001180))
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_CONNECT={0x10, 0x2, 0x0, r3, 0x80, &(0x7f00000001c0)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}}, 0x3)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='H\xe5\xe4\x9a\xef-\xa0', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:38:29 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x500, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:29 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x1fffefff)

03:38:29 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:38:29 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0xd8b, 0x0, 0x3}, 0x0)
r1 = fork()
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x6, 0x10000044, 0x8000, 0x2, 0xd9, 0x80, 0x0, 0x8000, 0x5}, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
process_vm_readv(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)=""/202, 0xca}, {&(0x7f00000002c0)=""/126, 0x7e}, {&(0x7f0000000340)=""/193, 0xc1}], 0x3, &(0x7f0000000680)=[{&(0x7f0000000100)=""/17, 0x11}, {&(0x7f0000000440)=""/205, 0xcd}, {&(0x7f0000000540)=""/234, 0xea}, {&(0x7f0000000640)}], 0x4, 0x0)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x3, 0x46, 0x10001, 0x7, 0x8, 0x6, 0x8, 0x8000, 0xdf}, 0x0)

03:38:29 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100, 0x4133, &(0x7f0000000140))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/module/video', 0x602000, 0x1a5)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='hugetlbfs\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0)
creat(&(0x7f00000001c0)='./file0\x00', 0x115)
r2 = syz_open_dev$vcsu(&(0x7f0000000100), 0x0, 0x40000)
syz_emit_ethernet(0xfdef, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd6029182b00fe88000000000000000000000000000100000000000000000000ff"], 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000180), 0x5018c1, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
sendfile(r4, r2, &(0x7f0000000240)=0x80000001, 0x9)
ioctl$BLKTRACETEARDOWN(r3, 0x1276, 0x0)
fsmount(r2, 0x1, 0x70)
ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000280)={<r5=>0x0, 0xfffffffffffffffe, 0x2, 0x1})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f0000000680)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f0000000a80)={0x1, 0x6, {0x81, @struct={0x0, 0x80000001}, r5, 0x6, 0x7000000000, 0x0, 0x6, 0x80000001, 0x491, @usage=0xfffffffffffffffc, 0x98, 0x0, [0x965b, 0x5c, 0x7492, 0xe80, 0x4, 0x2]}, {0x6, @struct={0x8000, 0x80000001}, 0x0, 0x2000000000, 0x8, 0x7ff, 0x379, 0x3, 0x0, @usage=0x61c0, 0x7, 0xffff0000, [0x0, 0x5e4, 0x80000001, 0x2, 0x964, 0x7]}, {0x9ceb, @struct, r6, 0xffffffff00000000, 0x4, 0x0, 0x7, 0x7, 0x10, @usage=0x3, 0x8, 0xfffffffb, [0x6, 0x0, 0x7, 0x3edc, 0x80000000, 0x6]}, {0x4, 0x4, 0x1}})

[ 1377.204379] No source specified
03:38:29 executing program 4:
modify_ldt$read(0x0, &(0x7f0000000440)=""/102, 0x66)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:38:29 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=<r2=>0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r1, 0xc0109414, &(0x7f0000000300)={0x513, 0xfffffffffffffff7, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
read(r3, &(0x7f0000000240)=""/136, 0x88)
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x9, 0x0, 0x0, 0x8, 0x0, 0x1, 0x8, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0xe}, 0x10000, 0x29, 0x7fff, 0x0, 0x7, 0x7fffffff, 0x0, 0x0, 0x9, 0x0, 0x4}, r2, 0xb, r0, 0x3)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:38:29 executing program 7:
r0 = accept$packet(0xffffffffffffffff, 0x0, &(0x7f0000000000))
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'veth1_to_team\x00'})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x10000000, 0x19, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:38:29 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:38:29 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 30)

03:38:29 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:38:29 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x600, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:29 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x1ffff000)

03:38:41 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
fdatasync(0xffffffffffffffff)

03:38:41 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x72ee}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:38:41 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x700, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:41 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
msgget(0x3, 0x119)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:38:41 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 31)

03:38:41 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xed410000)

03:38:41 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:38:41 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x1c}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_getparam(r0, &(0x7f0000000040))
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x0, 0x10000064, 0xff, 0x3f, 0x99, 0x100000001, 0x7fffffff, 0x2, 0x6}, 0x0)

[ 1389.987374] No source specified
03:38:41 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 32)

03:38:41 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8a1, 0x2a71c85a, &(0x7f0000000000))
creat(&(0x7f0000000080)='./file0\x00', 0x194)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:38:41 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
getpgid(0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x3, 0x50, 0x0, 0x54, 0xfffffffffffffff8, 0x0, 0x6}, 0x0)

03:38:41 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xfeffffff)

[ 1390.113336] FAULT_INJECTION: forcing a failure.
[ 1390.113336] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1390.115444] CPU: 0 UID: 0 PID: 10421 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1390.115477] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1390.115491] Call Trace:
[ 1390.115499]  <TASK>
[ 1390.115507]  dump_stack_lvl+0xfa/0x120
[ 1390.115544]  should_fail_ex+0x4d7/0x5e0
[ 1390.115574]  _copy_from_user+0x30/0xd0
[ 1390.115608]  memdup_user+0x7e/0xe0
[ 1390.115647]  strndup_user+0x78/0xe0
[ 1390.115693]  __x64_sys_mount+0x136/0x300
[ 1390.115736]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1390.115786]  do_syscall_64+0xbf/0x360
[ 1390.115819]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1390.115844] RIP: 0033:0x7f691f5d604a
[ 1390.115862] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1390.115885] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
03:38:42 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x80000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1390.115908] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1390.115924] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1390.115939] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1390.115954] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1390.115968] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1390.115999]  </TASK>
03:38:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
fdatasync(0xffffffffffffffff)

03:38:53 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x80fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:38:53 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 33)

03:38:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xff600000)

03:38:53 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0xd5, 0x0, 0x0, 0x0, 0x7f}, 0x0, 0xc, 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
clone3(&(0x7f00000003c0)={0x2300480, &(0x7f0000000000)=<r1=>0xffffffffffffffff, &(0x7f0000000080), &(0x7f0000000100), {0x30}, &(0x7f00000001c0)=""/202, 0xca, &(0x7f00000002c0)=""/172, &(0x7f0000000380)=[0x0], 0x1}, 0x58)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1100)
setfsuid(r2)
recvmsg$unix(0xffffffffffffffff, &(0x7f00000008c0)={&(0x7f0000000480)=@abs, 0x6e, &(0x7f0000000800)=[{&(0x7f0000000500)=""/200, 0xc8}, {&(0x7f0000000600)=""/179, 0xb3}, {&(0x7f00000006c0)=""/211, 0xd3}, {&(0x7f00000007c0)=""/48, 0x30}], 0x4, &(0x7f0000000840)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, <r3=>0x0}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}, 0x40)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r6=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r6)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r9=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r7, 0xee00, r9)
fsetxattr$system_posix_acl(r1, &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f0000000900)={{}, {0x1, 0x2}, [{0x2, 0x5, r2}], {0x4, 0x6}, [{0x8, 0x7, r3}, {0x8, 0x2, r6}, {0x8, 0x4, r9}], {0x10, 0x1}, {0x20, 0x1}}, 0x44, 0x3)

03:38:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x1000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:38:53 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x101, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x1, 0x1, 0x1, 0x9, 0x0, 0x9, 0x242, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0xffffffff, 0x1, @perf_bp={&(0x7f0000000000), 0xd}, 0x40180, 0xfff, 0x4, 0x9, 0x3, 0x1, 0xfff, 0x0, 0x9, 0x0, 0x1800}, r0, 0xffffffffffffffff, r1, 0xa)

03:38:53 executing program 2:
r0 = syz_genetlink_get_family_id$ethtool(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_WOL_SET(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="00052200", @ANYRES16=r0, @ANYBLOB="000425bd7000fddbdf250a0000007c000280080002000080ffff66000500060b799ebe3f614a97effe9b91f399c0c5adb51459dfb0069404d982e8b33d089b01991c55cb38a90b89b3cd68201639977fad8a60cbd31b09339c0d4129e3a0d1ce8216a946007d35c1bf9beb775491ccbf59705d6435d13bfa3f00676a39a4affc00000800020005000000"], 0x90}, 0x1, 0x0, 0x0, 0x80}, 0x4040000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000080)='hugetlbfs\x00', 0x0, r1)
ioctl$INCFS_IOC_READ_FILE_SIGNATURE(r2, 0x8010671f, &(0x7f0000000140)={&(0x7f00000000c0)=""/77, 0x4d})

[ 1401.713964] FAULT_INJECTION: forcing a failure.
[ 1401.713964] name failslab, interval 1, probability 0, space 0, times 0
[ 1401.715654] CPU: 0 UID: 0 PID: 10437 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1401.715688] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1401.715700] Call Trace:
[ 1401.715708]  <TASK>
[ 1401.715716]  dump_stack_lvl+0xfa/0x120
[ 1401.715750]  should_fail_ex+0x4d7/0x5e0
[ 1401.715777]  should_failslab+0xc2/0x120
[ 1401.715798]  __kmalloc_cache_noprof+0x73/0x470
[ 1401.715826]  ? __might_fault+0xe0/0x190
[ 1401.715851]  ? copy_mount_options+0x55/0x180
[ 1401.715879]  ? copy_mount_options+0x55/0x180
[ 1401.715900]  ? memdup_user+0x95/0xe0
[ 1401.715932]  copy_mount_options+0x55/0x180
[ 1401.715957]  __x64_sys_mount+0x1ab/0x300
[ 1401.715993]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1401.716038]  do_syscall_64+0xbf/0x360
[ 1401.716067]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1401.716089] RIP: 0033:0x7f691f5d604a
[ 1401.716106] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1401.716126] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1401.716147] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1401.716160] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1401.716173] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1401.716187] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1401.716199] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1401.716227]  </TASK>
03:38:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xffefff1f)

03:38:53 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
sched_setattr(r0, &(0x7f0000000000)={0x38, 0x6, 0x1000003e, 0x5, 0xffff42be, 0x7, 0x1000, 0x6, 0x80000000, 0x4}, 0x0)

03:38:53 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x1, &(0x7f00000000c0)=0x2)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='hugetlbfs\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0)

03:38:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
fdatasync(0xffffffffffffffff)

03:38:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x2000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xfffffffe)

03:39:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xe00000000, 0xffffffffffffff00, &(0x7f0000000000)=0x1)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:39:03 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xc0fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:39:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
ioctl$BLKROGET(r1, 0x125e, &(0x7f0000000000))
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000100)='nolazytime\x00', 0x0, 0x0)

03:39:03 executing program 7:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
perf_event_open(&(0x7f0000000140)={0x3, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x6, 0x8c7d}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
syz_io_uring_setup(0x32e2, &(0x7f0000000040)={0x0, 0x6d1e, 0x8, 0x2, 0xcd}, &(0x7f0000ff4000/0xa000)=nil, &(0x7f0000ff4000/0x4000)=nil, &(0x7f0000000100), &(0x7f00000001c0))
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xae280, 0x10)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x1000001c, 0x2, 0x8, 0x3, 0x0, 0xff, 0x0, 0x48f000}, 0x0)

03:39:03 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff) (fail_nth: 1)

03:39:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x3000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 34)

[ 1411.765451] No source specified
03:39:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 35)

[ 1411.800893] FAULT_INJECTION: forcing a failure.
[ 1411.800893] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1411.801949] CPU: 1 UID: 0 PID: 10487 Comm: syz-executor.4 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1411.801965] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1411.801972] Call Trace:
[ 1411.801976]  <TASK>
[ 1411.801981]  dump_stack_lvl+0xfa/0x120
[ 1411.802001]  should_fail_ex+0x4d7/0x5e0
[ 1411.802017]  _copy_to_user+0x32/0xd0
[ 1411.802035]  simple_read_from_buffer+0xe0/0x180
[ 1411.802053]  proc_fail_nth_read+0x189/0x270
[ 1411.802072]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1411.802090]  ? security_file_permission+0x22/0x90
[ 1411.802105]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1411.802123]  vfs_read+0x1eb/0xbe0
[ 1411.802143]  ? __pfx_vfs_read+0x10/0x10
[ 1411.802161]  ? lock_release+0xc8/0x290
[ 1411.802177]  ? __fget_files+0x20d/0x3b0
[ 1411.802199]  ksys_read+0x121/0x240
[ 1411.802217]  ? __pfx_ksys_read+0x10/0x10
[ 1411.802233]  ? syscall_user_dispatch+0x78/0x140
[ 1411.802250]  do_syscall_64+0xbf/0x360
[ 1411.802266]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1411.802279] RIP: 0033:0x7fd5585ad69c
[ 1411.802288] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1411.802299] RSP: 002b:00007fd555b70170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1411.802310] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007fd5585ad69c
03:39:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x60ffffffffff)

[ 1411.802318] RDX: 000000000000000f RSI: 00007fd555b701e0 RDI: 0000000000000003
[ 1411.802325] RBP: 00007fd555b701d0 R08: 0000000000000000 R09: 0000000000000000
[ 1411.802332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1411.802339] R13: 00007ffc44aad7ff R14: 00007fd555b70300 R15: 0000000000022000
[ 1411.802354]  </TASK>
[ 1411.836195] FAULT_INJECTION: forcing a failure.
[ 1411.836195] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1411.837251] CPU: 1 UID: 0 PID: 10493 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1411.837267] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1411.837274] Call Trace:
[ 1411.837278]  <TASK>
[ 1411.837282]  dump_stack_lvl+0xfa/0x120
[ 1411.837298]  should_fail_ex+0x4d7/0x5e0
[ 1411.837312]  _copy_from_user+0x30/0xd0
[ 1411.837327]  copy_mount_options+0x76/0x180
[ 1411.837341]  __x64_sys_mount+0x1ab/0x300
[ 1411.837361]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1411.837385]  do_syscall_64+0xbf/0x360
[ 1411.837400]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1411.837412] RIP: 0033:0x7f691f5d604a
[ 1411.837421] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1411.837432] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1411.837443] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1411.837450] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1411.837457] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1411.837464] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1411.837471] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1411.837486]  </TASK>
[ 1411.855245] No source specified
03:39:13 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x4000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:13 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xe803}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:39:13 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 36)

03:39:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xffffffffffffffff, &(0x7f0000001b00))
r0 = getpid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200000000000000, 0xfff, &(0x7f0000000080)=0xfc)
r1 = fsopen(&(0x7f0000000040)='fuse\x00', 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r3, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r2, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0x3, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x40005)
sendmsg$netlink(r3, &(0x7f0000000780)={&(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000740)=[{&(0x7f00000000c0)={0x1cc, 0x40, 0x200, 0x70bd2d, 0x25dfdbfd, "", [@generic="a313d50c904f03828ff8065f108918d7455bb5b6aa5ed7b974b40f97f0c574db22b8194d4f9b9d65dd30a6080e7f5a44d31146d886053e36dd9d67617cb5924ab3bda97513", @generic="9d2fa36ac2e0c79361b45e6a472e0db09ea835b399be28b80152cf", @generic="d0bac25cb52406b1907bc7857bd643c8dc92d7a42994106604b37dcc3f608c8484c11b5a045376d12b51d3bbf039f6686f73fcc67a18002a6f6fdb1013f5fef776e7dc5163f47c59952dbe4420f8ab3621e0bbd460794c28cb5c77334134016694c46ddd97948c98e519e8198726fec6164fa57f9215f8206bcac84f663dd6de8109167700acfd25eb126c049adf625dda57300cb32affe816daacba7baf32a482b6b21360689c51c32baf39f9468316a7fe50031c", @generic="8647ab455849a336f2210ef5cc22ff31376420c8dfa0884da4dde8a50a5fd607def8700c256747b13474879576670203dd7db2fbce0019ffe9f36f92a35be9f3052eadd46e0e0c7c233fc216a82c9036d898f144fa3378d1d5a18381554542cd4be1e78363e560bc0c16df71888cdeb51531e74daf10b14f4a027cee4b1634589e0f537bdaaf19d7755c7dd7f53a17360fe958d6224dfa5fd437e7e41e7bcbcabea0ecbc"]}, 0x1cc}, {&(0x7f00000002c0)={0x10, 0x1e, 0x300, 0x70bd2c, 0x25dfdbff}, 0x10}, {&(0x7f0000000300)=ANY=[@ANYBLOB="2404df252a001a8008035700"/24, @ANYRES32=r1, @ANYBLOB="0c005600000000000000000004001400cc1850ed60c12851938f07991a69000008004700", @ANYRES32=r0, @ANYBLOB="080180800500000000000000fa510a9249cf1537b3d12a8963c59c111ef3ea9ef2e9b347d205417000c9ef91c2c2181c6be8321f590df6fbebffc4b1e521dd27871404b38a8ef840ee103b27c4fe02ca1996949c08242d5c4686256892a783e1be831db1eae0a509f81961230b838ca771de645af685a14c53a230cd6e73628bec86181feeb9c72fac8d373f9327910c53548e0200ffa7887532779903bce99e4a84a09b5edb2c1014cfe9da728fb260ee14349cdda53456f3959fb08b75960a023cb875079920e8466752791f7c2cf621e51eebe46734b72bbcf2fba18bae6de738a5ce9437abb2c2371a00a9d929bc595a71aa85d26312d1f8ba8ace8b76f71ad37c08b437586c4f5f06448cc0f3adcb296932c230aa1a9773f21f58dc89606ba495822b1896a39b1e137a7f2aafd5081feeb3c5bd020fda7ad57b4201fc2a98d433bff29d01664a2aacdf1bc5d0d8df55365b3cd0d86b9d18e9e24bf1783e2e09894df26390f79ef5a63ec996bb3ae0661133bcd3d7a9eeccaf702add3f5ba61e0a7d884ad7e8695d0e5906efd6180463598c8d8666433b38ac7dccca662861eeda5407e99516d3db6fdb6320c8a6f879e1e2943f746a44b7446bfea704cccfca1ca9a7ee1f5ca6127112c7d7d10f71047b13b5e9a432c0f0a139d7afa8eba4c604ae1df67739221d34d2d9ef02695c75a84c7502cf1414003d00fc0100000000000000000000000000000c001e000100000000000000270133800900440066757365000000000c007c0001010000000000000a000100265c405e290000000397315d65733891567aabe6c8ab7f399685297128d44cd93ebfdc0d25bd6725c93f2058032c5bafd2ecec1ce89d5246dee7542c28588f58a0fdd7d841d0ab2911ec4ec98181d8e9a7193485c64f816c19e2071c85646f3bb153cf9fadca0c4bfaa7fd9d398f0b33dba675c6012adaf7835e47b098a2a5c13cf8c1c3f1a1e06024da623dc9c097bb41fbd9be7b10ffea03d15337e737fed5f1e449fb81307c4e9fa638aae9a6f0ce4149e973ccb8281bf95ec1d778b35d18680424de615e0378f2d70ac6957630ab92d6b3dc1dc849d90c2e1e1b25acc78e9f9eee081c899f114d4a5a090a5a92f80406a3e1cd8f43d897a98e9c8cdd17261a0f8511fc8a0a004527e4195202b84b7d86c24af3090f57a4d0fad6959eb39e28494be70304974fe9193ab28968bf645062135318f6c95d151d1699fc0362221fbe3d8b88652967c33e15c0ba8cc224673ff6d71774e568e0460edac38fe53da7f948184f423746e59f1f7f10d8a84ba6a0c5071ac1dae31b4503831f0819b01088c2a13d25290b0478316d41be6c468885c93c92d1a92cd214d7499adf30c890fb4b34197c0000"], 0x424}], 0x3, 0x0, 0x0, 0x8810}, 0x0)

03:39:13 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x40, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000002, 0x80010, r1, 0x97bf5000)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:13 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:39:13 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
perf_event_open(&(0x7f0000000480)={0x0, 0x80, 0x20, 0x1f, 0x7, 0x1, 0x0, 0x0, 0x20000, 0xa, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x7, 0x2, @perf_config_ext={0xdc, 0x6}, 0x1a20, 0x6, 0x3, 0x4, 0x4, 0x6, 0xfffe, 0x0, 0x3, 0x0, 0x20}, 0x0, 0x1, r0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(r0, 0xc0189376, &(0x7f0000000440)=ANY=[])
close_range(r1, 0xffffffffffffffff, 0x2)
r3 = getpgid(0x0)
sched_setattr(r3, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r4 = clone3(&(0x7f0000000380)={0x10862000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x37}, &(0x7f00000001c0)=""/185, 0xb9, &(0x7f0000000280)=""/249, &(0x7f0000000100)=[r3], 0x1}, 0x58)
sched_setattr(r4, &(0x7f0000000400)={0x38, 0x2, 0x1, 0xe9, 0x9, 0x0, 0x7770431d, 0x5, 0x6}, 0x0)

03:39:13 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x7f15c7be8fff)

[ 1421.212103] FAULT_INJECTION: forcing a failure.
[ 1421.212103] name failslab, interval 1, probability 0, space 0, times 0
[ 1421.214006] CPU: 0 UID: 0 PID: 10514 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1421.214038] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1421.214051] Call Trace:
[ 1421.214060]  <TASK>
[ 1421.214069]  dump_stack_lvl+0xfa/0x120
[ 1421.214105]  should_fail_ex+0x4d7/0x5e0
[ 1421.214135]  ? getname_flags.part.0+0x48/0x540
[ 1421.214163]  should_failslab+0xc2/0x120
[ 1421.214186]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1421.214228]  getname_flags.part.0+0x48/0x540
[ 1421.214258]  getname_flags+0x95/0xe0
[ 1421.214293]  user_path_at+0x27/0x90
[ 1421.214328]  __x64_sys_mount+0x1e9/0x300
[ 1421.214369]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1421.214417]  do_syscall_64+0xbf/0x360
[ 1421.214449]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1421.214474] RIP: 0033:0x7f691f5d604a
[ 1421.214492] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1421.214514] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1421.214537] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1421.214553] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1421.214569] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1421.214585] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1421.214600] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1421.214630]  </TASK>
03:39:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x0, &(0x7f0000000000))
mprotect(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x8)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x114)
r0 = syz_open_dev$vcsn(&(0x7f00000000c0), 0x7058, 0x40000)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='hugetlbfs\x00', &(0x7f0000000140)='[\x00', 0x0)

03:39:13 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x4, &(0x7f0000000000)=0x7d, 0x4)
fdatasync(0xffffffffffffffff)
openat$sr(0xffffffffffffff9c, &(0x7f0000000040), 0x640800, 0x0)

03:39:13 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x7ffffffff000)

03:39:13 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x5000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:13 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47a226104990cd5b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x1000}, 0x0, 0x10, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000000)='\x00', 0x0, r1)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000003c0)='\x80)-$].\x00KT\xca\xfe\x02>\x83<PoZ\xeb\x9c+\x93\x04Bv\x06\xbaNAD}4rf6\x02\x87 f\xad\xad&!\xe9\xd7\x84\x11jP\xfdPN F\x8a\x1eT\x8c\xfcL\xb2l(c\xbf>\xf0(m\xaa\x13Svd\x12gn\x968s\x9c\x82\x81\xf7\x89\xd4\t!\x85us5\x97\x18\xdf\x92\xa5\xd9\x9b\x8b\x9b\x8a\xc4\xf23\xea\x0e\x14\xd6Zj\x9a\"\xcd\xfex>\xc3\xce6[\x82\xe0\r{\xbb\x89\xd5\x96a;\xc21\xb7\x89\x1f\xfef\xdeY\xab\x87\xa7\x96\xfc\x94\xfb\xfaLO\xb1-w\xf1\xde\xb8\x1bOv\xfed\xfc\xd2v\x96\xeaV\xb2]\xd0\x906\xe4\xaf\xbe\xc4\xcf\x95)\xfe\xad\xb1\x91\x05\xff\x82\\\xfc\x01q\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00 vm\x11OB\xdb\xa2\xb8\xca\xb7\xf4\xe5V\x17\xe8\xd7\xeeG#\xb1\x86%;f\tD?\xe7\xdc\xeb\xc5P\xaf\xa3q\xb0\xa3f\x83YF\xd4c\xbd\xc9\xe27\xb4\xa9(n\xb2\x14\x82\v\x82\xb6V\x81\x8c{\xb3\xdd\xc0\xbbI)\x84\x88\x11\x1f\xc5\xe7\xca\x0e\xf9@O\xc2\x93o\xd2q\a\x9c\xa0b\xd6\xe3\xf7\xa0\x14\xc4c\xe3?(\t\xe9\xa9\xcf)\xd1\'Ks\x8f\xe6\x06M', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:13 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))

03:39:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x6, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:39:13 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 37)

03:39:13 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x20, &(0x7f0000000040)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20, 0x7f4, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

[ 1421.439489] No source specified
03:39:23 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x400000080000, &(0x7f0000001b00))
fsopen(&(0x7f0000000000)='aufs\x00', 0x0)

03:39:23 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x971, 0x1000, &(0x7f0000000080)=0x1c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffa, 0x1f, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)
mlock(&(0x7f0000ffd000/0x1000)=nil, 0x1000)

03:39:23 executing program 7:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000080), 0x10900, 0x0)
fgetxattr(r0, &(0x7f0000000040)=@known='trusted.overlay.redirect\x00', &(0x7f00000001c0)=""/195, 0xc3)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$AUTOFS_IOC_EXPIRE(r0, 0x810c9365, &(0x7f00000002c0)={{0x2, 0x7}, 0x100, './file0\x00'})
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x83, 0x0, 0xfe79, 0x0, 0x1}, 0x0)

03:39:23 executing program 6:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_SET_FEATURES(r0, 0x40309439, &(0x7f0000000000)={0x1, 0x2, 0x14})
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000080), 0x202000, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f00000001c0)={0x0, 0x0, {}, {0x0, @struct, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @struct, <r3=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f00000005c0)={0x10, 0x4, {0x1, @usage=0x1, 0x0, 0x48a, 0x4, 0x800, 0x89e, 0x5, 0x8, @struct={0x7f, 0x8}, 0x2, 0xb89f, [0x3ff, 0x2, 0x2, 0x4422, 0x36, 0x1000]}, {0x1, @usage=0x84e, <r4=>0x0, 0x47, 0x3ff, 0x5, 0xfffffffffffffff9, 0x7ff, 0x402, @usage=0x8, 0x40004000, 0x0, [0xffffffffffff7fff, 0x5, 0x3, 0x100, 0x3, 0x1]}, {0xfffffffffffffe01, @struct={0xc6, 0x1ff}, 0x0, 0x6, 0x1, 0x9, 0x3, 0x1, 0x80, @usage=0x8, 0x9, 0x0, [0x6, 0x3, 0x3, 0x38b, 0x3, 0x20]}, {0x8, 0x200, 0x97}})
ioctl$BTRFS_IOC_BALANCE_V2(r2, 0xc4009420, &(0x7f00000009c0)={0xf, 0x5, {0x3, @struct={0xfffffff8, 0x8000}, r3, 0x6, 0xfffffffffffffffb, 0x40, 0x0, 0x7ab8, 0xa0, @struct={0x0, 0x1}, 0x0, 0x3, [0x45, 0x4, 0x3, 0x7, 0xffffffffffffffff, 0x1]}, {0x1, @usage=0x4, 0x0, 0x2, 0x1c0, 0xfff, 0x1, 0x81, 0x402, @struct={0x10001, 0x81}, 0x9, 0x3ff, [0x0, 0x1, 0x80, 0xae3, 0x2, 0x2]}, {0x8, @struct={0x800, 0x9199}, r4, 0x100000000, 0xfffffffffffffffb, 0x4, 0xffffffffffffff18, 0x9, 0x100, @usage=0x9, 0x1f, 0x2, [0x80000000, 0x20, 0x3ff, 0x2, 0xfffffffffffffffa, 0x7]}, {0x10001, 0x1, 0x74}})
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:23 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x8000000000000)

03:39:23 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 38)

03:39:23 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xee72}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:39:23 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x6000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1431.209565] FAULT_INJECTION: forcing a failure.
[ 1431.209565] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1431.210541] CPU: 1 UID: 0 PID: 10561 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1431.210558] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1431.210565] Call Trace:
[ 1431.210570]  <TASK>
[ 1431.210575]  dump_stack_lvl+0xfa/0x120
[ 1431.210599]  should_fail_ex+0x4d7/0x5e0
[ 1431.210617]  strncpy_from_user+0x3b/0x2f0
[ 1431.210639]  getname_flags.part.0+0x8d/0x540
[ 1431.210660]  getname_flags+0x95/0xe0
[ 1431.210677]  user_path_at+0x27/0x90
[ 1431.210696]  __x64_sys_mount+0x1e9/0x300
[ 1431.210717]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1431.210741]  do_syscall_64+0xbf/0x360
[ 1431.210759]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1431.210772] RIP: 0033:0x7f691f5d604a
[ 1431.210781] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1431.210793] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1431.210805] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1431.210813] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1431.210820] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1431.210828] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1431.210835] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1431.210850]  </TASK>
03:39:23 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xf0ff1f00000000)

03:39:23 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 39)

03:39:23 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xf0ffffff7f0000)

03:39:23 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x22, 0x0, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:39:23 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x7000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1431.334952] FAULT_INJECTION: forcing a failure.
[ 1431.334952] name failslab, interval 1, probability 0, space 0, times 0
[ 1431.335884] CPU: 1 UID: 0 PID: 10578 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1431.335900] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1431.335911] Call Trace:
[ 1431.335916]  <TASK>
[ 1431.335921]  dump_stack_lvl+0xfa/0x120
[ 1431.335945]  should_fail_ex+0x4d7/0x5e0
[ 1431.335962]  should_failslab+0xc2/0x120
[ 1431.335975]  __kmalloc_cache_noprof+0x73/0x470
[ 1431.335995]  ? find_held_lock+0x2b/0x80
[ 1431.336013]  ? __get_fs_type+0xe6/0x160
[ 1431.336025]  ? alloc_fs_context+0x58/0x9e0
[ 1431.336046]  ? alloc_fs_context+0x58/0x9e0
[ 1431.336061]  ? _raw_read_unlock+0x1e/0x40
[ 1431.336073]  alloc_fs_context+0x58/0x9e0
[ 1431.336093]  path_mount+0xab9/0x1d70
[ 1431.336114]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1431.336136]  ? __pfx_path_mount+0x10/0x10
[ 1431.336155]  ? kmem_cache_free+0x2a1/0x460
[ 1431.336172]  ? putname.part.0+0x11b/0x160
[ 1431.336186]  ? getname_flags.part.0+0x1c6/0x540
[ 1431.336201]  ? putname.part.0+0x11b/0x160
[ 1431.336216]  __x64_sys_mount+0x27b/0x300
[ 1431.336236]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1431.336259]  do_syscall_64+0xbf/0x360
[ 1431.336276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1431.336289] RIP: 0033:0x7f691f5d604a
[ 1431.336298] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1431.336310] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1431.336321] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1431.336329] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1431.336336] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1431.336343] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1431.336350] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1431.336365]  </TASK>
03:39:23 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000000)='{\t)\'\x00')
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_getscheduler(r2)

03:39:23 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 40)

03:39:23 executing program 2:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_UPDATE_CONNECT_PARAMS(r1, &(0x7f0000000580)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000540)={&(0x7f0000000200)={0x32c, r2, 0x300, 0x70bd29, 0x25dfdbfd, {{}, {@void, @void}}, [@fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0x6, 0xf9, "9852"}], @fils_params=[@NL80211_ATTR_FILS_ERP_USERNAME={0xf, 0xf9, "cf4dfa99e9c5fd77aba943"}, @NL80211_ATTR_FILS_ERP_RRK={0x80, 0xfc, "70c9ccb8f0f410000dbf2863aacc80361eee5dccd054a685383cfd8a45843804e20b0fea7870bfc41331af5b66c67af0fdb8b0fef009cce2b65dd12b6da65fc8ffb0d5f9dac8e3cec3c4b8f1ecac3c8db11def4c6dfb34e3f656a254e8ce8136245771ee7ec111b7fcea8b65c9b461208e3f32bf2aff71f625e639ff"}, @NL80211_ATTR_FILS_ERP_USERNAME={0x5, 0xf9, "bb"}], @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x5}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x3}, @NL80211_ATTR_FILS_ERP_RRK={0x4}, @NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x8}], @fils_params, @fils_params=[@NL80211_ATTR_FILS_ERP_NEXT_SEQ_NUM={0x6, 0xfb, 0x1000}], @fils_params, @NL80211_ATTR_IE={0x190, 0x2a, [@prep={0x83, 0x1f, @not_ext={{}, 0x81, 0x0, @device_b, 0x401, "", 0x7, 0x3, @device_a, 0x4}}, @tim={0x5, 0x37, {0x8f, 0xbf, 0x9, "50e696d2a338dda3c306a3564e6666cde9ddd2f7d0e8aa8063091f24d479462acc90393a847169aace9cacf7d982bf6fbb1cf645"}}, @perr={0x84, 0x5c, {0x5, 0x6, [@not_ext={{}, @broadcast, 0x1, "", 0x2d}, @not_ext={{}, @broadcast, 0x2, "", 0x1c}, @not_ext={{}, @device_a, 0x7f, "", 0x35}, @ext={{}, @broadcast, 0x10, @broadcast, 0x16}, @not_ext={{}, @broadcast, 0x4, "", 0x8}, @ext={{}, @device_b, 0x20, @device_a, 0x3c}]}}, @ssid={0x0, 0x6, @default_ap_ssid}, @gcr_ga={0xbd, 0x6, @broadcast}, @mic={0x8c, 0x10, {0x2b1, "a2c454369f07", @short="92783142a516a02d"}}, @link_id={0x65, 0x12, {@from_mac, @device_a, @broadcast}}, @perr={0x84, 0x9c, {0x2, 0xa, [@ext={{}, @broadcast, 0x6, @broadcast, 0x16}, @ext={{}, @broadcast, 0xffc, @device_b, 0x1b}, @not_ext={{}, @device_b, 0x10000, "", 0xf}, @ext={{}, @device_a, 0xffff, @device_a, 0x35}, @not_ext={{}, @broadcast, 0x7, "", 0x25}, @not_ext={{}, @device_a, 0x5, "", 0x12}, @not_ext={{}, @device_b, 0xfffffffa, "", 0x22}, @ext={{}, @device_a, 0xf6a, @device_b, 0xe}, @not_ext={{}, @device_a, 0x5, "", 0x2c}, @not_ext={{}, @device_b, 0x80000000, "", 0x2f}]}}]}, @fils_params=[@NL80211_ATTR_FILS_ERP_REALM={0xc4, 0xfa, "5db6d95752c2fe1437dca28c1c28e38570f3c5caae4122ec0bfcdf28fae1023e07a1d75ebae6a2f8e62b8df4856bc694a63bd08bded59f9d6e2f541eeb92509f3827a0981bf78a88d5e2a38e180467af03b6ce9c1715d17a7b9638e2ab8404c6eac5114b6630a4614df742424236ca81f2fddf59a4c83962c9cd4b6815d1b7348ae8530885f3df916338359ac65aa33b8d84657d1845a33a376baac0b23ea98cf493e48783d6537c81b1d92a078749c7b8b34fcd451610d880c697a25483ee92"}]]}, 0x32c}, 0x1, 0x0, 0x0, 0x20040881}, 0x815)
sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8807002c}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, 0x0, 0x8, 0x70bd29, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_SERVICE={0x2c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'dh\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'wrr\x00'}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x3}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'sed\x00'}]}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @private=0xa010102}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000090}, 0x24000040)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x4)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

[ 1431.441599] No source specified
03:39:23 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x8000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:23 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x100000000000000)

03:39:23 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 41)

[ 1431.570549] No source specified
03:39:33 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfffffffffffffffd, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:39:33 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x200000000000000)

03:39:34 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 42)

03:39:34 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x8000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:34 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgrp(0x0)
perf_event_open(&(0x7f0000000000)={0x3, 0x80, 0x2, 0x3, 0x40, 0xc3, 0x0, 0x81, 0x8, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x4, 0x2, @perf_config_ext={0x9, 0x100000000}, 0x500, 0x4, 0x1ff, 0x4, 0x6, 0x5, 0x2, 0x0, 0x7f, 0x0, 0x2}, r0, 0x5, 0xffffffffffffffff, 0x1)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
sched_setattr(r1, &(0x7f0000000080)={0x38, 0x5, 0x28, 0x80000001, 0x0, 0x9, 0x0, 0x5b8c, 0x7, 0xc4b5}, 0x0)

03:39:34 executing program 2:
arch_prctl$ARCH_SET_CPUID(0x1012, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
getpid()
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = getpgid(0x0)
sched_setattr(r3, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
kcmp(r0, r3, 0x6, 0xffffffffffffffff, r2)

03:39:34 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = inotify_init()
r3 = inotify_add_watch(r2, &(0x7f0000000040)='./file0\x00', 0xd400080b)
inotify_rm_watch(r2, r3)
inotify_rm_watch(r1, r3)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r4, 0x0, 0x0)
inotify_add_watch(r4, &(0x7f0000000000)='./file0\x00', 0x1000cc1)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:34 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xf401}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

[ 1442.141032] No source specified
03:39:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:39:34 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x100000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:34 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 43)

03:39:34 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x300000000000000)

03:39:34 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x3ff, &(0x7f0000000000)=0x1)
r0 = fsopen(&(0x7f0000000080)='iso9660\x00', 0x0)
ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000040)=0x466)
r1 = fsmount(0xffffffffffffffff, 0x0, 0xf9)
dup2(r1, r0)

03:39:34 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, @perf_bp={0x0}, 0x0, 0x4, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:34 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(r0)
move_pages(r2, 0x2, &(0x7f0000000100)=[&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f00000001c0)=[0xfffffff9, 0xffffffff], &(0x7f0000000200)=[0x0, 0x0, 0x0], 0x6)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x1, 0x8, 0x9, 0xb85d, 0x8, 0x1, 0x2, 0x8}, 0x0)
sched_setattr(r1, &(0x7f0000000080)={0x38, 0x6, 0x40, 0x10000, 0x6, 0x0, 0x4, 0x7, 0xffffffff, 0x9}, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x38, 0x8001, 0x8, 0x3ff, 0xb28, 0x6, 0x7f, 0xe6ef}, 0x0)
setpriority(0x2, r0, 0x101)

[ 1442.351033] FAULT_INJECTION: forcing a failure.
[ 1442.351033] name failslab, interval 1, probability 0, space 0, times 0
[ 1442.353033] CPU: 1 UID: 0 PID: 10636 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1442.353066] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1442.353080] Call Trace:
[ 1442.353088]  <TASK>
[ 1442.353096]  dump_stack_lvl+0xfa/0x120
[ 1442.353132]  should_fail_ex+0x4d7/0x5e0
[ 1442.353162]  should_failslab+0xc2/0x120
[ 1442.353185]  __kmalloc_node_track_caller_noprof+0xb8/0x490
[ 1442.353220]  ? find_held_lock+0x2b/0x80
[ 1442.353255]  ? __create_object+0x59/0x80
[ 1442.353282]  ? vfs_parse_fs_string+0xc3/0x150
[ 1442.353320]  kmemdup_nul+0x3b/0xa0
[ 1442.353357]  vfs_parse_fs_string+0xc3/0x150
[ 1442.353389]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[ 1442.353436]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 1442.353468]  vfs_parse_monolithic_sep+0x177/0x200
[ 1442.353503]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[ 1442.353536]  ? msdos_init_fs_context+0x52/0x70
[ 1442.353570]  ? alloc_fs_context+0x5c0/0x9e0
[ 1442.353610]  path_mount+0x11e7/0x1d70
[ 1442.353650]  ? trace_irq_enable.constprop.0+0xc2/0x100
[ 1442.353698]  ? __pfx_path_mount+0x10/0x10
[ 1442.353737]  ? kmem_cache_free+0x2a1/0x460
[ 1442.353771]  ? putname.part.0+0x11b/0x160
[ 1442.353797]  ? getname_flags.part.0+0x1c6/0x540
[ 1442.353828]  ? putname.part.0+0x11b/0x160
[ 1442.353858]  __x64_sys_mount+0x27b/0x300
[ 1442.353898]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1442.353947]  do_syscall_64+0xbf/0x360
[ 1442.353979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1442.354003] RIP: 0033:0x7f691f5d604a
[ 1442.354021] Code: 48 c7 c2 bc ff ff ff f7 d8 64 89 02 b8 ff ff ff ff eb d2 e8 b8 04 00 00 0f 1f 84 00 00 00 00 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1442.354044] RSP: 002b:00007f691cb49fa8 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5
[ 1442.354067] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f691f5d604a
[ 1442.354082] RDX: 00000000200017c0 RSI: 0000000020001800 RDI: 0000000000000000
[ 1442.354096] RBP: 00007f691cb4a040 R08: 00007f691cb4a040 R09: 00000000200017c0
[ 1442.354111] R10: 0000000000000000 R11: 0000000000000206 R12: 00000000200017c0
[ 1442.354125] R13: 0000000020001800 R14: 00007f691cb4a000 R15: 0000000020001940
[ 1442.354156]  </TASK>
03:39:44 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xff, 0x8, &(0x7f0000000000)=0x1)
fdatasync(0xffffffffffffffff)

03:39:44 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x200000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:44 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x900000000000000)

03:39:44 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xfc00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:39:44 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x3, 0x22, 0x0, 0x8, 0x81, 0x7, 0x3, 0x80}, 0x0)
clone3(&(0x7f00000002c0)={0x2100000, &(0x7f0000000000), &(0x7f0000000040)=<r1=>0x0, &(0x7f0000000080), {0x1d}, &(0x7f00000001c0)=""/162, 0xa2, &(0x7f0000000100)=""/42, &(0x7f0000000280)=[r0, r0], 0x2}, 0x58)
sched_setattr(r1, &(0x7f0000000340)={0x38, 0x1, 0x1a, 0x7fff, 0x7, 0x3ff, 0x3, 0x33d, 0x0, 0x8001}, 0x0)

03:39:44 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000000000)=0x8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0xfffffffffffff3dd, &(0x7f0000000080)=0x1)
dup(0xffffffffffffffff)
fsopen(&(0x7f0000000040)='nsfs\x00', 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x85, 0x7, 0x3, 0x2, 0x7}, 0x0)
syz_open_procfs(r0, &(0x7f00000000c0)='maps\x00')

03:39:44 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:44 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 44)

[ 1452.309268] No source specified
03:39:44 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x1000000000000000)

03:39:44 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x300000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:44 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]}) (fail_nth: 45)

03:39:44 executing program 7:
r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$IPVS_CMD_ZERO(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB='^\x00@\x00', @ANYRES16=r0, @ANYBLOB="20022bbd7000fedbdf25100000002c0001800800080040000000060004004e2100000600010002000000070006006c63000006000200080000001c0003800500080006000000080005000a0101010800010002000000"], 0x5c}, 0x1, 0x0, 0x0, 0x10}, 0x8000)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x4, 0x8, 0x8f, 0x1, 0x0, 0x5b0, 0x1000, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffff95e3, 0x0, @perf_config_ext={0x9, 0x5}, 0x12, 0x9, 0x2, 0x6, 0x80, 0x80000000, 0xfff, 0x0, 0x1, 0x0, 0x10001}, 0xffffffffffffffff, 0x1, r1, 0x9)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:39:44 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x4, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
ioctl$CDROM_GET_MCN(0xffffffffffffffff, 0x5311, &(0x7f0000000000))

03:39:44 executing program 6:
r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff)
r1 = perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x57, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, @perf_config_ext={0x203, 0x7}, 0x0, 0x0, 0x4010, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, r0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:39:44 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xed41000000000000)

[ 1452.522717] No source specified
[ 1452.532705] FAULT_INJECTION: forcing a failure.
[ 1452.532705] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1452.534713] CPU: 0 UID: 0 PID: 10690 Comm: syz-executor.1 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1452.534742] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1452.534754] Call Trace:
[ 1452.534761]  <TASK>
[ 1452.534770]  dump_stack_lvl+0xfa/0x120
[ 1452.534803]  should_fail_ex+0x4d7/0x5e0
[ 1452.534829]  _copy_to_user+0x32/0xd0
[ 1452.534860]  simple_read_from_buffer+0xe0/0x180
[ 1452.534892]  proc_fail_nth_read+0x189/0x270
[ 1452.534927]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1452.534960]  ? security_file_permission+0x22/0x90
[ 1452.534986]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1452.535019]  vfs_read+0x1eb/0xbe0
[ 1452.535057]  ? __pfx_vfs_read+0x10/0x10
[ 1452.535090]  ? lock_release+0xc8/0x290
[ 1452.535118]  ? __fget_files+0x20d/0x3b0
[ 1452.535159]  ksys_read+0x121/0x240
[ 1452.535190]  ? __pfx_ksys_read+0x10/0x10
[ 1452.535231]  do_syscall_64+0xbf/0x360
[ 1452.535261]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1452.535284] RIP: 0033:0x7f691f58769c
[ 1452.535300] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1452.535320] RSP: 002b:00007f691cb4a170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1452.535341] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 00007f691f58769c
[ 1452.535355] RDX: 000000000000000f RSI: 00007f691cb4a1e0 RDI: 0000000000000003
[ 1452.535368] RBP: 00007f691cb4a1d0 R08: 0000000000000000 R09: 00000000200017c0
[ 1452.535381] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1452.535393] R13: 00007ffda8a1ad2f R14: 00007f691cb4a300 R15: 0000000000022000
[ 1452.535422]  </TASK>
03:39:54 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xfe80}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:39:54 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2)
ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r3=>r0, {0x3}}, './file0\x00'})
r4 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r5, 0x0, 0x20, 0x0, &(0x7f0000001180))
ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r5, 0x8983, &(0x7f0000000000)={0x1, 'bridge0\x00', {}, 0x8000})
read(0xffffffffffffffff, 0x0, 0x0)

03:39:54 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x400000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:54 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = fork()
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x1, 0x44, 0x2, 0x60, 0xcf2e, 0x7, 0x3ff, 0x5}, 0x0)

03:39:54 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xfeffffff00000000)

03:39:54 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='\x00', &(0x7f0000000140)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='jfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
read(r1, 0x0, 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x2, 0x103)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='sync\x00', 0x0, 0x0)
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/module/hibernate', 0x101040, 0x100)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
ioctl$FICLONERANGE(r2, 0x4020940d, &(0x7f0000000200)={{r3}, 0x2, 0xcf7d, 0x3})

03:39:54 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:39:54 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1462.150909] No source specified
03:39:54 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
sched_setattr(r0, &(0x7f0000000000)={0x38, 0x0, 0x35, 0x5, 0x1, 0xffffffff, 0x181, 0xfff, 0x5, 0xfff}, 0x0)

03:39:54 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:39:54 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r1=>0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r2, &(0x7f0000000080)={0x38, 0x7, 0x40, 0x4, 0x1, 0x7, 0x7fff, 0x1000, 0x10001, 0x2}, 0x0)
r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x2001, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r3, 0xc0502100, &(0x7f00000001c0))
sched_setattr(r1, &(0x7f0000000040)={0x38, 0x5, 0x10, 0xff, 0x4, 0xffff, 0x3, 0x3, 0xe6, 0x101}, 0x0)

03:39:54 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x500000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:39:54 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xff8fbec7157f0000)

[ 1462.345646] No source specified
[ 1462.354062] No source specified
03:40:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xffefff1f00000000)

03:40:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x0, 0x1}, 0x42009, 0x0, 0x0, 0x4}, 0xffffffffffffffff, 0x400000000000000, 0xffffffffffffffff, 0x9)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x80800)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
tee(r3, r1, 0x7, 0x5)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
r5 = syz_open_dev$ttys(0xc, 0x2, 0x1)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(0xffffffffffffffff, 0xc0189374, &(0x7f0000000280)=ANY=[@ANYBLOB="11000000010000001800000069346a3475c26d180b946ef7865bcce73ee7273672557248189ac4821539c2317ee29ab20580485ba5a214676b980d6b495cc20f1b906a81368cb16204b4b53097dd1256575c6b173c588c1244e7d2210dbf02cc29683a97deb96eb3ff92ae91e58755f628d54e848d7e428d1dc0c03ecfbfca2028e3520c7ef7fe8d5e042b834e9891090000000000000000", @ANYRES32=r5, @ANYBLOB="04000000000000002e2f66696c653000"])
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='/.()-]-\xb2\x00', &(0x7f0000000200)='\x80)-$].\x00', 0x0)
fsync(r4)

03:40:03 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800, 0xfffffffffffffffc, &(0x7f0000000040))
fdatasync(0xffffffffffffffff)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/module/usblp', 0x88c02, 0xc)
write$P9_RREAD(r0, &(0x7f0000000200)={0x8a, 0x75, 0x1, {0x7f, "e85709515fd8207683912f06ddc3cf27d5b74ac6862ac7fca7709dce66e3519fa6f76cfe0bdaca88b92293f488b3b29c0ba3ca9373d84fe098a93274764514ee5bc28aaa179aa2289d01d8e64edc2b16401ff4acde97075ddebdd912a15d3f0338e5caf80dc3ce1e1fd247c57235c58d02bfae1185e1ff5253d1bfadc1ab49"}}, 0x8a)
ioctl$PIO_FONTX(r0, 0x4b6c, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000b00), r0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(0xffffffffffffffff, &(0x7f0000000c00)={&(0x7f0000000ac0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000bc0)={&(0x7f0000000b40)={0x2c, r1, 0x0, 0x70bd2c, 0x0, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x2c}}, 0x0)
fchmod(0xffffffffffffffff, 0x10)
lseek(0xffffffffffffffff, 0x0, 0x3)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r1, 0x800, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x6}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x9e0a}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5a1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xe8b2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x48095}, 0x8011)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fgetxattr(r2, &(0x7f0000000000)=@random={'security.', '[\x00'}, &(0x7f00000001c0)=""/10, 0xa)

03:40:03 executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000000)='securityfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x8872, &(0x7f0000000040))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x5a4, &(0x7f0000000080))
creat(&(0x7f00000000c0)='./file0\x00', 0x0)

03:40:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x3, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x600000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:40:03 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xfec0}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:03 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
perf_event_open(&(0x7f0000001340)={0x0, 0x80, 0x0, 0x3, 0x7, 0x3, 0x0, 0x8, 0x2029, 0x3, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x101, 0x4, @perf_bp={&(0x7f0000001300), 0x8}, 0x28a0, 0xef, 0x3, 0x4, 0x9, 0x8001, 0x100, 0x0, 0x1, 0x0, 0x3}, r0, 0x10, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
process_vm_writev(r2, &(0x7f0000000100)=[{&(0x7f0000000000)=""/120, 0x78}, {&(0x7f0000000080)=""/12, 0xc}], 0x2, &(0x7f00000012c0)=[{&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/58, 0x3a}, {&(0x7f0000001200)=""/181, 0xb5}], 0x3, 0x0)
pidfd_open(r2, 0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

[ 1471.873449] No source specified
[ 1471.877231] No source specified
03:40:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x700000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:40:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x4, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xffffffffff600000)

[ 1471.996081] No source specified
[ 1472.003574] No source specified
03:40:03 executing program 7:
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x8000, &(0x7f00000005c0)=ANY=[@ANYBLOB="74000000803d7463702c706f72743d3078303030303030303030303030346532302c64656275673d3078303030303030303030303030303030362c736d61636b6673666c6f6f723d5d2c646f6e745f686173682c736d61636b66737472616e736d7574653d2cf492afd5515c635a368bf371a4b177bae410a00c6c3217d97a404ed2c27376cc41dbd3eb769d5b0e8cd7ab0b36c09b78511d4433d5129da2f9b4db45ff9c908f9b02fd8f10aab17cdcc25d0c7d62b54a11b5f2dc91e2209413bd930773d3b4dbae489b77d6b5b1209d11b0bf1dc32b8f7cd4e411a4a59f664d295df88ca05e55b8e744bc1b42cbe030c61592deccefca0c285e7c9a6f779f4704ae28a9053c0bfad586416bc23f2303a3c491af790c0ccfd43d28414eccbb6f584c2c1a15ab0789903e78a212b8e75c1f55640c17a450a5a97cf4a484b620069828d4deec028c75a0d8486106d21bc4fba8a7e716fee503ab05bb0c6304bfb710f0c1423c8a2955f20d43d80166181dc4e3c98bccd5d24fe8013ce588cd501c0d5066925d3a2006f1fdbd2dd6a3e538c0fefae5a330a54245ecf2f11233bcceb9b870d5d5638087672a9df74fa855badbfa519124b0766b9eda722abd92b6ccc07e950128dd12becc3d5efc3988d8f9417dfbfdaf8730de4d992ad464f31da7a137637d04eefea92827bf316929a165696c1b88c61bb3a4d322160d73c86e21811df65df47b18e217ab5ff9ebc11376a2586665f0aa5bda0dd9e52957b7a7a495447886ed1fb382338f3c7862df0cb9ec07df8870e78210b2893cce102fc72ef14d3f635ea7c48a990536681a0fbcb61e07a70f888e810080bd2f922f121f48e8190867295ab21b643d78a169ed477c1e26729c9d4c371ef285562eabed5b9155bb907adbd0f01f142f5c3b6617c27081c2146aad48f7cb5551f16b92db5098d7b60964b31b79b0913d22fd3e74d26d5676e524a8733ff98e19a4be554ed1764e1bc33af1ab164c744363899bbb553369b9b235d6c40f7c6a1fee6edf9957244025aebb721f"])
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0xffffffffffff7c72, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/module/nf_conntrack_irc', 0x10041, 0x0)
perf_event_open(&(0x7f00000001c0)={0x3, 0x80, 0x1, 0x4, 0x2, 0xfc, 0x0, 0x7, 0x4040, 0xa, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000100), 0x5}, 0x44000, 0xff, 0x20, 0x8, 0x1, 0xf7, 0x5, 0x0, 0x7ff, 0x0, 0x4}, 0xffffffffffffffff, 0x2, r0, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0xffffffff, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:40:03 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200000100000, 0x9, &(0x7f0000001b00)=0x14)

03:40:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x5, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x0, &(0x7f0000001b00))
socket$inet6_udp(0xa, 0x2, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:40:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8}, 0x0, 0x1, 0xffffffffffffffff, 0xb)
fsopen(&(0x7f0000000000)='logfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x80000)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000080)={0x6}, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1472.112238] No source specified
[ 1472.115039] No source specified
03:40:04 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x800000000000000, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:40:15 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
creat(&(0x7f0000000000)='./file0\x00', 0x4)
fdatasync(0xffffffffffffffff)

03:40:15 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x6, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:15 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0xff00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:15 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x2, 0x0)

03:40:15 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x20, 0x0, 0x0, 0x0, 0x519, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8001, 0x0, @perf_config_ext={0x3ff, 0x7}, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:15 executing program 7:
perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80080, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = getpgrp(r0)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x1, 0x10000000, 0xf9f, 0x6, 0x4, 0x180, 0x3, 0x3ff, 0x2}, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=<r3=>0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f00000003c0)={0x0, <r4=>0x0})
r5 = getpgid(0x0)
sched_setattr(r5, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r6 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480), 0x4000, 0x0)
clone3(&(0x7f00000004c0)={0x40008000, &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000100), {0x1f}, &(0x7f00000001c0)=""/225, 0xe1, &(0x7f00000002c0)=""/151, &(0x7f0000000440)=[r3, r1, r2, r4, r5, r1], 0x6, {r6}}, 0x58)
ptrace$setopts(0x4200, r2, 0x6, 0x56)

03:40:15 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil)
fsopen(&(0x7f0000000040)='mqueue\x00', 0x1)

03:40:15 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xffffffffffffffff)

[ 1483.321080] No source specified
[ 1483.328621] No source specified
03:40:15 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x3, 0x0)

03:40:15 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x10000023, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r2 = getpgrp(r1)
r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
kcmp(r2, r1, 0x0, r3, r0)
pidfd_open(r1, 0x0)
kcmp(r1, r1, 0x6, r3, r0)

03:40:15 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x7, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:15 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7ff, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0xfffffffffffffac7, &(0x7f0000000080))
syz_emit_vhci(&(0x7f0000000000)=@HCI_SCODATA_PKT={0x3, {0xc9, 0x70}, "06892e4f9a5a6dcaded3ba8d5656a87a7a37be14c13e911376bc0d7832e6c9abefa9c634eaf8b048a72bce660c403eb72acc6ad68f6db463cb3a70653b0d5cda5838496bc15a9dd0bae9c03ba6c7d43679ade26e4df109c91a75acdb8d6aca93a2aa546ba24415d4e969ea77c6419b75"}, 0x74)
fdatasync(0xffffffffffffffff)

03:40:15 executing program 3:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, &(0x7f0000001180))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
r4 = signalfd(r0, &(0x7f0000000140)={[0x1]}, 0x8)
bind$unix(r4, &(0x7f0000000180)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r5)
setsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000000)={0x0, r1, r5}, 0xc)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, <r6=>0x0, <r7=>0x0}, 0x6000)
fcntl$setstatus(r0, 0x4, 0x46800)
keyctl$chown(0x4, r2, r6, r7)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x1100)
setfsuid(r8)
quotactl(0xc2, &(0x7f0000000040)='./file0\x00', r8, &(0x7f0000000080)="f71370a12a76ad5866b9bf49b19bdaeefeef5359a1e4671ef04ef943041798b83ce0d4c4709fef6d2771ad29d7615b5da710cc6397524528426e5b6a40")
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:40:15 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x4)
umount2(&(0x7f0000000080)='./file0\x00', 0x1)

03:40:15 executing program 6:
r0 = accept4$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000080)=0x1c, 0x800)
flock(r0, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x4}, 0x4)
syz_emit_ethernet(0x3e, &(0x7f0000000100)={@local, @remote, @val, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @multicast1, @multicast1}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0xffffffff00000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_bp={&(0x7f00000001c0), 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x6}, 0x0, 0x1fffffffd, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(r3, &(0x7f0000000d00)={&(0x7f0000000c00)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000cc0)={&(0x7f0000000c40)={0x4c, 0x1, 0x1, 0x101, 0x0, 0x0, {0xc, 0x0, 0x6}, [@CTA_HELP={0x14, 0x5, 0x0, 0x1, {0xf, 0x1, 'tftp-20000\x00'}}, @CTA_LABELS={0x24, 0x16, 0x1, 0x0, [0x1, 0x80, 0x8, 0x81, 0x8, 0x100, 0x2a7d10e7, 0x80000000]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4010}, 0x4044051)
write$binfmt_elf64(r2, &(0x7f0000000200)={{0x7f, 0x45, 0x4c, 0x46, 0x5, 0x9, 0x96, 0x9, 0x8, 0x2, 0x6, 0x400, 0x4, 0x40, 0x2cc, 0x101, 0x3, 0x38, 0x1, 0x2, 0x2, 0x4}, [{0x5, 0x1, 0x4, 0x8000, 0x3, 0x0, 0x2, 0x3}, {0x6, 0xfff, 0x3e2, 0xf, 0x9, 0x10000, 0x7, 0x100}], "dfe02f703a21acd211c73789a48e4e8b655bcd58d7b05614d69d24f71a3a085ee97e9a6693099839c32e5b2927a988e3835359714faa83019a979e9e7d44836d18823635a006d9102a689e38ce98eb8609bef679dceae88e7bc41d85bcb8592d5b64d812cf2c04c201f4094383b0d0b42e9fd3cd72e4ca87fa77adcac993ce2fa1f704c2dddfe3fde3896f21999df714dfa9b05dfcbd371b750e2f8c0d64182e90e79783894a56c0af285fdfdd18a15dc39b710a504bca6c8de22fa5adba7cb3e48c2bb8268f854e87b3786ad93a8cf213828d32edf4979781fd0735fe0414d28f468c602b8ecda440c5bfd21cb8f74d", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x9a0)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000bc0)={0x4, 0x4}, 0x4)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1483.518191] No source specified
[ 1483.525296] No source specified
03:40:15 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x4, 0x0)

03:40:15 executing program 7:
ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000000)={0x1, 0x58, "ab440231d7c04d11e821cc2202a7620d0f5d5b09e817ae2f534dc369d7d51ab5e81ed2ed44f4bcfa9a3f40dead364e1f42b339ba52cc19106271c8414ef58dd170a12f315305871ec8e1de8a2e031bee9c45b0f1696e667b"})
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PIO_FONT(0xffffffffffffffff, 0x4b61, &(0x7f0000000080)="e34c44e8e472b3df93d613eb814c038558e131490f81fa15116eb5dbaa918682044b303f0be93b1ee5e39fbe569a17f840e5a424d6c936f6595d40f66590b3")
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x2, 0x6, 0xffffffff}, 0x0)

03:40:15 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x3, &(0x7f0000000040))
fdatasync(0xffffffffffffffff)

03:40:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc01, 0x5, &(0x7f0000000080)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x9, &(0x7f0000000000))
fsopen(&(0x7f0000000040)='v7\x00', 0x0)

03:40:24 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:40:24 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='zonefs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:24 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x5, 0x0)

03:40:24 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:24 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x20000000000000, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000000000))
membarrier(0x10, 0x0)
fdatasync(0xffffffffffffffff)

03:40:24 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
getpgid(r1)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:40:24 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x8, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1492.369425] No source specified
[ 1492.370234] No source specified
03:40:24 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x9, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1492.436187] No source specified
03:40:24 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r3=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r1, 0xee00, r3)
chown(&(0x7f0000000000)='./file0\x00', r0, r3)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1492.461268] No source specified
03:40:24 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xa, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:24 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
waitid(0x0, r1, &(0x7f00000001c0), 0x20000000, &(0x7f0000000240))
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0xff, 0x1, 0x49, 0x58, 0x0, 0x10000, 0x10004, 0x8, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4, 0x2, @perf_bp={&(0x7f0000000000), 0x6}, 0x0, 0x0, 0x9, 0x4, 0x10001, 0x1ff, 0x81, 0x0, 0xff, 0x0, 0x8001}, r0, 0xf, 0xffffffffffffffff, 0x1)
r2 = gettid()
ioctl$sock_SIOCSPGRP(0xffffffffffffffff, 0x8902, &(0x7f0000000100)=r2)

[ 1492.511131] No source specified
[ 1492.517166] No source specified
03:40:24 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r1)
r4 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
add_key$fscrypt_provisioning(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, &(0x7f0000000380)={0x3, 0x0, @d}, 0x18, r4)
keyctl$KEYCTL_MOVE(0x1e, r1, r2, r3, 0x0)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000200)='./file0/file0\x00', &(0x7f0000000040), 0x0)

03:40:24 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x3f, 0x4, &(0x7f00000012c0)=[{&(0x7f0000000080)="ca7c48f37a996f0527a489010fb1bbcedeac1146000469c390a109895343c2de2bad9aa7a821e3af168865ff9b767d3376391b23a398c63e0dd47d2a19c820bd47b990c6ae05915a115a75c2d3e5028275e225d544dac72db99e9cf9e63cfdb76c93f75f6175b341b7c59665a038107a3d8be27e1b02af40711a01b6f619e176dd3f784d6d2cf55eb0c7524b31dafce4b7d088c9483bd3388b02f620d8e4d9aad1b0c84645f396f268192597392f5cbfda13a87ec8976103ca02711302a398eaf60c08fafc882620ec6c5762885fdb17aa33aa86ba480234f02f5190e96014eccfc58ee1daea06bc1271a763386f925ad3", 0xf1, 0x7fc000000000000}, {&(0x7f0000000180)="66656cb78a5d76748f03afd14504dc312bcfdbb1d3507edd53ab2c7591f2b66bbbbd47b73f5b72641a951ff5ed7b4280f166c1d9953ddcf87077f858d16024d60624a5ccced0a7e60276525394647c", 0x4f, 0x100}, {&(0x7f0000000200)="3c6b130a8df82420b27dac366d6d926d7d6fa92e39f9dc5324b2a7d347d9475a2a9ce5187cc52171bdd8827c3c9729b23805c2ebe638ee3830a3fc50c4ce484267e3d8d0eb1b92e6eedb2f6887fbe55cb3b1254bfecd9d6b97658870fabf756f92a359bce1d64d5f9cd9a25fe7359cb5a55555def9dd2df781a030f7ca9a47c0781523001876128847d174820271a3ff0a16a8eeebf114898cfc2a67d658316ed76f141c", 0xa4, 0x100}, {&(0x7f00000002c0)="7efab7532b5a7e5d86c8d862705d266bb39a50d905a6a9d77c6fc9880ac16384f96e28eac8edb31b29280a0db8a25555037ded93429b92b8a775ad0f34e55b933c07b92f70ddc2fab0d746dcc98db82e5aa28d006615d99bb514ab65b14250b2c77ac43eac713aaf16fa34d16d4b8ae37fb39372e63239d043833096e690d281e181ef7b0e4cfba1e2c4bde83b0cf8b658bbcc4afe43d0c063630700516144095494f647f93eea2b60dd65ccf05ea44aadd12a377bdfdfea9bc684a7941cf503f11fd7e445e51181783ced98ad54e0ebcab3b7b75596c6f8fa93231062160e3642e7b5ec6d73d4c76bc1436343b62b538b3beb3bde4e33f0e112ed6d66a7fb189f9e77616e617d35cf5b180d0df3559b8bfdc34eb42e2580ce99cb7cfb5a533273ad97d9002692152fdef72963216b972e802870edfddee36cba126a21a5711be3e458d89afead03600bae1ca18fb8d479a1640f395f0f3640ff3dac48811815a5cf3191b0385add78e7407b416216a031a4cd6f6a21022d6682b5f218258ae555e3cd2991db20b512c3749658bf26105ddaf26774661d5cc5b9cbe28d08dac95d3ebd429d52d8343d5b08588787e1ca53f9d1615a04cbe24f8190e37827cb12dd1b4e99e0a918d9c7eeea364e6864cf4a4c4973c95e61d6a3e9fac61b2a9077147cecbd7a407cffe633c3c70db2dadc7e854f98c43e5eef5a52b01f92ab3d2739e8ef9d612a4d018e4daa52f6d6a2bb8d0e311aba2a4353832ff8f2af6dda8b3741a219a3932802aec51a6badf325ed7a3326acfd003e0827b725c99de624dd3a2e8b3e18dbe8d0f7f5460f94897bca4c51bcc7ecb6a872e33ebce297297237ce31f58f69b7bc95ff1962ad096feccbaff6a937385910d74d426f4a3da4e6100f598f965d1e3c2c55708f6e946e7a8d6343770fc42394c72ac0d3a97bb4536317170a62443660cd330c95946f4536356beb3f245777ee8e48e9c0b99bd839a84417387dd294b4e1dc8352fd2e020a4bc5718d34cc197a5c5cf785d0c721e945503ac758bfc5ff439b60d135d314e1e833e1c7eb004a00e062ee33152951bb2f7175cc49d6ae69bfcdc01ea07d37f6eaf8631f6a7c4014e8c712f43f6fecd993da64f377ffccacbb9071c8a6469058a53feff9f7af6a8b2296d1d67c82bb2967d52f20941fd1c8aaca6b1a697fc93ab019266a698c4ccbcae2e563acb690a11b68c3b32a2869ec78cdfb4bcad5edc4fe349280aabe8f388a2fcb955d085da2607947cfa95dcb6e3fb5446bd36ca83b159037ca7c933b02a8e768dab11305895e72bc1b120e7127f4d3d8dc74383488cd047b2644c1546da1cc71b9de15875bdc059d7def5db25566758964021cb1796a4d1287a39ed5c11a6492756b23b8e8602e939a1e10ecce8c1fd18ede90ee32472042a13bbedc21c5fd66435f3daedd3e27f123653ed87f3e3b6b47ba9c0a1b0e2942d7264da191b9415da396c84949d40546fdff139519dcd6b14943a8d3bb23df24d7bdd561a24fa48a37e3d1d7076d212bac73382c6a72565a99e32f5d97a8ec24c8e4d27ec122fc7b8aad14bcf1739808c3cb93d94e59178d375983584b2e2a9ade6e546bbd6fa7c6eefb37b078fb3fd7ab243de691e650493742512d4b1c949ff3ccaa9cd495f7db0e09ba908676441b75e3587c0bfa9d2e776f3a8fcfd6b02e8308c8b6e40a338fba749dab6b57fefa0b90fc7eea6dba2f1fc24d02530bd2aed4b6486d89a2a8e5d3a1a602c288c4dca8e4c1db02178af40009da9e454ca4a6a35e42a4b4f94df27a0992e351495e2ba5e6721faa54d192fbb2a574e3482a66157bdc2c67c727fc24e292d5b3602561c0a9bb01836e3d935bd199d2940f45927bc9198ef176d35c82106592190c5da77c9682d4a53db076bf0bf7b2bf3a4ee917acbd390ccd61896fc234ea8c081eb96d9f933c3e8ee21a1b07e50ba6e9d7b7723f0ca8c2156c0ccda6455cec25921d11de3a01274de06f6d348b9055b7ea38ce5a8ec90928b826c6b9fd7a95204cb433139e73479f0012458dd2f4419f9cae8502302346eedf00db2effdcaa389a6358ac71b52eb2067e5a906262a9a0e97ea4ca1f34081938508d2720f062cc52a1583181b6ad3fe713b83f4ae21852bf8f593b1fc383e97f65a5130f63fcb808c0b8b1d0699987d12967b33e1ab056c5856f673be0c177c68a71103a0050e8e5a855722d3192dc508bfe41940b400072ac045e7f7c1ce800b2ff7e898133c3a2e0b18bb6e71a1148623a13fe97d93a4effe33b73a499a2a3f3d5fdb9d4f1e62b724f55853c774838a8440bcd50f8b64af5dfbb4024f57fec85b1e4502fdfac2fd4b686d4268499c7b54f75790180cc4a69dbe73fdc50cbd818533e0b93fe77e396ac0786f93b5f835109f51695238244149805915f95431a8bc05a4ac368d9a85f7a18dc7e7d5d7c165a5e874b0ad5d279d1ad182f25d678f47a9140da5de97794a3e1b1b11b58636f93de556b0cf66b456e02ce554ca41af51c73d0d0595c6e3572b1b82bbd2117f7d5e0a3df3aace68cc88168b474cc178c9e055eaa72af50d1156be5254d7ca6e54dbf138d0c2297b95e9ee0b6d43bc1242da543569305dd1a91c63a8194a6dc01bcd91dcfced76a463ef3306ae16804c36cccf650e03865f4e5565a1df96b359ea67a719c1d1b4d41ed2c81ec049e445d8bd6e180b11e180a9f9abdc493321347574ab7e53e253eaa9dcf14c69c58f54ac5b407930ddd74c6005dbbe51a014197234af0cbce4d61fa436a4093c69de9f3133edfa39d413bb2b32c41cfee785e3592a565f0ad3f901a9f86c19e94e96949bda0ba74719df3e4570cae3f7c0645e52806229692482246ef31aabbd9d37f2a289058ea8b58ab9e590c7515f44db76082ef681170f50af338a3d5fe199c22f226d5bd4e18d40f3f393a3796667a4b711c0067084a5b2ef49b34a0ee3f85cc330c6daf76595ec4efebdf558df5bb4e7a6377885ca953943656b089be6b140c8215cc3d1987d79822f70f5dcaf2b2916b76aae7a7a6a6bdd55b20361b94bff5a6afe07bc28502c4a2b41b5e13c9552a439e1fe2228123cb1d691e17d9ac93e512c6e0cceaa8e105f03654b72fd7e5ba305dc44be0cd5cdd580173025587bef51795dc1fe1b2fabfb050c9a7b7dbfe452dffe18fd85ae8361b6ef451374fdbfe0f19e3d4449cdd1447a174ac46385b9fb9be37a13b41bb07cecb97e9ff0b541e9823349a200d76dfce4d762ae61b5d24881f3f267c6dd06d44a4ea6c0b590ed977baccb3d1ea1855840c1421535c95b37c50ad20c723ea4ee1ed51695c6ddf6ec6035cdbc5f1c2f0d1d64ce5bb47a3f45f1162d8bb6cc4a433f2ba35a23210b06bed3448e1b8178807e80edc47df820be163b8ac78c56e6360a45fc4d1960a3f3071d4545957f677d241414684973aa44365c36d87e51dbc224195d2324e8a7958e9e27676285e3d5ce3a4a0ab808995a2ece3b09ac2122743e367be9897dba826fd54142c193250c2ae5c90fbc0bc5d9b9106793cfcff3caddcd1b6ab56205bd104e06140f772f3d6b62bb8e46962225559d1c91269db87b217b53a499e2da5656ec5caaf19b582072c877d03014cec42e31300686d6e7022388d09f083045038c7ffe3c3bda8822070e6ba5b83b7446b1c1fbd60107b33f40bcdb3b63dc5df701d0b21916517cfa5ed9b91e662b2c597cd25f26d0d1309e0038008bf8fc6cd1df06a4c64141763fd4067d02aefe970335b5545b9d6c20ac0abbd0cf5e3027531b62006c44dd5ad9c9adbf62a4ce27b5b30d9dc9fb586ea1307e12f8509646db1b11439c6e5aa0ca8029622c8ed9d04ddcf713e1fc9bd95940d6d620bbf8d0baa6e2afd37715a351f534131b14b29471ed1e4fcbbd2d608abe3e47825bab6630d7b0cc9ff3ec1a1f0c83ae57f018063faf0e603e363c28f5df4cd0565784e75e93625bb72f46fcbbe06cfe5112e595e0229b9a6970bf60d847b2edc04c1f763811f02f4b2632d1fc0ecdf45e4efc9324f1956d83dacf4c4f014c11d093682c75e4ff0645a3d25c3d468b713eb11dc7e9da7bf46634d6ce59b3dd69b9c3b814be8cc674600e3ece257562e67231cb34fed5d16e6ba34815b07e8ad732938c8602bff0f2630d22c4717d5cd11688b967fc6dfd6e82aaf9bb79aee0437630abaa87fb80b9ece61a657c060ec9d7628fec47e1389d0a68b89ddfe62373855d89d09f2111852f63752c47da2e9b4418ecb6e6e631aa2c2a5d5bbda7e1713c8bb8a59b8f3253e53b14aa849ed2969105f5ff9c8d0e993ae1cfbe3e3859b6c340a7bd94ddc675d2b41a11f7201947986ee0df162cde6c07e851bb2af25c5687cecd7805b573ee6bfca5cb9bce00c2a9cc11f92f588983ff1b19fdafb92a38b9b054b9a36307b96cfafa0ca7a1ccda6866c59d7202f1903ce35c5d7db8aa201b219b741ec63716e5f18cf741222bada9de927c32ffcccd0b46e540f1be55f1feb276cec16ed40daa363b6a2cceea308f7e17d347c4abd6f37ac052152e589834e2e6a079cd201684d417e41a53680ea9a16cf5275a5ab79ace26a865b4168ab2c3df51cb4e860ede5bdee871e663361283e49d0644857d129b94213703bafdf984303fd258f69dff098537256b575425faa37e68992d0c4f4d99c5db02b1caf7274cc10abdd09af795829a4e579a8635ad20f58a8be1a8726e8d6352cdf63a03913f9b8608cca1e32d9ba3b06f15776b3a633f6514053f9b996d2089ca15931e553242c0e0251987eb2538fa33677228d1c69458b1d335ffa923efdbf4822331ed5e1430e46eb8bf73d0184ddaa6fb4300c77ba6ba609087a562654f040febf9c944da9e231f17e33e18d15fbfb2a440eb459bb066dc57e869827a7b68d0bac3f79a8db846daf17ad5d6fda890af874942bad08ae5b1964b5ba27197e7bd21d251b62b81eddebab5d98c4c1dc89a98bc8e08ce379cace1a226619f66fcbd95c9af19f75d0736f87a4550059e83d4d186a2fc2c9ddfc77948e8b4fed615aedd84c1a53b69e95309e269a315dbe9cc993d770384b2434aeaf3b033628061db2fe3bf8db016ac11111be78ad54d81594a52e0582681b7a2f8dc3079495ba1d041f323effece9777ea6ab033f1bf5c60a6990444dedfcf89600b5799636153ea3ab2d08f5b622f27a5fa09cb1b1ff54c2a8212cc64310f4076a1013f0b1aaa212eca1078cd311aa8dc9d2d60fe235fc6a9b81bb2642327b71e330d2bb89a79e87c5495a4f90ec8204952d2663a2c4843492199951c90b9e707e4d73344a652c0bab8e4c6c9a6b1fca787d852f393c39566f064dde91b4ebad9f1ab1a7e0a63ca894b334cda3d0baa5727dd908e5e412d4d03d18261cbf8ee3a634aa77533e72c09b47d5365f9bde64c5d50cccf424e14588ee1b6cc95b490edc8190208c9e2648f5d0cd8dec348422936d298a548f3a7fdb3c85c94049c1923aca018c1e9088f42ce93103a7f7855a1f261779eb4b2f5f64c96924897eba3c72804761ef4711757cdd5d55f8cb05a70f58df1d7cb0bea1fd7e3c619e743d7aa14877d2de9162f4fcbb1be426d0db123943cb4ef6a20119c692d5fdde1364a3465fa5deab838e2d50efa6e735458414ef9583625fbf1fc114e2b29fdaad1fe1fe286c2422ebe6b75268fadc5f10f72968bb4ff812f5d5e13cb70606d841752844cfa3d91f7a3bf9f30354f7c1c3a669e081a8c7a3dbd181b7490df0d31095382b0ba580bf73f0bf134ae6f3ab896fa69104a484", 0x1000, 0x1f}], 0x2000080, &(0x7f0000001340)={[{@map_normal}, {@dmode={'dmode', 0x3d, 0x6}}, {@check_relaxed}, {@check_relaxed}, {@mode={'mode', 0x3d, 0x1000}}, {@gid={'gid', 0x3d, 0xee01}}], [{@fsmagic={'fsmagic', 0x3d, 0xb06}}]})
fdatasync(0xffffffffffffffff)

03:40:24 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:40:24 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x6, 0x0)

03:40:24 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x4d, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x8dc46ba9ca233242}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffcb1, 0x0, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
sync_file_range(r1, 0x9, 0x100, 0x1)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1492.645992] loop4: detected capacity change from 0 to 264192
[ 1492.652926] iso9660: Unknown parameter 'fsmagic'
03:40:34 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x7, 0x0)

03:40:34 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x2}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:34 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='./file0\x00', 0x28200, 0x2)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
io_cancel(0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x8, 0x5, r1, &(0x7f00000001c0)="d417cceb13de786562d4a67cbe71f008bbe9cb9ebfdeecd4d4de42760f501b1b5fbff578cb0c479deffce5aa49d0609a51c83c538dc224f68c32c0685b5342e5353ef6d386c7a135f83eb942bab258656503f81c8666237b126318559826f87f9eaffc147910547993469fc88b55a34eb5cae3d09a76093fda7d1d7c506970d1378ce5e38cfcbdf758ec281d3501609080573d94a6fa01f885d5895321fc109db107fa8d77b3c1b048c8dceeba1d057308d1d88c05f1141ff282241b2455e61a135b04e9528bd5724dfb5bcd43afcb2b3f430f8e9f", 0xd5, 0x3, 0x0, 0x2, r2}, &(0x7f0000000100))

03:40:34 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:40:34 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xb, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:40:34 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfff, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='devtmpfs\x00', 0x0)

03:40:34 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x69, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x4}, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x3, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x3, 0x81, 0x0, 0x4e, 0x0, 0x1, 0x8400, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x80000001, 0x4, @perf_bp={&(0x7f0000000000), 0x8}, 0x3010, 0x200000000000, 0x200, 0x9, 0x3, 0x4, 0x2, 0x0, 0x8, 0x0, 0x80000000}, r2, 0xd, r0, 0x0)

03:40:34 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x10000001, 0x5, 0xffffff5e, 0x6, 0xa3a, 0x80, 0xffffffff, 0x40}, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x80)
fork()

[ 1502.825396] No source specified
[ 1502.834080] No source specified
03:40:34 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
fsync(r1)

03:40:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1ab5d5f8, 0x4, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:40:34 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:40:34 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x3, &(0x7f0000000000))

03:40:34 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x10, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:34 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x8, 0x0)

03:40:34 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x3)
fdatasync(0xffffffffffffffff)

[ 1503.027823] No source specified
[ 1503.031614] No source specified
03:40:44 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x3}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:44 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xe26e2b8, 0x69}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:44 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x0, &(0x7f0000000000))
mlock(&(0x7f0000ffe000/0x1000)=nil, 0x1000)
madvise(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0xe)
fdatasync(0xffffffffffffffff)

03:40:44 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:40:44 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200, 0x1)

03:40:44 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x300, 0x0)

03:40:44 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x300, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:44 executing program 2:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000500)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r1, @ANYRES16, @ANYRESOCT=r0, @ANYBLOB="4d4a38a0bedb008deb672f03e10a20d4353e1fbe97d49305d2c5a06f6728ca4db9fea743a3ea6165fba1c84bfc3da397a5d0ac88aafe87ab856deb7642fbd1cf8ddc48994d3405fb25e5c569c010af9fd73f4ae5cdb871a871520dc624f2546d22b661267540a88d3cacf65bd5d6404f50979582bd8f89cac5cfac337d62436d20becadb9a7f52a85f95a0e8f3b3b5828a139f2665484bef5b99154166823879d7d98f6689eea5856e2282fa561ea4754f53"], 0x30}, 0x1, 0x0, 0x0, 0x2006c004}, 0x0)
ioctl$sock_SIOCGIFINDEX_802154(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wpan3\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000240), r0)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_802154(r5, 0x8933, &(0x7f0000000180)={'wpan0\x00', <r6=>0x0})
sendmsg$NL802154_CMD_NEW_INTERFACE(r5, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000240)={0x24, r4, 0x400, 0x0, 0x0, {}, [@NL802154_ATTR_IFTYPE={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}]}, 0x24}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000002c0)={0x5c, r3, 0x400, 0x70bd2e, 0x25dfdbfc, {}, [@NL802154_ATTR_IFINDEX={0x8, 0x3, r2}, @NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x2}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x3}, @NL802154_ATTR_WPAN_PHY={0x8, 0x1, 0x1}, @NL802154_ATTR_WPAN_PHY={0x8}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r6}, @NL802154_ATTR_IFNAME={0xa, 0x4, 'wpan1\x00'}, @NL802154_ATTR_IFINDEX={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x240440c1}, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r7 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r8 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r7, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r8, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="1d00060005"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r7)
syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000200), r7)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x101, 0x245, &(0x7f0000000080)=0x1)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x559, &(0x7f0000000000))

[ 1512.893812] No source specified
[ 1512.897102] No source specified
03:40:44 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x500, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:44 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x7, 0x0)

03:40:44 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x100}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000000)='hostfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:44 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000000)="94e42ddb84c9682cba789d62cbef1cd769c1cd287f829bda1e2377ad8ed97f2e3ded5417613a7cac00a2b407c1824344da1782ce3efb1bde860e1be5", 0x3c}, {&(0x7f0000000040)="2a972a3d34899ab33d316f426296ca11989ddc56142b66526e474544a882d8ad9bafff4afaedf40538eeea2d69e375a1338e4904852ec09faf366285c76605b982e2897654e60f1d1d25f939bedd6544a40080c05c761c1e026d050df33ad431f4f8ba28985f7ee0071e9ae61c79e735910b97bf0835eff4776a29bb8bc0f6c7ece67b0c2d8bdaf32d3e4346d306751a7a03ddfd500d220d9de3975e183ef963be9a878df1c0193aa6145c33e851", 0xae}, {&(0x7f0000000100)="e57c84fb1f", 0x5}, {&(0x7f0000000140)="c3ab38730beab5291b40a292058b96ac8d08e5e70ad51ce9355fe9d5eadda886a86a363e60492b7e76ddfe47c9c7f96db8af856ba94af463550dc96651a406caa2a2a3cece54574122ed7b26149da0fa89099d4935c6219660dcaf51231f1d169cf18f0477797db0734bfc371354d37690322bfbfbead289fbc0f67363a943fe4ae4bf0fa59b7ca80bcfbe2ccafd6479ceb19d7eba6959b144a52fe03568b8e5c001caba75267235781116f98881c29fc2e0f6cc0784ba259f82", 0xba}, {&(0x7f0000000200)="642265087bd1cd723fdc1375c64c0323b5ec1ac3db20baf664479b778dc202980120462b558bf8e4dcd3", 0x2a}, {&(0x7f0000000240)="e09c9507a92d980200f5320bd55d584f40d72851e4951b703ad447ac9d50e689eb9ee3ca05f29408e43f1f8b07d5ec3aeffbf5123e3acc19188a34f7ebc56262d99fb8fd6cb1ab41cdf31c55a36949d5644d80e3bdc618abd48d8eab877863f70d323d927c67d3b749c41ad3e71829788087755f3c61cefb979408c903b57a8db7331a8c4bd78e3a545af39451e77241737bbaae2ef19907e0bad47a1910774fd758aedf5543a0ffec8191e8df56bf8e9efd28e5dbea88ea9674", 0xba}, {&(0x7f0000000300)="f0db81d9b87ae8a5ea540364618586bf0f12ce264260daef09e4068978a5b4206a25e97d17c2309c114f36e5b54314736b5c7a4c7ac4c364237d48a386bfb0e62a25eee1a911b61e463f6413685d2980d44c421756b9b30a1633a5f63ac964ffce1880e7a0550959032f018cb3bc7d3ea9e7a691208dd842701c5094a536e777ee51f9677bd6e8407d7d12ec1e004e72eea360b2", 0x94}, {&(0x7f00000003c0)="9b4f48095a0ced7f143ef1d7c72467bb89d2234b93257fe3b16cf4e8f32dc12b4c3f130b2b55aecffc0259cb0b86130b0bc969b4e2a16a25b338156463a111c312f342c578b4a41f12c7c471883c43b41be6a01f738a04c9de6f1e40b629fcb5aaf7e644cebad5e82a02433bb4b39bc8e065f42534cb3b1bfff4cc8bd2fdd798fe41dbe308dbda0337335a0e063a963351803c10028463783e1c2a1c5de0c0052ee7f50f458a50bfbc7f3b1ba61677293c32d41ac65df018612bcf54ce1611c99bde47091f89", 0xc6}, {&(0x7f00000004c0)="f9e6633ba0d87b52cdf72972febf848a9f50424f1204776f627f01cffff39890b37034a9b4d57af3054c3c0b8b0a7e83ee7b14fbff7cf62e6bd2090ad1fbd41af3a984fd48ee6bf3345249fe8d18c2dc6d8d32aeef764b51a4425d1fdbd2", 0x5e}], 0x9, 0x6)

[ 1513.000021] No source specified
[ 1513.020254] No source specified
03:40:53 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:40:53 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = fork()
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x1, 0x44, 0x2, 0x60, 0xcf2e, 0x7, 0x3ff, 0x5}, 0x0)

03:40:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1)
r2 = fcntl$dupfd(r0, 0x406, r1)
r3 = syz_open_pts(r2, 0x501000)
fdatasync(r3)

03:40:53 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:40:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x500, 0x0)

03:40:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r1, 0x0, 0x20, 0x0, &(0x7f0000001180))
lsetxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f0000002140), &(0x7f0000002180)=@v2={0x3, 0x2, 0xe, 0x900d}, 0x9, 0xa66095c38c793cc1)
recvmmsg(r1, &(0x7f0000001fc0)=[{{&(0x7f0000000000)=@pppoe={0x18, 0x0, {0x0, @link_local}}, 0x80, &(0x7f0000000400)=[{&(0x7f0000000080)}, {&(0x7f0000000100)=""/32, 0x20}, {&(0x7f0000000140)=""/63, 0x3f}, {&(0x7f0000000180)=""/131, 0x83}, {&(0x7f0000000240)=""/174, 0xae}, {&(0x7f0000000300)=""/224, 0xe0}], 0x6, &(0x7f0000000480)=""/8, 0x8}}, {{&(0x7f00000004c0)=@hci, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000540)=""/111, 0x6f}], 0x1, &(0x7f0000000600)=""/197, 0xc5}, 0x16}, {{&(0x7f0000000700)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @empty}}}, 0x80, &(0x7f0000001b00)=[{&(0x7f0000000780)=""/4096, 0x1000}, {&(0x7f0000001780)=""/239, 0xef}, {&(0x7f0000001880)=""/14, 0xe}, {&(0x7f00000018c0)=""/164, 0xa4}, {&(0x7f0000001980)=""/141, 0x8d}, {&(0x7f0000001a40)=""/140, 0x8c}, {&(0x7f00000026c0)=""/4096, 0x1000}], 0x7, &(0x7f0000001b80)=""/39, 0x27}, 0x49}, {{&(0x7f0000001bc0)=@pppol2tpv3, 0x80, &(0x7f0000001d40)=[{&(0x7f0000001c40)=""/235, 0xeb}], 0x1, &(0x7f0000001d80)=""/229, 0xe5}, 0x2}, {{&(0x7f0000001e80)=@nfc_llcp, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001f00)=""/74, 0x4a}], 0x1}, 0x2000000}], 0x5, 0x400000e1, &(0x7f0000002100)={0x77359400})

03:40:53 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x600, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:53 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x17918, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd6, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:40:53 executing program 3:
keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/175, 0xaf)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x80, &(0x7f0000000180)={[{@mpol={'mpol', 0x3d, {'local', '', @val={0x3a, [0x3a, 0x2d, 0x3a, 0x39, 0x38, 0x31, 0x2c, 0x32, 0x33]}}}}, {@huge_advise}, {@huge_advise}, {@huge_always}], [{@audit}, {@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@pcr={'pcr', 0x3d, 0x9}}, {@fsname}, {@euid_eq={'euid', 0x3d, r0}}, {@subj_role={'subj_role', 0x3d, 'keyring\x00'}}, {@dont_hash}, {@euid_eq={'euid', 0x3d, r0}}, {@func={'func', 0x3d, 'PATH_CHECK'}}]})

[ 1521.945211] No source specified
[ 1521.954260] No source specified
03:40:53 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x700, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:40:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x600, 0x0)

03:40:53 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(r0)
move_pages(r2, 0x2, &(0x7f0000000100)=[&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], &(0x7f00000001c0)=[0xfffffff9, 0xffffffff], &(0x7f0000000200)=[0x0, 0x0, 0x0], 0x6)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r1, &(0x7f0000000000)={0x38, 0x1, 0x8, 0x9, 0xb85d, 0x8, 0x1, 0x2, 0x8}, 0x0)
sched_setattr(r1, &(0x7f0000000080)={0x38, 0x6, 0x40, 0x10000, 0x6, 0x0, 0x4, 0x7, 0xffffffff, 0x9}, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x0, 0x38, 0x8001, 0x8, 0x3ff, 0xb28, 0x6, 0x7f, 0xe6ef}, 0x0)
setpriority(0x2, r0, 0x101)

03:40:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x200)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:40:53 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r2 = signalfd4(r1, &(0x7f0000000000)={[0xce]}, 0x8, 0x80800)
inotify_add_watch(r2, &(0x7f0000000080)='./file0\x00', 0x40000400)
read(0xffffffffffffffff, 0x0, 0x0)

03:40:53 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xaa80)
ioctl$TCSETSF2(r0, 0x5437, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

[ 1522.090170] No source specified
[ 1522.093145] No source specified
03:41:02 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x966c, 0x5, &(0x7f0000000000)=0x1)
fdatasync(0xffffffffffffffff)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
getpid()
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r1, 0x10e, 0x5, &(0x7f0000000080)=0x9, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7fffffff, 0x100000000, &(0x7f0000000040)=0x1)

03:41:02 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
r2 = getuid()
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1100)
setfsuid(r3)
newfstatat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x4000)
fstat(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f00000003c0)={{}, {}, [{0x2, 0x0, r2}, {0x2, 0x4, r3}], {0x4, 0x6}, [{0x8, 0x4, r1}, {0x8, 0x1, r1}, {0x8, 0x1, r4}, {0x8, 0x0, r5}], {0x10, 0x1}, {0x20, 0x2}}, 0x54, 0x3)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@broadcast, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f0000000000)=0xe8)
getresuid(&(0x7f0000000080), &(0x7f0000000200)=<r7=>0x0, &(0x7f0000000240))
setresuid(r0, r6, r7)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:02 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x900, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:02 executing program 6:
r0 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmsg$inet(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x0)
accept$inet6(r1, 0x0, &(0x7f0000000000))
read(0xffffffffffffffff, 0x0, 0x0)

03:41:02 executing program 2:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = socket$inet6(0xa, 0x3, 0x8)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000040)={0x7a69, 0x3ff, 0x7, 0x1, 0x7, [{0x7ff, 0x8446, 0x0, '\x00', 0x4}, {0x8, 0x100000000, 0x2, '\x00', 0x2000}, {0x338, 0x5, 0x9, '\x00', 0x1283}, {0x9, 0x3ff, 0x7fff, '\x00', 0x2}, {0x74, 0x9, 0x0, '\x00', 0x100}, {0xffff, 0x4, 0x3ff, '\x00', 0x807}, {0x80, 0x6, 0xfd3, '\x00', 0x3882}]})
read(r0, 0x0, 0x0)
r2 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmsg$inet(r2, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x0)
setsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000340)=0x3, 0x4)
setsockopt$inet6_group_source_req(r2, 0x29, 0x2c, &(0x7f0000000200)={0x1f, {{0xa, 0x4e24, 0x90c, @empty, 0x1f}}, {{0xa, 0x4e24, 0x88, @dev={0xfe, 0x80, '\x00', 0x21}, 0x1}}}, 0x108)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r4 = memfd_create(&(0x7f0000000000)='(\x00', 0x0)
fstatfs(r4, &(0x7f0000000040)=""/166)
fremovexattr(r3, &(0x7f0000000380)=@known='trusted.overlay.redirect\x00')

03:41:02 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x700, 0x0)

03:41:02 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x5}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:02 executing program 7:
r0 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xf1, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x1, 0x20000000000, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x200}, 0x0, 0xfffffffffffdffff, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)
perf_event_open(&(0x7f0000000040)={0x4, 0x80, 0x80, 0xff, 0x40, 0x3f, 0x0, 0x80000001, 0x80, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x9fe, 0x1, @perf_bp={&(0x7f0000000000), 0x4}, 0x4810, 0x1, 0x4, 0x1, 0xfdd, 0x1, 0x1, 0x0, 0x7, 0x0, 0x1}, r1, 0x4, r0, 0x8)

03:41:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000040)=@nat={'nat\x00', 0x19, 0x6, 0xa44, [0x20000100, 0x0, 0x0, 0x2000055c, 0x2000058c], 0x0, &(0x7f0000000000), &(0x7f0000000100)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{0x9, 0x80, 0x6000, 'vlan0\x00', 'bridge0\x00', 'netdevsim0\x00', 'gre0\x00', @broadcast, [0x0, 0x0, 0x0, 0xff], @multicast, [0x0, 0xff, 0x0, 0xff, 0xff], 0x10e, 0x26e, 0x2a6, [@physdev={{'physdev\x00', 0x0, 0x48}, {{'vcan0\x00', {}, 'veth1_macvtap\x00', {}, 0x1, 0x1}}}, @m802_3={{'802_3\x00', 0x0, 0x8}, {{0xff, 0x7, 0x2}}}], [@common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x9950160, 'system_u:object_r:tape_device_t:s0\x00'}}}, @common=@AUDIT={'AUDIT\x00', 0x8, {{0x1}}}], @arpreply={'arpreply\x00', 0x10, {{@random="0ce8d894e6af", 0xfffffffffffffffd}}}}, {0x3, 0x20, 0x6000, 'veth0_to_bond\x00', 'veth1\x00', 'ipvlan0\x00', 'veth0_macvtap\x00', @random="c0227421a805", [0x0, 0x0, 0x0, 0xff, 0x0, 0xff], @broadcast, [0xff, 0xff, 0xff, 0xff, 0x0, 0xff], 0x9e, 0x14e, 0x186, [@pkttype={{'pkttype\x00', 0x0, 0x8}, {{0x6, 0x1}}}], [@common=@nflog={'nflog\x00', 0x50, {{0xff, 0x8e7, 0x6, 0x0, 0x0, "ee900c738b697be3a09d00c79c690be6f84b4c92ec1ec4f9b3830768894c8c922c647c651b9381930c09f5527166e197476fb328df485725b1fb030932d6327c"}}}, @snat={'snat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, 0xfffffffffffffffd}}}], @arpreply={'arpreply\x00', 0x10, {{@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, 0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffe}, {0x0, '\x00', 0x2, 0xffffffffffffffff, 0x2, [{0x14, 0x1d, 0x9, 'veth0_to_team\x00', 'veth0_to_team\x00', 'veth1\x00', 'lo\x00', @multicast, [0x0, 0x0, 0x0, 0xff], @multicast, [0x0, 0x0, 0xff, 0xff, 0xff], 0x9e, 0x106, 0x13e, [@pkttype={{'pkttype\x00', 0x0, 0x8}, {{0x2}}}], [@snat={'snat\x00', 0x10, {{@remote, 0xfffffffffffffffd}}}, @common=@CLASSIFY={'CLASSIFY\x00', 0x8, {{0x4c8}}}], @snat={'snat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x3d}, 0xfffffffffffffffc}}}}, {0x11, 0x1c, 0xf5, 'syzkaller1\x00', 'bond_slave_1\x00', 'gretap0\x00', 'tunl0\x00', @multicast, [0x0, 0xff, 0xff, 0xff], @broadcast, [0x83b939b50d35aa86, 0xff, 0x0, 0xff], 0xee, 0x15e, 0x196, [@cpu={{'cpu\x00', 0x0, 0x8}, {{0x1, 0x1}}}, @nfacct={{'nfacct\x00', 0x0, 0x28}, {{'syz0\x00', 0x40}}}], [@snat={'snat\x00', 0x10, {{@local, 0xffffffffffffffff}}}, @common=@mark={'mark\x00', 0x10, {{0xffffffd0, 0xffffffffffffffff}}}], @common=@dnat={'dnat\x00', 0x10, {{@empty, 0x10}}}}]}, {0x0, '\x00', 0x4, 0xfffffffffffffffe, 0x2, [{0x5, 0x44, 0x809b, 'ip6gre0\x00', 'xfrm0\x00', 'macvtap0\x00', 'batadv_slave_0\x00', @remote, [0xff, 0xff], @local, [0x0, 0xff, 0xff, 0x0, 0xff, 0xff], 0xce, 0x136, 0x16e, [@arp={{'arp\x00', 0x0, 0x38}, {{0x0, 0x805, 0x4, @empty, 0xffffffff, @dev={0xac, 0x14, 0x14, 0x3b}, 0xff, @random="9a8653fe2c55", [0x0, 0x0, 0xff, 0xff, 0x0, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, [0x0, 0xff, 0x0, 0x0, 0x0, 0xff], 0x89, 0x93}}}], [@snat={'snat\x00', 0x10, {{@multicast, 0xfffffffffffffffe}}}, @common=@NFQUEUE0={'NFQUEUE\x00', 0x8, {{0x1}}}], @snat={'snat\x00', 0x10, {{@broadcast, 0xfffffffffffffffd}}}}, {0x11, 0x8, 0x9000, 'ip_vti0\x00', 'hsr0\x00', '\x00', 'tunl0\x00', @empty, [0x0, 0xff, 0xff, 0xff, 0x0, 0xff], @random="35e2dd1ecd37", [0xff, 0xff, 0x0, 0xff, 0xff], 0xce, 0xce, 0x116, [@arp={{'arp\x00', 0x0, 0x38}, {{0x321, 0x8705, 0xa, @multicast1, 0xffffff00, @multicast1, 0xff000000, @remote, [0xff, 0xff, 0xff], @multicast, [0x0, 0x0, 0xff, 0xff], 0x110, 0x11}}}], [], @common=@RATEEST={'RATEEST\x00', 0x20, {{'syz0\x00', 0x7f, 0x3, {0x8}}}}}]}]}, 0xabc)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1531.115182] No source specified
[ 1531.126169] No source specified
03:41:03 executing program 4:
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000000040)={{{@in=@dev, @in=@dev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r0=>0x0}}, {{@in6=@private1}}}, &(0x7f0000000140)=0xe8)
stat(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r1=>0x0})
stat(&(0x7f0000000240)='./file0\x00', &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, <r2=>0x0})
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1100)
setfsuid(r3)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r6=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r6)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
mount$9p_unix(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='./file0\x00', &(0x7f0000000580), 0x200080, &(0x7f0000000a80)={'trans=unix,', {[{@mmap}, {@posixacl}, {@cache_fscache}, {@access_user}], [{@uid_lt}, {@hash}, {@audit}]}})
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r9=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r7, 0xee00, r9)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000300)={0x0, 0x0, <r10=>0x0}, &(0x7f0000000340)=0xc)
stat(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r11=>0x0})
r12 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f0000000440)={{}, {}, [{0x2, 0x1, r0}, {0x2, 0x6, r1}, {0x2, 0x2}, {0x2, 0x3, r2}, {0x2, 0x3, r3}, {0x2, 0x4, 0xee01}], {0x4, 0x2}, [{0x8, 0x5, r6}, {0x8, 0x1, r9}, {0x8, 0x3, r10}, {0x8, 0x7}, {0x8, 0x4}, {0x8, 0x1, r11}, {0x8, 0x5, r12}, {0x8, 0x1, 0xee00}, {0x8, 0x1}], {}, {0x20, 0x4}}, 0x9c, 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x2, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:41:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x80000, 0x0)

03:41:03 executing program 3:
ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_CLIENT(0xffffffffffffffff, 0xc0bc5351, &(0x7f0000000000)={0x2, 0x2, 'client0\x00', 0x4, "6cb596dfedf2d136", "5c2015393440ed77c12dee4955d0b0913e6f1c533305308bfa2c533118a094ce", 0x15, 0x10001})
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1, 0x7fff}}, 0x0, 0xfffffffffffffffe, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000000), 0x100000001, 0x4c8800)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)

03:41:03 executing program 7:
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1ff, 0x1}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, r0, 0x0, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:41:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xa00, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:03 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xaa80)
ioctl$TCSETSF2(r0, 0x5437, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:41:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0xf9e78597793ebbe9)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:03 executing program 4:
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x6000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffffffffff00, 0x8001, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:41:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x90}, 0x0, 0xd, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(r1, 0x4008240b, &(0x7f00000001c0)={0x0, 0x80, 0x4, 0x9, 0x5, 0x6, 0x0, 0x316, 0x1000, 0x9, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, @perf_config_ext={0x9, 0xe46}, 0x4, 0xa1, 0x9, 0x5, 0x2, 0x400, 0x6, 0x0, 0x9, 0x0, 0x6})
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1531.358132] No source specified
[ 1531.373159] No source specified
03:41:03 executing program 4:
ioctl$F2FS_IOC_ABORT_VOLATILE_WRITE(0xffffffffffffffff, 0xf505, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8001, 0x8, &(0x7f0000000000))
dup(0xffffffffffffffff)

03:41:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x1000000, 0x0)

03:41:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)=[&(0x7f0000000040)='keyring\x00', &(0x7f0000000080)='\x00', &(0x7f0000000100)='keyring\x00'], &(0x7f0000000300)=[&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)=':@\x00', 0x0, &(0x7f0000000200)='\x00', &(0x7f0000000240)='keyring\x00', &(0x7f0000000280)='(-\\\\\x00', &(0x7f00000002c0)=')\\(%\x00'])
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
mknodat$loop(r2, &(0x7f00000003c0)='./file0\x00', 0x800, 0x1)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:12 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xb47, 0x8c, &(0x7f0000000040)=0x1)
fdatasync(0xffffffffffffffff)

03:41:12 executing program 7:
perf_event_open(&(0x7f00000000c0)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x86, 0xff, 0xff, 0x4, 0x0, 0x2, 0x4020, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x3, 0x0, @perf_config_ext={0xffff, 0x6}, 0x40140, 0x581c, 0x750, 0x9, 0x1, 0x80000001, 0x8001, 0x0, 0x484d, 0x0, 0x6}, 0xffffffffffffffff, 0x10, 0xffffffffffffffff, 0x2)
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000870000/0x4000)=nil, 0x4000, 0x17)
mremap(&(0x7f0000871000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffd000/0x1000)=nil)
mbind(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x1)
madvise(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0)

03:41:12 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
fsmount(r1, 0x0, 0x87)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:41:12 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x6}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:12 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x2000000, 0x0)

03:41:12 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xb00, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:12 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
setfsuid(r0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000100)={{{@in6=@remote, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@private2}, 0x0, @in6=@private2}}, &(0x7f0000000200)=0xe8)
setfsuid(r1)
getpeername$unix(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)=0x6e)

03:41:12 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xaa80)
ioctl$TCSETSF2(r0, 0x5437, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:41:12 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xd8, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x4, 0x800}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4d0}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r1, 0x6612)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1540.191213] No source specified
03:41:12 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, 0x4, &(0x7f0000000280)=[{&(0x7f0000000080), 0x0, 0x7fffffff}, {&(0x7f00000000c0)="e4bb93c71e17c3f2bd6fbd92339f8f80a4277b7bdfeaa289890b04c83d8de43609ef2431b2133f281957273944fa5f1d563d0b643db0520fc914bbac2f4727a8ce1f9d0255c17dd5b12cc89b8c28cb03127157", 0x53, 0x8}, {&(0x7f0000000140)="b4dfcf84626fa2d4f6123f6150f23caa0da5f785617466e52d9fe7f16d0a657b130f99", 0x23, 0x9}, {&(0x7f0000000180)="7384f8fc07581b74b565504e2cf505052b2d175f07b27afcc5b186d54996b9bb3b655e1c715eebcdd3e4c76d0d97ba81e9fe60fed1ea5f461932cc425ca8ad9ba1c35f87fb7fdc4230e403dfa478ab7fd53866eadf44c0b81148042f3c16adf0858f7f57e4c12e9a41ca7684c723fa9cbe69d231d2c63004202da82687f3b1cb88c28eed5d9fb60d920a6aa6caa3da300ca99273010e529fad49bfb075421cac394d8230edcfb77b8f9529205db840a762a6c0dd453acc4839a2dbfee2539b8e475218714be174328e639c01717e836de1dfd279ae706a2cd0d110ea2a5c02bc3b667974a86e1fcab1c47fb15e38", 0xee, 0x800}], 0x800018, &(0x7f0000000300)={[{@hide}], [{@defcontext={'defcontext', 0x3d, 'root'}}]})

03:41:12 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setxattr$security_evm(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400)=@md5={0x1, "0da80aa5293ba1b865a3aa32687c009b"}, 0x11, 0x5)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r2=>0x0, <r3=>0x0}, 0x800)
setfsuid(r2)
chown(&(0x7f0000000440)='./file0\x00', r2, r3)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r6=>0x0}, &(0x7f0000008600)=0xc)
r7 = request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x2}, &(0x7f0000000340)='syz', r1)
add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f0000000240)="9f5a607f634f8716289acb02ac462fc9559fcbd7849a874bf5d468c945a4f6104df60eaf9c29448da9da1ec1641d79a21fae36cfab30bfe9d362737d6187a7f8e09c3fed52ff4a27b39cac739675f9502627867b72ec9bf5084b3b0e33a5b2b7a6feea7f209c8a7f1360eb1ce6337d", 0x6f, r7)
keyctl$chown(0x4, r4, 0xee00, r6)
chown(&(0x7f0000000080)='./file0\x00', r2, r6)

[ 1540.215715] No source specified
[ 1540.231735] loop4: detected capacity change from 0 to 264192
[ 1540.235449] SELinux: security_context_str_to_sid (root) failed with errno=-22
[ 1540.244318] loop4: detected capacity change from 0 to 264192
[ 1540.246551] SELinux: security_context_str_to_sid (root) failed with errno=-22
03:41:12 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000003c0), 0x7000)
stat(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000280))
stat(&(0x7f0000000440)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
creat(&(0x7f0000000300)='./file0\x00', 0x20)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000000200)='\x00', 0x400, 0x1)
umount2(&(0x7f0000000500)='./file0\x00', 0x8)
r3 = request_key(&(0x7f0000000140)='dns_resolver\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f00000001c0)='@.}!&-*\\./%\x00', r1)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000540)={'syz', 0x1}, 0x0, 0x0, r3)
utime(&(0x7f0000000480)='./file0\x00', &(0x7f00000004c0)={0x3f, 0x2})

03:41:12 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xd334, &(0x7f0000000000)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x1, &(0x7f0000000080)=0x1)
io_setup(0xfffffffd, &(0x7f0000000040))
fdatasync(0xffffffffffffffff)

03:41:12 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xf18, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:12 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
ioctl$CDROMSUBCHNL(0xffffffffffffffff, 0x530b, &(0x7f0000000000)={0x2, 0xff, 0x0, 0x1, 0x4, 0x1f, @lba=0x1, @lba=0x3})
read(0xffffffffffffffff, 0x0, 0x0)

03:41:12 executing program 7:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)={0x20, 0x1d, 0x1, 0x0, 0x0, "", [@nested={0xd, 0x0, 0x0, 0x1, [@generic="981a454eb750173875"]}]}, 0x20}], 0x1}, 0x0)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000001700)=[{{&(0x7f00000000c0), 0x6e, &(0x7f0000000040)=[{&(0x7f0000000140)=""/187, 0xbb}], 0x1, &(0x7f0000000200)=[@rights={{0x1c, 0x1, 0x1, [<r1=>0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x20}}, {{&(0x7f0000000240)=@abs, 0x6e, &(0x7f00000002c0)=[{&(0x7f00000003c0)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000000300)=@abs, 0x6e, &(0x7f0000001500)=[{&(0x7f00000013c0)=""/137, 0x89}, {&(0x7f0000001480)=""/68, 0x44}], 0x2, &(0x7f0000001540)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x30}}, {{&(0x7f0000001580), 0x6e, &(0x7f0000001640)=[{&(0x7f0000001600)=""/31, 0x1f}], 0x1, &(0x7f0000001680)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}], 0x80}}], 0x4, 0x40000002, &(0x7f0000001800)={0x0, 0x989680})
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000001d40), 0x9041, 0x0)
r3 = accept$inet6(0xffffffffffffffff, &(0x7f0000001d80)={0xa, 0x0, 0x0, @empty}, &(0x7f0000001dc0)=0x1c)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000001e00)={<r5=>0xffffffffffffffff})
r6 = socket$netlink(0x10, 0x3, 0xb)
sendmsg$netlink(r1, &(0x7f0000001e80)={&(0x7f0000001840)=@kern={0x10, 0x0, 0x0, 0x200a508}, 0xc, &(0x7f0000001d00)=[{&(0x7f0000001880)={0x444, 0x2c, 0x800, 0x70bd27, 0x25dfdbfc, "", [@nested={0x101, 0x53, 0x0, 0x1, [@typed={0x4, 0x38}, @generic="b5a57b2ca8d8c59132e10993d22dd31f1934d09d79db2df8518446f4689b3e1fb61799869b4bcd27c71a0be2b8edf68d3fca0fe7fef796cd12719fd0f37de8cc62dfa23495c81c6d1d7b1498cb70b95da49fa0b5032d7a407d5586e80469c093de2cabf4325d01cc2ec2d3e404aaaf437d7dccd149f033a5f4a04f732340f3f2835065fce9beaded8999c98d83bf5f38406e042d185913c17b9b7c76fc5e47b3fb3fa389f3c3c083ab2ef433283d4927099165895a66af8f3e9440a04f0e29edc0236a5f7d4838a0fd604d2e018b0e5892c001d5e96e94121bd5bcabbf81ec2ee4ff8e0ef5fe0cb100ea267b94089c164b", @typed={0x8, 0x17, 0x0, 0x0, @ipv4=@broadcast}]}, @generic="34248ab2270616fd4742cb3f1b653a0a6adae2115361e07c8e4423b0751f51eb376fa2ca87f3626bdd1929593420c03cf62d92cce1a567", @nested={0x10, 0x86, 0x0, 0x1, [@typed={0xc, 0xb, 0x0, 0x0, @u64=0xfffffffffffff7c1}]}, @nested={0x10b, 0x4, 0x0, 0x1, [@generic="657e09a2cf352f74f343cc5b342e3d24cb6b27c7c4585819b7435a8a5a22a3329c847313ef84beb291fc951d5c76eed75a9f0a75d7a7e9db0e14121b2dd1bad3e7de9aa44d4e", @typed={0x14, 0x33, 0x0, 0x0, @ipv6=@local}, @generic="7ff9d6c4201c26ab3cff95c1c7f168d6013e095a8d62ba4c113787bde972402ca0043e97dbc83c4aa95c3aeec939317a9213df8bca39af0dc850d1689c3c5083133fec700401bac3b72e27601176f3f02ac78d961c9e1c51dd563458a30f63f8f79a297a37c62f5228c1c3917a884b417d64d47d0682e8080c9a57380a8a7a8bf13e7e08d76562a3217d13356a9c14c62b371afcd9c236dbee8bd6a76d33134773623bcec059f220b059bb9bcd"]}, @nested={0x1d1, 0x7d, 0x0, 0x1, [@generic="a4e1eeeb460e79df18285bf65830ad2414be529723299f415221283414d16c77f1fcbbe79d54c6915e39c99469ecf36b7a2f344c897cc4173f956d4e0f59d0e30465e12d6ff37315a3edc427683b0b05e99cc42bfdc5a70d114fcc9fdc4f08e408e45a5951a406444b10a7d6aa011441a9d2796d0f096baf35dbfec545d8b1ea2881e575d1b7697f8df932b8f6450490d986778da5a575cb6ab149014c6ec7af1fa0e1b14d32ec1464d7bd4e3ea4635a2f1ebb8ab79bfe64a55a416dfe7e6f51fb7579267df3e273048f9908f7c0d3cd122690d797241f8a438b431f0b397c2884dd7c2983ebde", @generic="c08d1691eca4b476df868ec875d82a33d53103bb9c185bb31ca3ee6c598d16072efc17c3eec4c5bd0b481f66ceb6d645ba28d7fd98e3f33be249c8b7cbd7c799a0638be18bffcdafb87b89b6d5f320ddb17b9c642e193eda476c50ee3922517edfb4b48d6373b239945620b3c0cf49d12be9f2d462d3c941f5dde24020326733f3fe3b61c21cd38da20deb4d3923a0c2fe7f314a0c8a1951bb547b231b86dd0696d1ac2373563877c42ef4b4fd557786a09be0f783f1118605706369c692f116ed49970d36b818f6a120bba8bf4fceb1e8f5d6fc8dd59b5bbfc0c84e77c7a0ef039da8ed48a8"]}, @generic="bd1c221257eada5f5d"]}, 0x444}], 0x1, &(0x7f0000001e40)=[@rights={{0x34, 0x1, 0x1, [r2, r3, r4, r5, r0, r0, r0, r0, r6]}}], 0x38, 0x24008005}, 0x8001)

03:41:12 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x3000000, 0x0)

[ 1540.403787] No source specified
[ 1540.405801] No source specified
03:41:21 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000002c0), 0x40001, 0x0)
r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendfile(r0, r1, 0x0, 0xaa80)
ioctl$TCSETSF2(r0, 0x5437, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x0, 0x0, 0x8, 0x81, 0x0, 0x3}, 0x0)

03:41:21 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x7}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:21 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x1020, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:21 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:41:21 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
inotify_rm_watch(r1, 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x1000004)
creat(&(0x7f0000000000)='./file0\x00', 0x108)

03:41:21 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r3, 0xee00, r5)
getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f00000003c0)={{{@in=@broadcast, @in6=@private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@dev}, 0x0, @in=@broadcast}}, &(0x7f00000001c0)=0xffffffffffffffb4)
mount$9p_unix(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f0000000140), 0x8440, &(0x7f00000004c0)=ANY=[@ANYBLOB='trans=unix,posixacl,cache=none,mmap,cache=none,loose,dfltgid=', @ANYRESHEX=r5, @ANYBLOB="2c64030008003d", @ANYRESHEX=r6, @ANYBLOB="2c6163636573733d636c69656e742c7375626a5f726f6c653d2b27275b2c736d61636b6673666c6f6f723d6b657972696e67002c00c5a6dde53206b2a486775600a5a17a73d745ff181091e3e1ca04d3cfab47b3c4437746dfa29a1e2d7075534784abc37d6c85724ba44940142c911e07b943d91bc5800aded19879faf8eda6885ad0cf971f0370ed30f362d5be94ce401019f648fdef67a2842520f88f8191bd1210294fb04775a7bc01880a3b90301137ea915ff9d20e8568e1e9c336bad39395c522e1331a4a533304417b694b8da10b7e3c3f5e82d7f8ffca823c4d705842d69e9ba38b83860077b7fd9cead033303142"])
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r8, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r8, r1, r7, 0x0)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r7, 0xee00, r10)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r2, 0xc018937b, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYRES32=r0, @ANYRES32=r10, @ANYBLOB='.e0\x00'])

03:41:21 executing program 7:
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="601c6d9c98ae506e544cbf00088020000400000000f80000200040000300000000000000010000000000000002", 0x2d}, {&(0x7f0000000040)="f8ffff0fffffff0f", 0x8, 0x10004}], 0x0, &(0x7f0000011200)=ANY=[@ANYBLOB])
truncate(&(0x7f0000000080)='./file0\x00', 0x8001)

03:41:21 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x4000000, 0x0)

[ 1550.020916] loop7: detected capacity change from 0 to 256
[ 1550.041548] FAT-fs (loop7): Invalid FSINFO signature: 0x00000000, 0x00000000 (sector = 1)
[ 1550.058041] No source specified
[ 1550.064333] No source specified
[ 1550.087424] FAT-fs (loop7): Directory bread(block 64) failed
[ 1550.091252] FAT-fs (loop7): Directory bread(block 65) failed
[ 1550.095623] FAT-fs (loop7): Directory bread(block 66) failed
[ 1550.096546] FAT-fs (loop7): Directory bread(block 67) failed
03:41:22 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x28000, 0xe9, &(0x7f0000000000)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x7f, &(0x7f0000000040))
fdatasync(0xffffffffffffffff)

[ 1550.105320] FAT-fs (loop7): Directory bread(block 68) failed
[ 1550.109363] FAT-fs (loop7): Directory bread(block 69) failed
[ 1550.114940] FAT-fs (loop7): Directory bread(block 70) failed
[ 1550.115910] FAT-fs (loop7): Directory bread(block 71) failed
03:41:22 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x180f, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1550.131404] FAT-fs (loop7): Directory bread(block 72) failed
[ 1550.140873] FAT-fs (loop7): Directory bread(block 73) failed
03:41:22 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x5000000, 0x0)

[ 1550.217370] No source specified
[ 1550.228892] No source specified
03:41:31 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x8}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:31 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x6000000, 0x0)

03:41:31 executing program 7:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
preadv2(r1, &(0x7f0000000640)=[{&(0x7f0000000140)=""/189, 0xbd}, {&(0x7f0000000440)=""/225, 0xe1}, {&(0x7f0000000540)=""/224, 0xe0}], 0x3, 0x3ff, 0xad, 0x3)
write$tcp_congestion(r0, 0x0, 0x0)
tee(r0, r0, 0x8dde, 0xa)
io_uring_register$IORING_REGISTER_PERSONALITY(r0, 0x9, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x16, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000200000006000000000008000080000020000000dbf4655fdbf4655f0100ffff53ef010001000000daf4655f000000000000000001000000000000000b0000000004000008000000d2c20000120300000000000000000000000000000000000073797a6b616c6c6572000000000000002f746d702f73797a2d696d61676567656e31393337373136313800"/192, 0xc0, 0x400}, {&(0x7f0000010100)="00000000000000000000000082e36724c6f34caa846ed2e527703378010040000c00000000000000daf4655f00"/64, 0x40, 0x4e0}, {&(0x7f0000010200)="00000000000000000000000000000000000000000000000000000000200020000100000000000000000000000000000000000000040000005500000000000000", 0x40, 0x540}, {&(0x7f0000010300)="030000000400"/32, 0x20, 0x640}, {&(0x7f0000010400)="02000000030000000400000019000f000300040000000000000000000f002e69", 0x20, 0x1000}, {&(0x7f0000010500)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0000000000000000daf4655fdaf4655fdaf4655f00"/8224, 0x2020, 0x2000}, {&(0x7f0000012600)="ed41000000100000daf4655fdbf4655fdbf4655f00000000000004008000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x4400}, {&(0x7f0000012700)="200000006c84f94f6c84f94f00000000daf4655f00"/32, 0x20, 0x4480}, {&(0x7f0000012800)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000030000000", 0x40, 0x4800}, {&(0x7f0000012900)="20000000000000000000000000000000daf4655f00"/32, 0x20, 0x4880}, {&(0x7f0000012a00)="8081000000180000daf4655fdaf4655fdaf4655f00000000000001008000000010000800000000000af301000400000000000000000000000200000040000000", 0x40, 0x4c00}, {&(0x7f0000012b00)="20000000000000000000000000000000daf4655f00"/32, 0x20, 0x4c80}, {&(0x7f0000012c00)="c041000000300000daf4655fdaf4655fdaf4655f00000000000002008000000000000800000000000af301000400000000000000000000000300000020000000", 0x40, 0x6800}, {&(0x7f0000012d00)="20000000000000000000000000000000daf4655f000000000000000000000000000002ea00"/64, 0x40, 0x6880}, {&(0x7f0000012e00)="ed4100003c000000dbf4655fdbf4655fdbf4655f0000000000000200000000000000001003000000020000000d0000001000050166696c65300000000e0000002800050766696c653100000000000000000000000000000000000000000000000000000008224fd7000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000000002ea04070000000000000000000000000000646174610000000000000000", 0xc0, 0x6c00}, {&(0x7f0000012f00)="ed8100001a040000dbf4655fdbf4655fdbf4655f00000000000001008000000000000800010000000af301000400000000000000000000000100000050000000000000000000000000000000000000000000000000000000000000000000000000000000303a62f7000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000", 0xa0, 0x7000}, {&(0x7f0000013000)="ffa1000026000000dbf4655fdbf4655fdbf4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3139333737313631382f66696c65302f66696c653000000000000000000000000000000000000000000000cb5c36a8000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000", 0xa0, 0x7400}, {&(0x7f0000013100)="ed8100000a000000dbf4655fdbf4655fdbf4655f000000000000010000000000000000100100000073797a6b616c6c65727300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005c413993000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000000002ea040700000000000000000000000000006461746106015403000000000600000000000000786174747231000006014c0300000000060000000000000078617474723200"/256, 0x100, 0x7800}, {&(0x7f0000013200)="0000000000000000000000000000000078617474723200007861747472310000ed81000028230000dbf4655fdbf4655fdbf4655f00000000000002008000000000000800010000000af30100040000000000000000000000030000006000000002000000010000006200000002000000018000006200000000000000000000000000000015f2e0ab000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000", 0xc0, 0x7be0}, {&(0x7f0000013300)="ed81000064000000dbf4655fdbf4655fdbf4655f000000000000010000000000000000100100000073797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c6c657273797a6b616c704a6689000000000000000000000000000000000000000000000000200000006c84f94f6c84f94f6c84f94fdbf4655f6c84f94f0000000000000000000002ea04073403000000002800000000000000646174610000000000000000", 0xc0, 0x8000}, {&(0x7f0000013400)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00lersyzkallersyzkallersyzkallersyzkallers', 0x40, 0x83c0}, {&(0x7f0000013500)="020000000c0001022e000000020000000c0002022e2e00000b00000014000a026c6f73742b666f756e6400000c0000001000050266696c65300000000f0000001000050166696c6531000000100000001000050166696c6532000000100000001000050166696c653300000011000000940f090166696c652e636f6c64000000", 0x80, 0x10000}], 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="70726a71756f74612c6e6f696e69745f6b7461626c652c6d626c6b5f696f5f7375626d69742c64617c615f6572723d69676e6f72652c6572726f72733d72656d6f756e742d726f2c6d61785f6469725f73697a655f6b623d307830303030303030303030303030380e723f66"])

03:41:31 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:31 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r3 = getuid()
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r3)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r7)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r8, 0xee00, r10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r2}, {0x2, 0x3, r3}, {0x2, 0x1, r6}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r7}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)
ioctl$FIOCLEX(r1, 0x5451)

03:41:31 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x2000000)
fdatasync(0xffffffffffffffff)
mprotect(&(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x1000008)
mlock(&(0x7f0000ffb000/0x2000)=nil, 0x2000)
munlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000)

03:41:31 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r2=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, 0x0, 0xee00, r2)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r5=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r3, 0xee00, r5)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r8=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r6, 0xee00, r8)
r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r10 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r11=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r9, 0xee00, r11)
r12 = getegid()
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000140)={{}, {0x1, 0x6}, [{0x2, 0x5}, {0x2, 0x5, r0}, {0x2, 0x0, r0}, {0x2, 0x3, r0}, {0x2, 0x6, r0}, {0x2, 0x2, r0}, {0x2, 0x3}], {0x4, 0x6}, [{0x8, 0x2, r2}, {0x8, 0x0, r5}, {0x8, 0x3, r1}, {0x8, 0x2, r8}, {0x8, 0x2, r11}, {0x8, 0x0, r1}, {0x8, 0x7, r1}, {0x8, 0xf, r1}, {0x8, 0x2, r1}, {0x8, 0x0, r12}], {0x10, 0x6}, {0x20, 0x4}}, 0xac, 0x2)

03:41:31 executing program 2:
perf_event_open(&(0x7f0000000240)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x2}, 0x0, 0x0, 0x0, 0xf}, 0x0, 0x7fff, 0xffffffffffffffff, 0x0)
r0 = creat(&(0x7f0000000080)='./file0\x00', 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40286608, &(0x7f0000000100)={0x0, 0xfffffffffffffdc9, 0x0, 0x0, 0x0, 0x1})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
fchmodat(r3, &(0x7f0000000140)='./file1\x00', 0x5)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r4 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KIOCSOUND(r4, 0x4b2f, 0x9)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r5, 0xee00, r7)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0xa01050, &(0x7f0000000300)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@dfltgid={'dfltgid', 0x3d, r7}}, {@version_u}, {@posixacl}, {@nodevmap}], [{@smackfsroot={'smackfsroot', 0x3d, '^'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}, {@appraise_type}, {@pcr={'pcr', 0x3d, 0x29}}, {@smackfsdef}, {@audit}]}})
syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r0)

[ 1559.569219] loop7: detected capacity change from 0 to 256
[ 1559.573068] ext4: Unknown parameter 'noinit_ktable'
[ 1559.579346] loop7: detected capacity change from 0 to 256
[ 1559.581072] ext4: Unknown parameter 'noinit_ktable'
03:41:31 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
add_key(&(0x7f0000000180)='ceph\x00', &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="5a8cd9abeac222b73c604d6b15d20f9f9074d48f870610760a59cd923fdb29d73cc9a6", 0x23, r2)
read(r3, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)={{0x1, 0x1, 0x18, r3}, './file0\x00'})

03:41:31 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1559.626415] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[ 1559.649255] EXT4-fs warning (device sda): ext4_resize_begin:81: There are errors in the filesystem, so online resizing is not allowed
[ 1559.653253] No source specified
[ 1559.656206] No source specified
[ 1559.663984] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
03:41:31 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0xa)

[ 1559.698630] EXT4-fs warning (device sda): ext4_resize_begin:81: There are errors in the filesystem, so online resizing is not allowed
03:41:31 executing program 4:
prctl$PR_TASK_PERF_EVENTS_DISABLE(0x1f)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mlock(&(0x7f0000fff000/0x1000)=nil, 0x1000)
io_setup(0x3, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:41:31 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x7000000, 0x0)

03:41:31 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2010, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:31 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x8000000, 0x0)

03:41:31 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1559.848792] No source specified
[ 1559.858015] No source specified
03:41:41 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:41:41 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xb}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:41 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r3 = getuid()
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r3)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r7)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r8, 0xee00, r10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r2}, {0x2, 0x3, r3}, {0x2, 0x1, r6}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r7}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)
ioctl$FIOCLEX(r1, 0x5451)

03:41:41 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x6100)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
mknodat$loop(r1, &(0x7f0000000000)='./file0\x00', 0x6000, 0x1)
setfsuid(r0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
faccessat2(r2, &(0x7f0000000040)='./file0\x00', 0x0, 0x1300)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:41 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xedc0, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:41 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x8000000000000, 0x0)

03:41:41 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r2 = inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r1, 0xc0c89425, &(0x7f0000000600)={"e76e528b949e0b9e136aea3a487f442f", 0x0, <r3=>0x0, {0x0, 0x4}, {0x9e56, 0x6}, 0x495, [0x5f, 0x7, 0x82ee00000000000, 0x27, 0x82, 0x5, 0x100000001, 0x6, 0x2, 0x2, 0x7, 0x2, 0x1, 0x10000, 0x9, 0x4]})
ioctl$BTRFS_IOC_SNAP_CREATE_V2(r1, 0x50009417, &(0x7f00000007c0)={{r2}, r3, 0x10, @inherit={0x88, &(0x7f0000000700)={0x1, 0x8, 0xb3, 0x8, {0x32, 0x8, 0x0, 0x0, 0x8000}, [0x2, 0x0, 0x8, 0x7, 0x1ff, 0x93, 0x1ff, 0x7f]}}, @subvolid=0x9})
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r4=>r0, @out_args}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000100)='\x00', &(0x7f0000000580)='\x80)-$].\x00', 0x0)
r5 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r5, 0x0, 0x0)
signalfd(r5, &(0x7f0000001880)={[0x8]}, 0x8)
vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f00000001c0)="9758222bda5a1426bc243fb20713ea9455f177318674c0d386f64f19dc3c7eaa3cdeb3239739a11290afe7e521f13d038960e7502455a90a1fd0f699126d7613a423cf59918e372de940e7df67d06631fb04b8f14a3a23c43f1e4d45813b28b3196b2bca75b0492905d693e0c38c1ca97d9974d0fafbe29ab928e309221392873870d4386cbc4c2fcc3e6f1c86e5fc51dca400ae10f2ccf939e6f6df2afa68ddb8798e70b3efeb7a4f5c77e3230e48de4c8f682d67d02370c6562d0df2fac844d8fb1669cba774c44bae1bf4b251944188189cb1eb1dc38491f6c2b6786694ec76ba3bc9ac1c6f5e29eb4d", 0xeb}, {&(0x7f00000002c0)="21a5105fc1f0149db2664e803453b11249974b21857b4a659c65e2ae25572a7f418961912b405a131acce5867ac1b753045e003d2ed7ea74167e4386c4f8e55bace067af75766db6db50396c78d8695d88adb7034043a501321830ede659f5ee31e4ef81d8e8001cb701e0bcb421eef55dd5d9e28ed937a32489ef1048f092bafa1d4313d9fc1cdf445d5eb56e5c80eba6ea9151e93911ac619b3c059d6c431045ed82edd0fdf7b39ada5961835561c5c631c68468198a0760128190a693", 0xbe}, {&(0x7f0000000380)="dcedda5db84d46960533d03381350a7992e4a1aeb01568bef18b823c01ec880f579751e5b25ed176c60b7d71210e0d863d56c87ef6c496e7ee4e6cbc3012ad928839afa14bf8ce2224e8ef85497d2122dff04ad73ea18bb85bcf91fb156e9cc36a63456f42eee0e2787f3ecaeac298b2fd5edb5d93d668d503d56306699dfa93f42b95c6d84ffa78b717c0f23087cc472b84e8ff77fb3ef7a8f03682844e025d7fe161020b79e1a9ed4cdd30a5d805dac93c12acb34315437425206ebc34d88ab2c65014144ef877ab803f29242c106436fcf6367036", 0xd6}, {&(0x7f0000000480)="0c459b8f4dbdef2f4b79a10d8ebab7806b329fafd9ba23e9115147628c2ee0841a4040eb25c7f6c1357f76b354adcba031ced628cfdc0af04718a4d368966f9bdbc6b1f70e51b3f72b5972a9acf70278196e8c5e147f1047c86b89516faa0042047b9af8070b5f63e256778ee8919021d4454ce62a7a8a4a02c71f543ae448728060d3a858c6ff6f6f58783f0ec4fb7fb1fc9eed0f37e19b6579af3bea63a42d279a327d3b57da3a16fa8c49b09aec66f9971a7ed031e709ae665e72f5bf58a1a3655d8befa972588b46d81415ada44529248a3396", 0xd5}], 0x4, 0x0)
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f00000005c0))
read(r1, &(0x7f00000017c0)=""/174, 0xae)

03:41:41 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r0, 0xb, 0x0)
msgctl$IPC_STAT(r0, 0x2, &(0x7f0000000000)=""/102)

03:41:41 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000140)='\x80)-$].\x00', &(0x7f0000000180)="7f4e92648549217cb511db801ac9eefc3cc5cf400c0dcc41bacc6ad75d92b1b5e07a2949c7847e0425498abe44da05ea53394884aec2bb201b6aa8f2cd8492c4d74aa70069572981467e09970c064ca1661aebd16cf59e091dff424d27ab063c60bc59d860d6e3763e3fae9a8f9f23a40e3021052a9171b19c8c67e7841aa1754218ca5f12d96ab48623b46c946f2a2f1d3a03f73bfc2c8abc8b109e85a8343256c47b2da4453f0ac046a2ab87c8e434e716125f460948b5d4550709a008597be45408bb45c3c7fcc9ed4f5063094c72a8dd798111fec0e9aca2c97b29ec6b584adbc9c594e8ae52b36b110aedd65f5c028f3cba4145a43d7a", 0xf9)
read(r0, 0x0, 0x0)
fstat(r0, &(0x7f0000000040))
syz_emit_vhci(&(0x7f0000000000)=@HCI_ACLDATA_PKT={0x2, {0xc9, 0x3, 0x0, 0x28}, @l2cap_cid_signaling={{0x24}, [@l2cap_conf_rsp={{0x5, 0x4, 0x20}, {0x7, 0x4f9, 0x8001, [@l2cap_conf_efs={0x6, 0x10, {0xd1, 0x0, 0x100, 0xffffff80, 0x0, 0x6}}, @l2cap_conf_ews={0x7, 0x2, 0x4}, @l2cap_conf_flushto={0x2, 0x2, 0x5}]}}]}}, 0x2d)

[ 1569.856809] No source specified
[ 1569.860588] No source specified
03:41:41 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
write$binfmt_script(0xffffffffffffffff, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '\x80)-$].\x00'}], 0xa, "9d0901f21759fb111638d684f9912f1e53b5fd12c2e7b99a290c66fe516d8d12cbf02bc674c3e76747413d1d62789ff8e97ab8ddf6d3b4a124275de55d528019be0f2db3e56b62aabdb4c06b73fe34a8070e295574eb2f6a59bdb939e7f22cf3ee05b71299cc9198ea6a6fb610530f0015bfb436b5d03fd4602594129816785fced96df98533c893e2d85a88735ed4521368d6a71f308015886f5231333d6f9d442a956da9801a16c23f4e6317b9eb701573e66fc8faf82413026b63d72f63354d62d4f39feb61b8040a342105bfb5fb18e8231ad0a8d3b7b64e2af7a7ad643bf763e0c3a152af42c3aa06ede24282346ff0389afd84bd735464c07d8120d29cb182ea6a18fae925f77df19c83f522a57864c1a3cf8e66cfc886c18947bd926f74e95476ffdc6962d38663f7666402e5bd98e4b01e6e08fe3ac9af8642409e496a54a002922b8de84478142f611427b827d31f6bacb67f5c3282aabc5eaaaf56587303325a3531e0d6d7afaaa265c99a4d39bba82f5757cb9ef1122bbb161f8e0916f8e393a5f2796a93ef0a93edc8b55eb69b7bc163ba29e0a803c5abcb61547b77b097c2cd7dd9acff76e0e15abc0ee537402f0b5ca45b092f7901399f953b48d61cb845d0133e715f8b824a1b9d62064d83a32d25c7772f15598979459449e853a33f5920696e4d7a2b1b2d144e3682de97a77e4407488080cfadf49659a7d19a61316e9b249bdc88419de1f9f818436f06a20764f060918ee6ff706406377ba379b996500d2a5dd2a98c7998a15f8dd6dbe26fb27203f7227286452aa8888bb791f3e3cec4cc5f201e91c2b3ccb8f114b3281b68d926b09aa01d76c7cac5c128c637c5a7c896950906a34d8dc9020b5585c51914d05aec3cd601183077958a78ff306c16bf9f0ddb0e74a35a0e0809c2f3eeb7484716a0c7784d5d140787c48c6a80e6230d78dea01376c3df736962a4cd2483f138d79666395ed20d4dab139d49d9fc9df58ec578e5895448a0aafbfd0cd18984a5736405712499c27b6b3c734708d6f5b8a950899dcde74e97a7b1befbc270d935f1dda0ab5f599cb29360184b4128985ac987cfe4e666df076f1bb70a2a2b66c0379d47ec18cc442e467a1762a58d691cf56bc6afebbe25601f1f9fbd4a616908c37888ca503addd499c26d997c341ef536aefe1055c8c85e1879c4518f77a04219311f9d9fb1944f7d3adb7ecb23058dd1a3a1362312996d432983cc96c62b77901d56924e61e0fd3eec60cc85a18377a4e050343c651b15342e6e281d9e7414fa68bc6150b442a3795ca9c4851a44308c8eb5f7d96285cc2e5be4f81736667f40fa885c71217235ccdd65d6285ab4d20eaf4610dbc39ca79be4ce4578315368947fd8a4a0a074d7a9c0f3e0a0777bfe0f07531005126177d922d7ef086c901f9852534e489849a2131f6255be90edb3e2f054808dba16ab97caa148569eccf364f900d11d86fc1b4f4537704ffa3ea5329729c937336aa63594fdbb90cb54e04b0ac54f2830536f4872c3df166acad7553da4a4f765881357775a1517c03c6776b67dab04ec227030b3daf5bf2a9c3c1ea172bc7f99a9ac93ec417e863014661f5f8aa0a78719d0e9e6a33c63e6d356d563c6e30be703408a14c7423b3714876ec653d67a670ea3a1ecbf610cec6241741a874d240380fa958d10d2e0edf36ae1262fd26da12c4b8e57211bbdbffffc1549012caafeeb754121632bf03d2a0ebf4b8547290c3a313114e4feb28ff0f2756f8d4c47fbaf7de06bb4e197e8bf929fd77fa16e191ae93b668d57d62c7a08fd3865c912280cb304b7ec87d9b0c8c549482ab2529a08c1be34147b44f4945bb9ddde8a256526a6164c5208fad49fb20938084e62f9aed5e2a8db05918584fe30d5a7923776c8fa21066d864ff0a0bcb5f6e904fe94171c7470c29b3db01b06ee459b6412e4f3918be8be042125ebd3d9658e8a89c3c8f027ab4fe60bef4c09d1e50e755fcde738f088a3ed9eccef96ce5e2d171de9bb9c02f8ae43775a2d4a356dd6a99f42c6271c663d4ed9ad2e7b7393b826ffb853fd34700cdcf5e67bc40e825d52e5060e6f751224b7e1e9368f196bdb4f8d8bfc2961a1ede8cd74b4ceef0f7fc2ad44226f5fa03d019c27a4eb5b32d1de008a9e28da8a3039fcdc194b2154ce5803f3e64845205ea48e3cacba038695d7eb855dd8906a8e15e28d82d77490580675ee42a3a68d7a8dac985c28da91817e2a9a3dd0670a2df28075d2afb95d480e60c47188f8ba98e37222a41c508324f02b8119db19835c2c163da382ad097676be143fafe616b8193a0aa480ffee17b8ea0eff43d7c2590eff60ca1d6a032fc6bef36afd842566dfb260d09813973537a6b23c30aab467ba5869a444d37302257ca6fd13145c0ec504b4c2a301b318db95c1b3f7dbf75cfd7975e94d1de55037c0a965e6ea76ef930c094c9a24982205dafed7f756184f879eb53f0bf2e04ee73790cb863e29e42920e1fb239543e6f929bce7c35b1f0249eeff691805e280f5e2818433b6eb5c1127ef46fa7250273cfa303e74a0663b1c638e39c10304b240d6d6fa9ffaf4957f520c9b4122f9d78212b02074b78a8b2d1c9d8ad29768ddc97ada171d3c1cebc5db3f07718639feb6287aaeadef85126e10ec2aa155b64d361838341d93060b35dcdf02edcad7bcc911c7d6fee4fb91fd0dce655d5ddd793d1e11b4169029cb53e29e12d455735192c06dc84da6602bf765365f016dbb2a6dae6fad5d37183ab7aaf8255a3bbc7700b994c27283d6f84c761fbab0e99c182abf89533edf99fc7d236449c2b2ac70d9fb89998d913a5cfa8259121e7f330e82d2c237c87ffa06ed548d4b0e6920f76cd1f22dce7fec6c5b844e2c31906cec863cf0e3042a996edbf61c7adcacbe097fae367fb9a4c3c751f7a2b4557dd0a20c4208a0b386c51e1d059a1d532cdf543fccd2005c40e8dc62f306db8b51a1bb85c6341f8015f48c2854c188e6056947de531803f2a76c55e8a1f58a28c6559201aa0ec3f3cd4e2aa1abbca62e27eb8d39bb7611c588221bedc25eb6777d23dd31b8536a7c8b5e883e956af640efde5ca4d75be11c20bd1c4cc8b54ecc319d81b15631f6c1073e449d190953b08592ab56eec84bc6e1934450f44d7ad264b1333615f944a9883cf032561a9fb99f00550239bfcc2a0138a7fbddee82b4c6e2722ecc65861eb2f71a0f5b53f126b5b56bb4340ef2e17ce7b45e56f8d21f816c457412ce06412b8db2700f46f12de5a9478247efe7bffc8696e851df6a98c1fcf5c928141c6a2f9356d45a443dd9eda0d57d0b1afff6ccd54dbdd244a610337bc78bd098593f852411fd44ef2a71ce389be542aef87b9f173e7a27bdda8ec8855f2960d74cb9dd037e7dd7e8f0fd78ed918c31e9836459086a8e2fe47daa32da2b6410b6150bba1da16dfa5ea0d87055a5f0e2d8c72207168ba4db203d8ea9cda8d67eef791d380c82f88bd027d4062f54a92c04dfe54619ad548944aba967d2c8c38e23e6decdecc9202ff73a44a9207a44fdebf728a41a39fe00bc78fd97183d7313edd65c54cd8b899af0c2d7271774329c95b32c7edeef7f45ba545fe2e0221923e16b2afab69e5e577b530ddcf96dfe09d541891823d92890caf6dbcafdd4070b9b2ec658f803ba4d9aa21d4432d5f152c1a1aea48c8ed92e6d63bd0cfb22a73f42e27ff0d3c3a14a1e530f302be8987efe66d82bf180964b7021bbddbabed8d525b222140ef33597a29a864cd1040e5fdf91f17ca55576208c3d6dcd1bfad494d19c0a29782670284c37aa8a861af836101255f397809574d5e9f27a2cda6b240158dc17933fe066640742f7f0acfbef81e1208a8ef424ed16f9ed299830feb8eff8ac3371bb58103072d394f50c84399fe96e01e8d98c7fe56eb76787523297686782862c58cf69f7fd68dcf4bc15cff50af61a701a543fe8bdf375a9c9cb649256ba6bc27b0888996bd9f18d3610e16ea84dbe3f0693abd14eb7bf0f3082f74d7ec9c508563042308496dc1fff0dc7d8c630fffff4e0a8cf4e69ffb760a257d9df53a6bf9bea2c2094187277b057b632245e67a4321a9a1d3dd47c75a0fa67843f9166dd6290dc3d9e0665253d06c7bde4afa8abf64415013a5c82429b2c227c49c085d379afbb5d652a0da39906ee94c869e07635f8b5ce5d6b265111ea90904f977a0594c4859f47b72b15121c191d7df8f4560e679e40f3cfc8571a0cd33c3bbf24080bcc0cde1472dbbb2462e83b5352b59e00ea3c8edaa4adc0591c3a4faaa38ba356d4eb20bedf0d0d78340b5f8b6e9912d134f0a685a63584cb3a05481243039c68a52466bdc322ca52f5cf43779dd41816054d3442d2acba51c434c74d7539875f368be616f8d739532e6def7523e3ff0757ecbb2d1bae1a9313fb9d351afd8b898fd16ba7758073eafc370a065e31963ee1a4817f76f99491d438225c1e1406038995ed2a19cee974a9d0a80d58b53f06f35ad3196903392d49a1f6843da8ac6643dfb81e7f8e5834eeeec32bee4c14aca71d1e1a7226304bd949d014b83da318801608de8e970eea90e9f6687b89fa9bdf34a65a2472eaede842cc3f9206e78ba50938c640a1cc657aec652eb764797f2c594a4ce28dd68fb93485467dcadb0e29377438652bc7b8902d4da59e3a0b38cba9d513380ce8789d36633ba202d8f23798f7e97d97e280bbbce6699cd2f7c156bc1d54e75b53c90be5c7f0ab0f8f702635bf07d7c7b83f8b641e364e5e1314df1cfa9d7e7f296ceb96d571fc4f3bcf704ee92309106b30630806934f8a17dfc9788e5e1c1f493f4e8f8dc47220ad9fc77a105b71042fa57342e16f1a5d1b99ae5be4a4e928ff6b6cf64f72d3610c704923de69f6890347f4216726833d9d8c0f122d211e36effa8bc8ce17d2ade8fed8c8b2368de9d687010b6d2f7b5d6fbdb29d54dd5a04370952142988cf59ec8a771dd3acbf4aaff0b5a5277be83dfc2ca0a7439449823df987f73525b48bde293a89be75598527dd7d4efcee26f3ffd4c3f894e05eb73db249207ce51fa3cfd0bd6af08d3e4e1e0592bab35c30f8103f91788bc7b1d4b1ee54f8f7a68ea5dec4ce34d18f30a280b6b1463919a5490f7aadb41064b49820d47ada0fc1c1f1b4e7ff00dad9ab8bf85e784a22440b0f216fc016d390598edba535ab1b4a96ecf3bd0430355181e7723f0e92062b998a36b2ecfbbce2072c55f4da3a9057a8a2bd51259571dc7c237c2dd95b6c7255d268635c0451fa18101c1743915782240ec62c5e7ab9a3a19220ec3295ce2c4968ebc9a359482830217aaac024688c448260f953a0c76dab4478e0d9fa22813e0e5fdfe54a363cb0f977f892ac29652494a43f0b58c6c322a2b72ce84a232372c837864758a4319b89d100264e62b52cca0b7feacbd623776da1cd9b3f89f86f1a3eaf0563c415ff293c07485ffa45621884b649c93ecc697d392cdab926af0a08240a1d1880b31d073139ea368cb6e4815738b121ed75907b50b101c77fadfccd2a7f91d51313e693049594db86c446e4015808b70050273b0e97621c15b71c8eae497a22841dadd5b07d25d682b13a29fb5de8ac0394aac06be058f870dfb5bcb79d6d1f33f05ca69067c4afcd69c191a2d8b146285b0a83417f1f4a25a60c3cee90a4ecd9d6c2ebd16f7bbf5a404df607b344b3b4b92d5fc7ededa19383ea5f1c0f543745b196aab0e5d7286cf5e24a7fa803c3b42cc6b3416c1afad3ada2c1"}, 0x1013)

03:41:41 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x100000000000000, 0x0)

03:41:41 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
futex(0x0, 0xc, 0x0, 0x0, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x6, 0x5, &(0x7f00000013c0)=[{&(0x7f0000000100)="11b65b070d8cc5cf8d86fbac26cc58ae808036d27b418bee14da3b18a89daa2765e1b76d604955c6b4364500ca5a1a640f64f52ac4d3d65bd37bdc9730efc17b13b4a8cf4c6a8400095895e5ac00f78d2e6c8a47698543155ba1ae4ea5174eb922cc51700de9b862f9aecad7e2f79ed7f5e3e6bedaa4d0032fb02a3c005f68f39cf226b2575704d4d0a8f0eabac0bccb58c96c442e11c8b947b3a0b4f219ac06d978c0a1d03e01122cb73ea1865e60d3103abfe67293931e", 0xb8, 0x80000001}, {&(0x7f00000001c0)="a23a2e3b21ffea78d3496ad94e88c56a11c93a78e286d11c0c97488d077a316d9a2bb645fcf30492428714038a847a99f6f37900e564d360aa63e6283ccb811e2dffa9a455e1fe329bc1b4537bb90dd6ed970af491e925ed8b51583a899c15f063e1c8115e64a729dc01dc21cca852cc454f74a81160db74a7c4f5028e77d5af97228b7cce07610ac8c28b449d8cc9a99a13422f9d187cc637aafd65742ddc6c23c2514bab194511a43add7d4ffc8880213e9d72bc546b7e7d6acdab82bea58958e7079961f08f3cf2e31a5bc36b83fc22ff77b4723345bbf52e546278363dd4e1213d06a738ef1a0ff32fa1dc03d5d98180422261bb", 0xf6, 0x8}, {&(0x7f0000000080)="b56c6a8bf47541388cc3495fbc91e94bad297054eca54a6b170834da7eee1c1ef359d7a5205490060a8bb03903dbe0c06d12", 0x32, 0x2}, {&(0x7f00000002c0)="52fb6710b3c2d8cd7fd7a84900a06ee7bbdce8c9c56d1659390696e81ea6054839a8cccad0b7466bc73dc9805becb9c48b4153d088283f5135419b5a2748d3510301207fa7805603acf87400df02a4227c1ce4536ac973f6e8ac0640fa1057fb733ee338261a47559e8004a120cff46ca503c2e3d0c9be22ad5ca3f53d93d7992d1f4cbce37a2876616a388f9ee7c78308a2c47e3427c5e7cd097e83acdb70bdc30b188914091d3e7f37a5f24ce139723c9d50dadb54590564a95f288ac24abc9490c85d9846f09526a12bf18d2bdbc3b4c7f4c8de9e4409ab50514ace1a113bbb74749bbcf151", 0xe7, 0x1000}, {&(0x7f00000003c0)="e8b024c438afd9e94c2343e94e6558bf523f50eef6f48cc7478b74cb2b49f4c9140a3a09961222abdeba968ebb93338ca1d12628732576c24fdb41c52440a6efc10cf236a31e400cd5d80703f93d738ae197d99c5e90a270bfcf6c529f233cd7e4468934823104d09da2ecee00c56777832780cb7ba694f51415acb0e550f2562d0fff988ba1d4552c8b170f95b2b9195931541a1d5966d312113e6b069cf87ec30a2129ddb0237b43a7baac37af47a3f7b067ba80c29f9b97652c0aff7be2d1c78ccda4ceb196e6e8194be821eafab53873474d404f823672876cb17336dc8fce38cba6dbe842781647e0c9634a7f46423132c274615de993043859e42f0aa178ae588ef77f5dd53b6d1b0dbcb53093fadddf7926b0e616be2d4581f0f69e48da62327f8fd2f861a1c80bb6ee8d040ef30406e2afc9c78f166aae0ccff420f7d6018db712bfd29f32a3c8e6109058ae249b8ae152c1129ae37bf95c93ff48fe3a1a9bb47c1ffeb524e92b7745560b8fd34c563cf65aff83a845ecec8e6fad22546cf045389200cdfbabfecb57ea992bfef9d9cf50d20d9c93f60c72fb4f76445bad02dd435dab9b14ae6b65b4daeefb80e389c8a934b4cf73b8a79aafdcd2c3bfdb03d183f3b887479da5261a57765510abc4f3bf16073467edbb6cb815569fb8fa561717ff722f93157ca9444ad009af1af5af21035ea4e24ed77eb02bcd88e907b066ea3a492af31288e43454eccdac90376c9815bedc0ce05f68eff5286c304bb8bace80b54ac01d55d0433ab332d9a3bfcbc57f681e03ccba99e1c951b9d6e7cde580f3d373df67b47c27e12fdb6b4a9c49a963fe1dbbc9ab0ce45ecf405f495fc3902baa5ebd276448c1ecbf9b3d8b0891a808e6454199b456c13a201f990d55ed4e1906de3d3fd4a880c2fb4ff37b95646aae544fa93c71220bfdda5a37f12f7cee91dfe3749afa05b06eda57dc3449606ee6ce6a6a81010b88f1b2d24109170cfaad0451725fa6a85f165456ea40a77e7817e9cd9cf44e8a770cada46510445095936b34c07efc511e712fb0d00d1574717dd28541d18183463dc99313d044d35f447fa14b9dfb0e2ef7cec43850c1302889d5e08f201c885f1626b4597a34061e2ffba7f557c98052e9ab60e07899f80a50b727d22ccec9061fca816ba44a9bb307f87e66e3961de3611094eb08a94147dddd667817c098ab3183a889c3d994c90638398ad6d767c115f2ca1e3fc286747742688c03a8543e5f3499fd6f0a9864a16a870e4c4fa3e4c6481324a0ef05b716a91c48eb4ca39ca0bad2508033a7233d4e87f3712381b264acfff6c2d2823e012cc35e6ef68e05f96d157278e8c57f6d9cf35495f947629380851f98460e66fa31ad965f4b35170d39a9c2db85e01078e5e4799abfa5741038ac9e3edf9423a32ffe2bccf1f8a094b68a5dd3eb59d11d19e734ac36355e343949769d99ed071314f359f337aaeb00bb8ea03c224524e1101d7e344637dfd66c365f1e6df31c26636294b1c38196a989635b378fb0f77d804a3d4fd61313d6297a9c61546b9f11acdbcd3d624649b1e9f99b9b6e947c9008d17800fcf4ec98ff2f38c13072a987e2451ae93fc75dea822316d6f990072ac20386e2d3ec8ff2920d3dbd3acf17ccbf6e54c8e5316c367f1efaf18570f98a8a8883fd687385cc7c251dedcadc0b215a09519e7d08e082a50c48558663aee860eaeac3b6b87bc494aaa07b0991ce66b2dd8c09ecba8282b21993758595286cd96eed6a07ccf8135c2d24573ff08f65c88e21ebbdcba34f6a709dcebbce250286a49925d2a2677bec92bfa6335a40a088836935b8be2611077a528ea9939b0c648652009c96c13f56a5cf48bb9a5d0dafad11cdbebe448c7ad146a36f0387885a23e19002e1f2c6595a7171ab012dca02c11bbed31c50dc6a3d4ae034b3b01eb3f778c84c903e187522495dcc971d517097f195885b0b124c59a96dc84ea1a52ed89ce36a92b0084b629bafcf04e1be52942f55abd90c5973fdb28759edd7104b2651eae6c9937cca6a27a433cc4ed6f002a0449514a5087406e9f68193e2445be5e028063f1dd24dc34b0bdcfbdaf151eced9317f517b05e921aab146d3339edc12adcacd180cb95d6ba837a3cacd188225a390ea46cb2e5acae57ff632dddecbb00456c6f2f504e60327051f9cf52c6e5128fb3d89bd4905f0ba86cb3c7dc93dc19627d1b52a7972613999d108eccbafbe69e36b4a3fae819815428cc1342f22947d17333ce7c391910263893a6b78685f0d289a276a951b62d5dcb7d1f47b2366e52f432508926e1dbe3cd3cc7c4110debaf723791faa7165e6ca2f1792e6eefcc38cd67317749ac781760e4750508c2895f65013b396ca6992b5fc78161088fe40668bfb035d30f5e06f2f8ff83eb1863b331307a7d7666069538af5c56a869039c3982aca537adc81a692b1bc58975ce1fef63299ff6639a449ce3259cf4d8cfc07fa7e7aabd9b50547b2c3af2a7428a0f0e1807ffea90c83ff373c7365a0c1fc2ad9371e9d8029978330a8488e73d597e4e4cf2d45c97b6b9d300e2303cb0a8c9472e9c307f31da14393b1a7aba1fe5061cff9d05c12a9b982ec67c673ba766ee6a2ec700280c71c044b731dbd01414049c168239edd6e7cbf55e962d5b1fabc274f01e633c105d61b70b1da7ca1b6c26101b435704796f847769492c4b640e88463376e7a0765e1907ffff28db80bc8af611f4ac498f50e81ae86ccf29e9538c4157c79593dd18442d8d918322244eb822b99c1b731eef93baa217b37b63e0b0447049f09fc0c4d32c5601cdee9aff8bf84495f9fee11a90690ad1499d255939b2a06b7501921269487da27831242d7a9a8c015ba77022a942523c8519f92c70d9a195d26a1135fc0c424ab839fb50b4d6539ce5efc2f91b0c164ee06dc8665fbe6b1f3f98a7a293b4aef1341d2944c0be5fdefbc299dcef826c74073be4fb91d79dca33db7bad15d5da97058996e17492d7e0adacd663702372951d97d15a8074cc67d19a1f4639c4c5b05c126eaf5f9b10c5afc247b8ca147fe7b083e47ee94263c2da7e17120d95053504273103443cea2e5f0121cb86e51a42f15223512fbec58e2ec559b6897bc09ff35519bcdc2eb701184cc03be3c24cd444ba907642ea7343c2fc4e02bdd0816729c1671253e7d56af006fe2c67c4a58470bcbad2ccf329bcdea576f87b74de10d90c2785be3bedd9d71b9bbd7130cadfab07162a95394ac1d56a067715a142d6279e7dac5ea0531e0b3971a66dac6999f2223c988a3783f8d493b7dc624727dbd8563be856c2e80b15a332ec3f77da4be60cece9c467a5099c9713ed571bbd5f1c49c5f40aaadf9cb4c3a4baa1889d11f212a8588f0803c0b9b0464f977ba8fa7c5bf04fa8cd67a1c36851d91a39a6f5ec0dbb38f78e374044e09d5cf2052ff9a2d069eb9be8e068830419b040d3126c71ab8e1f6d7204ea576b72e1103e16f613066627ee4641ff7b04ad24abe711eefb1200dc30cd4d1b3d29a921f3eedff39f5f26b7875d2dcb483b6cd37a2619adb28dcfef59875ebc0a6765183366c3ce60f07845c9dde8d5056ef65f1363e1ad39c360b3c71603836cb534e0ebfec24e01cf56ce4d4fd56635f35a9931b8b9f5528a7e2df1ceea44beccfd44d3c4ad37878d21c790cecc7cf6b5ad47456d187179feaf759af62e5d0da8b59c35bd19527d0a396683506800b10db9bc30aa574378157636cdab40b207c5f8a0c7e3d3554aed635d2fe2a5e9b07baa625badca896744c1500e14eca7396b0be48ec92ada1215517bf6576d3303ddbd8cde5e7a363586ccfbc338b31344feb22f861b6b17f6078d02b24553b2972dcfe20582d3348ee460e79cbbad13999b4be6e870986e006ac25f774192fcdd84e1743672d6907783de10faea2007495f4d7a687f5c1dd5e490142c43b6bdbd2c32ebfd4ea9b5218342a8048f6c169b5f247fdad403d40353803de27f171ccf2df017a237d30608924599b8c092986283f6186ab31fe2b6b99dd214c639da4bbdf8640879491df34260edbbb98bab226dae28bc237df27ea0846eb188d00579a86527cdff9cc45a9335cfa0ce123d6bb784cf5e72807ee1f5c1d5d721ca4cec796c664c317cc5778686ed94b2da797d67570da98388a2dfa32c1713f61f024a6c574a5c681410e7feff15e39c600aca16ca15a79bbe9680fa7ad6a5a2d567d7e8b953b8232c5d2a9e601c0bb5060c62dd7d675eae7c508f7e3409b5045c717beb75661f8f65857bbca2b9eeaf81d6dc7be0d379656b7861e06f79f9da52a30c63108e4d7aeccec96303fe86302d0d28300e422a1445bcbb88ab30ee458fe81a4883d067ecc2fee70430b10a2f9a5545794fe406822b72662f4accf7e58cdbd3cf56703f8360d26f86a9f65973834442b0d52ccbcb48a90e6c872acba38f911919ccc18c9dd1b7b6de544b84b40b3cbbad8850268f4d9e94b061821f76344731c651b5871767d3096023b2a4c1658918eabd3f2bfa680452984e16bc612ed02f2aaf9d7bc2f501a18e18c70e41532caa00088d0876ba911b206583664c9d121784d3fabffede37abf7314782e655dc2dd08981378b79774b8dfc8ffeb09fb6880d40d9142837e39551cf421da2ab95dd87d0032f4a6a789bcd3899105be285b39a07bf32f49ca0fe2edb32b1aced97a2be9397aab992e3d55766b544dae3c43bf81313c5fd49d3a01c7047eb9b582983662f6c41005ac369a963a7f29c2c78d926ed8556dc12a2f6444044b717edd63a2149bef09ba136b6009ad53a0f304170749cd37b7481692c50148bb937b92af03e98a7959072d40a361b36cb9cd0da6aacc42b88f9965631d9491a43b20e97ca27dfbb69a7f91e8ca6323879de9cb046104fc6b874185c46b38609cf470d513edd536bc1f9b473a225fcca4fde47ccd51027d58ca43b142450f00551788a09ca9b53316c407dc02d6dcc08684c3241569936d5b2b451f1fdd17b9141d92a1c1ddf1be95d9dcb1786c269e2383da5f60134d22c6b435b51769ae31c367165ad9b7eafaf5bf18a1d9b790481d58613c47f5c124bbbd716bc813574726b4ae745a2b85f71c2414ed952d526254c480dd414f8cc4ffca685d67f0b625257737309f3bafa67ebc255748265be391e0abbfa394bb09639dd6a6b9abaff2106671c59717eb7c6e8c0313cf1d78103d14820d473740f0093578f59d83ae7266666f11554b990cbadb36bfd867ca64000d08de26621981e3fc97a69a5369d8babfc22de611b3d1b92001d26c8cddd51ad5fd8266a0a9fe00992b06b52f671817e5a1b02795e614e65da43cfc586d30f7b86bfbbd01c51db49d4138620502071c9ced54a2c14d961d01ab8a48a4ce837f270a95947cc7d96ac529e6ca59f8978248b6a4ff60ac1daa226d57672db1d4968d3837c316f796fae3a283614ccc086672a63409408dd4ad6344e624a7ec572230b006f53e2917499fa24e32b211844c7f7ddea5be4fcfb9a661f20a3b7a573ad3af826a3fb7a2d5b876354a25e976fe50ca15db8cde25b4fcbc03fc3007043fce92c575184927cc33194d259621f6d9e2a71a33ba3e05000ee1bf8023ce2d9c292decb3c423fe6a8c0556241c6c05e58eda6c804afe088bae100306a3f0bd79bdb3d9353fdeeb890136a4977dd599689678ac86503b235707b67bba16e2d3c1e4e3585ae3e89e947fc3174a90ea016c18a1e8ae3afd8ba8343f3a02d5388994f657f1b5b7bda", 0x1000, 0x6}], 0x800884, &(0x7f0000001440)={[{@oldalloc}, {@noacl}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0xc5}}, {@dioread_nolock}, {@sysvgroups}, {}, {@noauto_da_alloc}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x2}}, {@mblk_io_submit}], [{@fsuuid={'fsuuid', 0x3d, {[0x38, 0x63, 0x31, 0x34, 0x1, 0x31, 0x65, 0x32], 0x2d, [0x64, 0x30, 0x65, 0x66], 0x2d, [0x63, 0x37, 0x34, 0x36], 0x2d, [0x39, 0x37, 0x38, 0x33], 0x2d, [0x34, 0x39, 0x38, 0x62, 0x31, 0xe6ca705c284f2801, 0x0, 0x63]}}}, {@appraise_type}, {@euid_lt={'euid<', r0}}, {@dont_hash}]})
faccessat2(r1, &(0x7f0000001540)='./file0\x00', 0x8, 0x1000)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:41:41 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x80000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:41 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r3 = getuid()
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r3)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r7)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r8, 0xee00, r10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r2}, {0x2, 0x3, r3}, {0x2, 0x1, r6}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r7}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)
ioctl$FIOCLEX(r1, 0x5451)

03:41:41 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x10001, &(0x7f0000000080))
setsockopt$inet6_IPV6_HOPOPTS(0xffffffffffffffff, 0x29, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="080d000000bb0000c204000000ffc20400000009040101c204000000050758000000021407ff0fbe860000000000000100000000000000050000000000000005000000000000007f00000000000000ff0100000000000001ffffffffffffff00000000010000000700000000000000090000000000000000"], 0x78)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x89f1, &(0x7f00000000c0))

03:41:41 executing program 6:
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f00000001c0)={{{@in=@loopback, @in6=@dev}}, {{@in=@remote}, 0x0, @in=@loopback}}, &(0x7f0000000000)=0xe8)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1570.090870] No source specified
[ 1570.092596] No source specified
03:41:51 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:41:51 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:41:51 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x200000000000000, 0x0)

03:41:51 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xe0ffff, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:51 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r3 = epoll_create(0x9)
ioctl$AUTOFS_IOC_EXPIRE_MULTI(r3, 0x40049366, &(0x7f0000000000)=0x4)
write$binfmt_elf64(r1, &(0x7f00000001c0)={{0x7f, 0x45, 0x4c, 0x46, 0x7a, 0x7f, 0x7, 0x1, 0x13c000000, 0x2, 0x3, 0x7, 0x209, 0x40, 0x1af, 0x2e1, 0x1f, 0x38, 0x1, 0x3, 0x8, 0x100}, [{0x60000000, 0xa3bb, 0x5, 0x0, 0x1, 0x5, 0x3ff, 0x1000}, {0x0, 0x4, 0x100000000, 0x7, 0x4, 0x7f, 0x1, 0x5}], "bd342be00281ebf4cb83a9f3af0096bce68253a1287ef93c25a7b141a4c614c1d412d88940449ac2c84baedcac55bdcc3de2ca84fe717cf7bc69ed7f2d0cdd1b761afdcfd7c3e3ab5ebc2469699622bf53951dd1f77420c2617395", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0xa0b)

03:41:51 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x0)
setfsuid(r0)
r1 = syz_open_procfs(0x0, &(0x7f0000000040)='net/arp\x00')
pread64(r1, &(0x7f0000000140)=""/81, 0xfffffffffffffe74, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1579.609589] No source specified
03:41:51 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfffffffffffffffe, &(0x7f0000001b00)=0x1)
rt_sigtimedwait(&(0x7f0000000000)={[0x2]}, &(0x7f0000000040), &(0x7f00000000c0), 0x8)
fdatasync(0xffffffffffffffff)

[ 1579.616084] No source specified
03:41:51 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r3 = getuid()
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r3)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r7)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r8, 0xee00, r10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r2}, {0x2, 0x3, r3}, {0x2, 0x1, r6}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r7}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)
ioctl$FIOCLEX(r1, 0x5451)

03:41:51 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x141000, 0x0)
ioctl$SCSI_IOCTL_DOORLOCK(r1, 0x5380)
r2 = openat$cgroup_pressure(r1, &(0x7f0000000080)='cpu.pressure\x00', 0x2, 0x0)
close(r2)

03:41:51 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$sock_int(r0, 0x1, 0x53, &(0x7f0000000100), 0x4)
fdatasync(0xffffffffffffffff)

03:41:51 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x300000000000000, 0x0)

03:41:51 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r1=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r2 = getuid()
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r2)
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r5=>0x0, <r6=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r3, 0xee00, r6)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r9=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r7, 0xee00, r9)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r1}, {0x2, 0x3, r2}, {0x2, 0x1, r5}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r6}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)

03:41:51 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x1000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:41:51 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r2 = add_key(&(0x7f0000000080)='pkcs7_test\x00', &(0x7f0000000100)={'syz', 0x1}, &(0x7f0000000140)="60eabac3b11ba6c4539ef8a9e498cdb32daeaab6cbb0981cfe0277f5a770eacc047841afd1b74a300c28dcecbce5eae107b48d146c2a71d8cf3caf688f19031ec15910461cbacb8e2d47975939662a9715efd381c9d2c03aaa96e78e5282b1a1258f4fe2f63608bfc34f", 0x6a, r1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r2)

[ 1582.521054] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1582.525104] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1582.527695] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1582.546974] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1582.558574] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1584.621966] Bluetooth: hci2: command tx timeout
[ 1586.668750] Bluetooth: hci2: command tx timeout
[ 1588.716791] Bluetooth: hci2: command tx timeout
[ 1590.764833] Bluetooth: hci2: command tx timeout
[ 1598.387620] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1598.388770] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1598.426337] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1598.427590] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
03:42:19 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x800)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x82)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x7, 0x1b42})

03:42:19 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x2c}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:42:19 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:42:19 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='.)@\x00', &(0x7f0000000080)='\x80)-$].\x00', 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:42:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x400000000000000, 0x0)

03:42:19 executing program 4:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r3, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="99cd99dd05"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r2)
r4 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000340), r0)
sendmsg$NLBL_MGMT_C_LISTDEF(r2, &(0x7f0000000400)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x24, r4, 0x100, 0x70bd2d, 0x25dfdbfb, {}, [@NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x6}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x29}]}, 0x24}, 0x1, 0x0, 0x0, 0x40084}, 0x10004080)
r5 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$ieee802154(&(0x7f0000000200), r1)
sendmsg$IEEE802154_LLSEC_ADD_DEVKEY(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x2c, r6, 0x431, 0x0, 0x0, {}, [@IEEE802154_ATTR_LLSEC_KEY_SOURCE_EXTENDED={0xc}, @IEEE802154_ATTR_DEV_NAME={0xa, 0x1, 'wpan0\x00'}]}, 0x2c}}, 0x0)
sendmsg$IEEE802154_LLSEC_DEL_SECLEVEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r6, 0x800, 0x70bd28, 0x25dfdbfe, {}, [@IEEE802154_ATTR_LLSEC_SECLEVELS={0x5, 0x35, 0x6}]}, 0x1c}}, 0x80)
r7 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r7, 0x0, 0x0)
mknodat$null(r7, &(0x7f0000000000)='./file0\x00', 0x400, 0x103)
r8 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r8, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r8, 0x0, 0x0)
close_range(r7, r8, 0x2)
fdatasync(0xffffffffffffffff)

03:42:19 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r5, 0xee00, r7)

[ 1607.968898] No source specified
[ 1607.975301] No source specified
03:42:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x500000000000000, 0x0)

03:42:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x3000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:19 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000001c0)='\t\xca\x17\xab\xccoX\xfcE0B\xc8s\xff\a\x10\xa8\x9dXE\xd1X\x9f\xfb\t\x03(,\xc60\xc5X=\xd7}\xa1~j\xf4\x89\xc4\x87\xb2\xf7\x15\xed\xe8\x0fK\x19\xaba\xdd3\x15\xfc\xd5k\x8b\xc6\x14yj[+YX\xa5\x96\xf4\xaa\xa9\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00!\xa2\xa1\xf6\xa1\xeb\xaa\x10RY\xfb\xa5Z\a\x01\xb5\xc9\x82L\xb8~2{T\xce>[\xe1S\x14\x97\xe0\xd3\x95s\x80\xc3E\x04\xa1$\x7f\x13\x9f\xa6\xcb\xe3\xb5\r\xbc\x1a\x84C\xb2e\xc5N\xf7L\xb0\xf0LTl\xdbD~\xc3\x942\\\xfbxa\x127\xc5\x9b\xbcn\xe3G\xd5\x7f6\nt\xeck\x17\xebt\xc2\x90\xba\xf3W\x1f\xb9\xb9\x04\xbb\x8dU\xf23\xd2\xd3\xd8\x98\a1\x92\x9fD/\x19\xb9\xca\xe7\xf0^\xfb\x9cN\x00x\xfa\xeb\xdd\xbb\xef\x03\xbc\xca#\xd6\xd0U\xc24\xfe\r\x02\xf5`\xcbm7A\x80\xbc\xd5\xc5\x87\xcbB\xe0\xb2\xc5\x17\x85\xf9\xaeJ\xbd\x06\x8d\x95\x02\xa1.p;\xe5\xb1\x00\x17P$\xb0oF1K\x1f#?\xf8l\xa7h\x87\x01\xb9\xd6fx\xe8\xdaH]a\x80\x96\x94d&|\x83\xc1\xd3\xfc\xf8\bq\xc9\x96\x00\xb7\x99/\x11\xad-.\xaa\xec\x84\x91\'\x82\x9acQ\x93&\bl\x1b\x84q\x91\xed\xf2\xe0\x0f\x1cc\x0e\xc3,\x94\x99\x03\v', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1608.055730] No source specified
[ 1608.061209] No source specified
03:42:20 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x600000000000000, 0x0)

03:42:20 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x4000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1608.128331] No source specified
[ 1608.131046] No source specified
03:42:20 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
dup(0xffffffffffffffff)
fdatasync(0xffffffffffffffff)

03:42:20 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, 0x4, &(0x7f0000000480)=[{&(0x7f0000000100)="852e16d8e2a17a10d30597dd26512680fc3c861d26cbeb6ba1208c2fa50bebbd38fb6d87643f423769f71b1028abb5425a36560f21b032e7140c925c4224e42dae63df6e2f5da20477c44014a845039721b522c1efd47d0239ddde0b230a94d907f0635ab4096393342c1d04ca308692c80e338c5348912f8cb6a79ea40471840b9cc09ca0b701e10413143108261316f9cdfe98cf41f6e410aca1f17e9036f4618e9ccb0d1045bc5173b6877c004282fbac60ee2585be4e5cdb019179d582ec570b1f7d15cc65debd2b2a6cc59443fd6c68d9480f383b402a3a203829fa459914f43a2845ac1b2c53d7e97f94fabc89f942fc3d0c12b08dc253", 0xfa, 0x1000}, {&(0x7f0000000200)="3b7e9117bb776d2a277ba66bac4720198039f3e133458217a2a0fdcbe7d0595d7ffd51aa94a79f5d0132eb98eb9179f0f71bf8e2529bf3375a1a5f48693b1227a65ec397815499b80e2a5aa9e1da463aa94d63f4144857fcd9aa16d8f6a660825723f2ecd52965d0b48665dbd4a62028667e9c3dd50106cbdf711059483fc88fcdfdb03e13dd392111ff8fbf3436264285ef3fb0aac69de0c75fb7d1cae2a9651b96d2b8ec8b80966ef6f7d1e6c618d9ccd735ed3179375d988f318e57ee251e39be623426dd76de2053d2e6c90911d7aeaa5d64be182356c182b467c4", 0xdd, 0x671}, {&(0x7f0000000300)="ecc25eb94a288f4bfdfaec950fafc3ad428283213ed22e6194a5164887f7ea0121613e7b5bdb0201003daa647d222c181b2038118a911159bb752d97ee4c43cdb6bc2a2806d87a7a179de67da6fce21f417bc6361f40e369f6c95a731f632d3dbfb57fcc563b7f7691d85506522497c6cd4513b2542e0ff11f1c4bc874c719df35222bd096d5332d7ea8220e5e8ef6b59475bf722214cf14a78da5c1d3a6cd1c16f38b2653b47f96d7b17e30", 0xac, 0x3000000000}, {&(0x7f00000003c0)="6d98159572e39143276e06b1890d624ff280056a54ef14d4f1ca698bba788ad0d8d729738dd53bc9215e963b28c816c3566622b271815091c0dd85158324c457f165c9ae7866ab3e68d12c555ee896cb6191c4d7f956ea8a3075359e6a5394aeabb62b160a0a325161227a35bf83c5a33a7f8f50ba2bd497e4d2ec939a36c067b2e7227e160910423b4d5684e0b57b0ef7faeba2cbae68d818876405dfb670c11bcdb5a35d4902a9f9d3cc9fd57683bf1982dfa602db0a01e1b78e17", 0xbc, 0x8}], 0x1, &(0x7f0000000500)={[{@huge_never}, {@huge_always}, {@huge_within_size}, {@mpol={'mpol', 0x3d, {'local', '', @void}}}], [{@obj_role={'obj_role', 0x3d, 'keyring\x00'}}, {@fsmagic={'fsmagic', 0x3d, 0x8000}}, {@fowner_lt={'fowner<', r0}}, {@fsuuid={'fsuuid', 0x3d, {[0x34, 0x33, 0x66, 0x30, 0x65, 0x36, 0x64, 0x30], 0x2d, [0x34, 0x36, 0x66, 0x66], 0x2d, [0x32, 0x63, 0x62, 0x34], 0x2d, [0x66, 0x30, 0x35, 0x66], 0x2d, [0x30, 0x66, 0x34, 0x65, 0x64, 0x34, 0x35, 0x65]}}}, {@uid_lt={'uid<', r1}}]})
llistxattr(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000005c0)=""/80, 0x50)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:42:20 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x700000000000000, 0x0)

03:42:20 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x5000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1608.185629] No source specified
[ 1608.220027] No source specified
[ 1610.551441] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1610.560132] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1610.564862] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1610.569610] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1610.575022] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1612.652761] Bluetooth: hci4: command tx timeout
[ 1614.701058] Bluetooth: hci4: command tx timeout
[ 1616.748739] Bluetooth: hci4: command tx timeout
[ 1618.796792] Bluetooth: hci4: command tx timeout
[ 1626.199025] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1626.200153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1626.267741] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1626.268849] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
03:42:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x6000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:47 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:42:47 executing program 6:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_INFO(r0, 0xc08c5334, &(0x7f00000002c0)={0x4, 0x1753, 0x1, 'queue0\x00', 0x6})
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000240)={0x4, 0x80, 0xdf, 0x6, 0x9, 0x8, 0x0, 0x78ed, 0x408, 0x7, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x3, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x8, 0x0, @perf_config_ext={0x3, 0x8}, 0x8014, 0x6, 0xfffffffc, 0x0, 0xffff, 0x20, 0x5, 0x0, 0x800, 0x0, 0x4}, 0xffffffffffffffff, 0x4, r1, 0x1)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000)="588baeb1d80803f49eb39da9c348a78c4813a61f806cecff8be9a0a2ad24551dc4cffd3d6d95c4e281cbd270cf344f6e6cb7d2a9ee203f", 0x37)
read(0xffffffffffffffff, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(0xffffffffffffffff, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
close_range(r3, r2, 0x2)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r2, 0x80489439, &(0x7f00000001c0))
fcntl$setlease(0xffffffffffffffff, 0x400, 0x2)

03:42:47 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x800000000000000, 0x0)

03:42:47 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r5, 0xee00, r7)

03:42:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x3a}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:42:47 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)

03:42:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1635.856727] No source specified
[ 1635.857508] No source specified
03:42:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x7000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:47 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x2)

03:42:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x800)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1635.979004] No source specified
03:42:47 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000000)='\x80)-$].\x00')
r4 = inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r5 = dup2(r1, r3)
perf_event_open(&(0x7f0000000380)={0x1, 0x80, 0x44, 0x80, 0x7, 0x1f, 0x0, 0x1ff, 0xd515, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x101, 0x1, @perf_config_ext={0x2, 0x101}, 0x80, 0x7, 0x0, 0x8, 0x3, 0x1, 0xfff, 0x0, 0x8, 0x0, 0x7}, 0x0, 0x5, 0xffffffffffffffff, 0x0)
write$binfmt_misc(r5, &(0x7f0000000240)={'syz0', "d04fe8d9fdadada3e48188859d64cf9e5b37b769e10221927fe9ad8af36f1a246e81d38518ed25476cc873eef5ca57dd5967754052e88b06e7129b59d349539dfed8ea81bdf0f46155d344942fba1db9664166a3a85005ad3b4c3f08ea07ef94cbb87c5910329294c43d07820f1a500803e2a8d0a19f19cb7f40a429b792e9fa7b722e64f5fcdfdbc6b671fffc966b7e1b3cd96210dcf1f399e5fc36fda83b5557e764f3aaebdfc015917d7a1f0d6310044801f52d324b3ed4a353c841930b64d9d0f7a17af7f0ad79e0fc3de765f015e9cd929571994d845dd1b72bfb8b23de8436fd248751eea024f47ee6dd6d8de1c0ad12f2ba7f42c805966671f4d1cc"}, 0x103)
read(0xffffffffffffffff, 0x0, 0x0)
inotify_add_watch(r4, &(0x7f0000000080)='./file0\x00', 0x100)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r3, 0xc018937e, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r6=>r0, @out_args}, './file0\x00'})
execveat(0xffffffffffffffff, &(0x7f0000000400)='./file0/file0\x00', &(0x7f0000000500)=[&(0x7f0000000440)='syz0', &(0x7f0000000480)='\x00', &(0x7f00000004c0)='%\x00'], &(0x7f00000006c0)=[&(0x7f0000000540)='hugetlbfs\x00', &(0x7f0000000580)='\x00', &(0x7f00000005c0)='+@h}(.^^]\\}-{\'&[$\x00', &(0x7f0000000600)='\x80)-$].\x00', &(0x7f0000000640)='^\x00', &(0x7f0000000680)='\x80)-$].\x00'], 0x1000)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x81, 0x4, 0x0, 0xe2, 0x0, 0x3, 0x8004, 0x9, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x8000}, 0x8050, 0x1, 0x10001, 0x9, 0x7, 0x3, 0x4, 0x0, 0x2, 0x0, 0x1}, 0xffffffffffffffff, 0x7, r6, 0x0)

03:42:47 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)

[ 1635.983077] No source specified
03:42:47 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mq_getsetattr(0xffffffffffffffff, &(0x7f0000000000)={0x3531, 0x1, 0x80000001, 0x401}, 0x0)
fdatasync(0xffffffffffffffff)

03:42:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x8000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:47 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x3)

[ 1636.066227] No source specified
03:42:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r2 = add_key(&(0x7f0000000000)='.request_key_auth\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="5c8c6f452e71c0f2f08022ebd210cce1c592fd2edea735584bf6753bd3e8be69e41ade75", 0x24, r1)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r2, &(0x7f0000000100)='user\x00', &(0x7f0000000140)=@secondary)

[ 1636.072285] No source specified
03:42:48 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x4)

03:42:48 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x9000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:48 executing program 4:
r0 = memfd_secret(0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(r0, 0xc0189373, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r2=>r0, {0x5}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r2, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
fdatasync(r1)

03:42:48 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
faccessat2(r1, &(0x7f0000000040)='./file0\x00', 0x152, 0x1100)
faccessat(0xffffffffffffffff, 0x0, 0x0)
ioctl$AUTOFS_IOC_CATATONIC(r1, 0x9362, 0x0)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r2, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r2)

[ 1636.174103] No source specified
[ 1636.176298] No source specified
03:42:57 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x60}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:42:57 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)

03:42:57 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x4000000000000000, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f00000001c0)='hugetlbfs\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)=ANY=[@ANYBLOB="010001cb0f000000ff7e5a02", @ANYRES32=<r1=>r0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='hugetlbfs\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:42:57 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x5)

03:42:57 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xa000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:42:57 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:42:57 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)

03:42:57 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioctl$NS_GET_PARENT(0xffffffffffffffff, 0xb702, 0x0)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f00000001c0)={{r2}, 0xa, &(0x7f0000000140)=[0x4, 0xffffffff, 0x6, 0x7, 0xffffffffffffffff, 0x8, 0x400, 0x3f, 0xc1, 0x2016], 0x80, 0x7, [0x1, 0x380000000, 0x1]})
read(r0, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fdatasync(r3)

[ 1645.279763] No source specified
[ 1645.290712] No source specified
03:42:57 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x6)

03:42:57 executing program 3:
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x20, 0x1, 0x4, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFULA_CFG_MODE={0xa, 0x2, {0x20000000, 0x3}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20000}, 0x881)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x6000)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
setxattr$trusted_overlay_opaque(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r1)

03:42:57 executing program 6:
r0 = fcntl$getown(0xffffffffffffffff, 0x9)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}}, r0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:42:57 executing program 4:
futex(&(0x7f0000000000), 0x80, 0x2, &(0x7f0000000040)={0x77359400}, &(0x7f0000000080), 0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:43:08 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xfc}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:43:08 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)

03:43:08 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)

03:43:08 executing program 4:
r0 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NLBL_CALIPSO_C_ADD(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x4c, r0, 0x400, 0x70bd26, 0x25dfdbfb, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x4c}, 0x1, 0x0, 0x0, 0x2004c891}, 0x400c008)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:43:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xb000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x7)

03:43:08 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x400)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x400)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:43:08 executing program 6:
r0 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x5, 0x100000001}, 0x828, 0x1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
sendmsg$IPSET_CMD_RENAME(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000100)={0x7c, 0x5, 0x6, 0x101, 0x0, 0x0, {0x7, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}]}, 0x7c}, 0x1, 0x0, 0x0, 0x1}, 0x4004854)

[ 1656.211280] No source specified
[ 1656.215945] No source specified
03:43:08 executing program 3:
r0 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r0, 0xb, 0x0)
msgctl$MSG_STAT_ANY(r0, 0xd, &(0x7f0000000240)=""/164)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
r2 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
add_key(&(0x7f0000000080)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r2)
r3 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$negate(0xd, r2, 0x3, r3)
add_key(&(0x7f0000000000)='rxrpc\x00', &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340)="2dc830230b435e1575e6dd98023c9d39e8eb8bdcc41c18fe98ff4360307e43ed0467ca3ffe09001000eaa370583cf3e6c12a01a6bb1d0e8cfc2852e461f709715f1fccffa44f630def05000000000000009ef4f5edb2e8d9fb7e9b4f9193e2c5692b946c3068d95fcd7c93ee97529def0de993b2c59b8c92528bc3", 0x7b, r2)

03:43:08 executing program 4:
openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x416240, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:43:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x10000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:08 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)

03:43:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x8)

[ 1656.307931] No source specified
[ 1656.311850] No source specified
03:43:08 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
ioctl$MON_IOCX_GET(0xffffffffffffffff, 0x40189206, &(0x7f0000000100)={&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @iso}, &(0x7f0000000040)=""/154, 0x9a})

03:43:08 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x125040)
ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f00000001c0)=0xffffffff80000000)
r3 = fsmount(r1, 0x0, 0x7b)
r4 = fork()
fcntl$setown(r3, 0x8, r4)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x180f0000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1656.402098] No source specified
[ 1656.404044] No source specified
03:43:18 executing program 6:
r0 = syz_io_uring_complete(0x0)
sendmsg$AUDIT_USER_AVC(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="fc0000005304100028bd7000fcdbdf25ea420f4494576a2a11b6111094ae5760a15983bc43cada0db563d9fe6f5cb25154896f04ad79d961c1f7c63f615994b0a4b9f54352be8652e2ddf207b0d7cf85ed1a968d4c5bc4f3e8032568b97dd53695102742744b74a09540dfff2074876991b2897bb5e1a2a58869e1288ae55783d8c0f2ea03b73883962205a486f68da42e7b16477fade623cb2d6c8d7665dea8815575f73b137e17e39c4c451bce924508875580af51454587f526a63a644d616366472bd6f97d991de3f0357e3b6fc0090758bd65e59abf89077c118b5a619cedd1a3e3f726af7999e52b09b44b0a387879b91716f8023b73c278a4788454d30b323692640000"], 0xfc}, 0x1, 0x0, 0x0, 0x4004}, 0x40881)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:18 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
keyctl$chown(0x4, r2, 0xee00, 0x0)

03:43:18 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x1f4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:43:18 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, &(0x7f0000001180))
ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000000)={'syzkaller0\x00', {0x2, 0x0, @empty}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000600)={'ip6tnl0\x00', &(0x7f0000000580)={'syztnl1\x00', <r3=>0x0, 0x29, 0x8, 0x7f, 0x58, 0x19, @dev={0xfe, 0x80, '\x00', 0xe}, @private2={0xfc, 0x2, '\x00', 0x1}, 0xb8, 0x8, 0x5, 0x7}})
sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000740)={&(0x7f0000000640)=ANY=[@ANYBLOB="e0000000", @ANYRES16=0x0, @ANYBLOB="00022cbd7000ffdbdf25010000001c000180080003000200000008000100", @ANYRES32=r3, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="040003003c00018008000300b2da8d060000000000000000080003000100000008000100", @ANYRES32=0x0, @ANYBLOB="08000300010000000800030002000000080003000500000004000300040003004800028044000180080001000500000008000100070000000800010002000000080001000b0000000800010006000000080001000200000008000100050000000800010002000000180001801400020076657468305f746f5f627269646765000400030004000300"], 0xe0}, 0x1, 0x0, 0x0, 0x4040}, 0x8001)
read(r2, 0x0, 0x0)
r4 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/attr/exec\x00', 0x2, 0x0)
fdatasync(r4)

03:43:18 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x300)

03:43:18 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x20000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:18 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:43:18 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r1 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000000)={0x1f, 0x0, @none}, &(0x7f0000000040)=0xe, 0x80000)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fstat(r2, &(0x7f00000004c0))
sendmsg$sock(r1, &(0x7f0000000480)={&(0x7f0000000100)=@in6={0xa, 0x4e20, 0x18a, @empty, 0x3}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000180)="090d285b386c29d0c4e6a7ba6c7be1bae38ad7dc3812c453d0be55a99e49528c5db583972e9f6f8cba761b7d5d0467f4cb3b08c6b2308c8d981ea08a621cd998c3a6cef955fa62e667ec2ad11d93b1c3b1f73068c8460987f9d6ec84007e2f2b69db0f8116ce10428b29ca2a6ed53df2d82810b0153d95f6920b6ef183c4f01549", 0x81}, {&(0x7f0000000240)="45b7fb5883efeb5f5be85698b20150373638ba14a1adbb65d281cc67b09828832b5b6149901e1f14a7bef37ea8e46097cb177da45baa6753a57fb420828606a2409f0eed744318a1d7d95d851ed84dcff0ae764f020fe9892f2f3e710a5b9748392af823d3c2f868487dad7b9ecdcfe0f447747fe4f9040c002f1a", 0x7b}, {&(0x7f00000002c0)="d87c6a3a1b5bd2c70b0248f40653e774847747fbc01b3b812e79994eea261c04b3b383fd1d5e657189e978b384484fd8af6636567909f1dd58746f70f286e8fe1882cb510e5d69b1a4348c8d53a761912aa13fcbb46e0a135c32eaa390991b03a9e4bd9fd6eca7dc2221c9c00d33f1d7bf0b0bb13f4dced048d4f65c597c65604efda4b747ec0a714093e19ed8cf174bb6242d761c02bddf2696b5069d26480e97d8221c33ce8b8b2fa25577ea2d6b1b57cb0cf0eb0cc7598458b0347df472f0df9d8ea2e675328b019fb2c35e81512fc831589d1e187831956e2fb1ad71034e395d56b4cd23a2", 0xe7}], 0x3, &(0x7f00000003c0)=[@mark={{0x14, 0x1, 0x24, 0x8000}}, @timestamping={{0x14, 0x1, 0x25, 0x3}}, @txtime={{0x18, 0x1, 0x3d, 0x1}}, @mark={{0x14, 0x1, 0x24, 0x8}}, @mark={{0x14, 0x1, 0x24, 0x6}}, @txtime={{0x18, 0x1, 0x3d, 0x7fff}}, @txtime={{0x18, 0x1, 0x3d, 0x583}}, @txtime={{0x18, 0x1, 0x3d, 0x2}}], 0xc0}, 0x8001)

[ 1667.050259] No source specified
[ 1667.058426] No source specified
03:43:18 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
sendmsg$IPCTNL_MSG_TIMEOUT_GET(r3, &(0x7f0000000300)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x30, 0x1, 0x8, 0x301, 0x0, 0x0, {0x0, 0x0, 0x2}, [@CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x1}, @CTA_TIMEOUT_DATA={0x14, 0x4, 0x0, 0x1, @udp=[@CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0xc2a}, @CTA_TIMEOUT_UDP_UNREPLIED={0x8, 0x1, 0x1, 0x0, 0x5}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x800}, 0x4040810)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='\x80)-$].\x00', &(0x7f0000000100)='\x80)-$].\x00', 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000000)={0x1})
perf_event_open$cgroup(&(0x7f00000001c0)={0x1, 0x80, 0x3, 0x1, 0x2, 0x0, 0x0, 0xb60, 0x448, 0xcd822ae9ef6816e4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xffffffff, 0x4, @perf_config_ext={0xd00000000000000, 0x8}, 0x9000, 0x0, 0x8000, 0xd, 0x1, 0x3, 0x5, 0x0, 0x6, 0x0, 0x7}, 0xffffffffffffffff, 0xb, r0, 0x8)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:19 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1000)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x2000)
add_key$keyring(&(0x7f00000004c0), &(0x7f0000000500)={'syz', 0x3}, 0x0, 0x0, r1)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x5400)
r2 = accept(0xffffffffffffffff, &(0x7f0000000180)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @local}, &(0x7f0000000200)=0x80)
sendmsg$AUDIT_MAKE_EQUIV(r2, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)={0x28, 0x3f7, 0x300, 0x70bd2a, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20008084}, 0x20000000)
sendto$unix(r2, &(0x7f0000000240)="caa36026e3c4e0238d30142c3b59adc3e322ba27448357dca5fb24718d63f1ce9585a0fbfa04592d67a26be91f92f0b518323f4103662babdd0fcaba44e1ce", 0x3f, 0x20000000, &(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e)

03:43:19 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
keyctl$chown(0x4, r2, 0xee00, 0x0)

03:43:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x500)

03:43:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x20100000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1667.243161] No source specified
[ 1667.248253] No source specified
03:43:19 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x400)
setfsuid(r0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(0xffffffffffffffff, 0xc018937e, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32, @ANYBLOB="0000002e2f66696c6530000000020000"])
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:43:19 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
socket$nl_xfrm(0x10, 0x3, 0x6)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:43:19 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x40a85323, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xb, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000001c0)={0x0, 0xffffffffffffffe1, 0x3, 0x1})

03:43:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x600)

03:43:27 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x300}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:43:27 executing program 6:
llistxattr(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)=""/77, 0x4d)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:27 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))

03:43:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x8cffffff, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:27 executing program 4:
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
fdatasync(0xffffffffffffffff)

03:43:27 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:43:27 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1676.157085] No source specified
[ 1676.165106] No source specified
03:43:28 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:43:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xc0ed0000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x700)

03:43:28 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r1, 0x80189439, &(0x7f0000000000))

03:43:28 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640), 0x1100)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:43:28 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:43:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x80000)

[ 1676.335255] No source specified
03:43:28 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

[ 1676.348227] No source specified
[ 1678.462153] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 1678.466692] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 1678.471311] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 1678.477634] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 1678.483014] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 1680.556785] Bluetooth: hci1: command tx timeout
[ 1682.604740] Bluetooth: hci1: command tx timeout
[ 1684.652750] Bluetooth: hci1: command tx timeout
[ 1686.701739] Bluetooth: hci1: command tx timeout
[ 1694.676982] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1694.678176] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1694.736583] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1694.737607] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
03:43:56 executing program 4:
r0 = open(&(0x7f0000000040)='./file0\x00', 0x200, 0x1)
splice(0xffffffffffffffff, &(0x7f0000000000)=0x7, r0, &(0x7f0000000080)=0x8, 0xffff, 0x9)
r1 = accept4$unix(r0, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e, 0x1800)
syncfs(r1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r2 = openat$hpet(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000001c0)={0xfffffffffffffffe, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8800}, 0x4010)
fdatasync(0xffffffffffffffff)

03:43:56 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
fsmount(0xffffffffffffffff, 0x1, 0x2)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:56 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x3e8}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:43:56 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:43:56 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xf6ffffff, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:56 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x1000000)

03:43:56 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000001240)={{0x1, 0x1, 0x18, <r1=>0xffffffffffffffff}, './file0\x00'})
mknodat$null(r1, &(0x7f0000001280)='./file0\x00', 0x20, 0x103)
faccessat(0xffffffffffffffff, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x40a03, 0x90)

03:43:56 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:43:56 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0xffffffffffff084f, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
syz_open_procfs(r0, &(0x7f0000000000)='net/ip6_mr_cache\x00')

03:43:56 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x2000000)

[ 1704.175448] No source specified
[ 1704.180373] No source specified
03:43:56 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:43:56 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:43:56 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xf9fdffff, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:43:56 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x6000)
setfsuid(r0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1100)
setfsuid(r2)
fchown(0xffffffffffffffff, r2, r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x2000)
setfsuid(r3)
syz_mount_image$msdos(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x5, 0x5, &(0x7f0000001480)=[{&(0x7f0000000100)="c0830927db0281524a0fe51159cdaf5329755cfdcba2b8f3085d611a5421a1fd62011f4163a2ceace55e99915a8de530a704706b70fc05df93d2eda423bd243cf9ef2ea30c1c8578d0847fd389b9d047a2dddbe20bf4600cb5b711cb83a0a7aae05b1280267d91c931a2d4cb8374b3bfe0cddb30be5c6ab2d339ed845adbf18bec17f7cbff9160398ea1acd251a204a65d63756cd9f0fddbb44b606ea9831880e3d44f824948ad202bd52a196f5490af637c9bfbfcdca3887f2899b93cdd90397c4c169dfac79fd7aa0156ddf4e55b51abbfb46d328d50a5a8f6dcb79428f6f7bdb0849c5a95f668934054bc363eff", 0xef, 0x3f}, {&(0x7f0000000200)="bbe54974a6bd0a38548a3fabb1e0f66bcdfbcf62647550cabd5750bb2fddaf782cf570e6f96c25c7c6574bb8d0e7bde3abfa431dc339fc94d4934b971bdb9f1f1a912d6631abcfa07f6453d3dde0bc133fe80ee0474924ae75d77a0582ee7d4acd9d3b9ac9a5d232f2473e58649d1818104b440e1c2cf35fc97585da770b7c08e2f396f2955b68741016ffaa72eba2d45623c6fcafd0", 0x96, 0x47ffffffffffff}, {&(0x7f00000002c0)="3154e97a983d85f25ab5bfad3c7ac9ce76b0618874f85c0e9b64f6aafe7546b58edeee7850ce443159dd1731381878dce7f24f7a374ca3c8ca6a555d8cbbcc576f295fa9dd6795a8a8df82052ae09f0d933b1f4589a46d16c3808d5e92e38510353d695add0b81eab0f26e3640110b541dd15fa971c94f69e9786545ace95b81944ce0cae8f9d0ce1e1eb657", 0x8c, 0x254cdd03}, {&(0x7f0000000380)="a36866e8000be19ccf875a7b944ead2efd2976bcd7aa4e2df4c6a8724c8701b4b2c1ca7c03e0c42e2815ffda52731af938e5317fff55080440c759b2ae956878f9fca84e4409fb1c90217572669830be2a5560e8b7e87d46b862667c85f17f7b8c1079808170a677cb35a743c8e9bad30c9379e2eff8d06d3b5cb5d3bd03520ecd943890a1b930dad5832dc12d0b149f06eef67676d07b060fe731b2b9fcc581041126b948ef95832aaf20e0d4d4123e2fb4e261205c1d1b05e610d631fa7f6c3b050b55efde1add7ac2df9b8eef0dbdeefa98cf0fa8db90a53b0a6883ca329c304e2c8d69321db593d3466b18e54f5989e5368e03407488322c96a2bebfcd54217aded32489ada721956471128f1dbb256118eb855ba1d80563c7af38ca8cad3368fb27682faa50c3afabf2e7f2440bec064b0a27b5c0ba99f611ce3cb6e86bc3f63d813a2e32b77d6cbdc999a8028e3fbf53f30715f1b9003b1bb98f2ad28949ffe8ac80d2c31c66d3f393e2b79d4e1b0c74cc545f50628a0a1eb6241032df81826bf3e771e64db809faf06e86a92541bfdc76e9065649f2e6cf72d0493808fecf647b51eedcf80ef1dbc8a44e572ef514282663badb375880d3e7dd84a5acc8e300cd15091faa4c5acf8a6e6f8072c7f1c5b99169a8e8542b236710864b1c5852f142cd85ee901f832983b8520f63f50d665ec682aaf99c8623c1a365891724f43b931bbe0ccbf75c8b3f80265476fd01fce3fd0429bb3b5cb5aafbb7fc347ea5ee777d68e0b10e43cd228d434c775e25d63167793aff6e950f5564b142aef5656c91b71110414fe5d7dcb63687b78ae2ac94a191a9202612c8b8bf5ed6a5f6a5a854ffe9b1c1405bb7af073d58cfb3bfbbc056ceffb7e20f463f1ae46b4f0fe68878ac188d797889e470293e096bc4b3016a49f076271511bba986d6fea221e90e2180e522e66a6858360a0108625e5eb71b64ce34955a746e60b924c9e33e6e95aa960932a66dffc39bd09758b14041c5efc6e6765b07012d8d8ec17e4d07ff826772c2447d6c81ed51732425510a4fc96813488cfe775036e2807ed313751cc6ae4d5b06d5a9bd67f896b6a4b8cb06565bf039da12b10832bd3a0092907c0856ecc218e2a47d1af8439a0974ea2f1775fe1f58f986ed19ab51edbfdf7cc68ab34063852fced3b400283bb30acc942bf370d12b99436ee588969b848aa93168b6d11e4e39cab68b83da47dd1afc060f902dafa0c2b725080aef7a94ea8c38aee623ef011ec3678e012d325ff058565bf1b02e6cd327708a58212711a9cd6101343b997ca8f393d2db555188643d6274dc1636729e23228521e860dd8a5161460b38ee27ea9a684d0850185673e5efb23be909e76cbdb08bb5e7ac0377da34ab35ad61ad342f6401f29b1337e6bf0de3756b6dc90c36633cf4be9bab2c24206ecb1b56ef409af05219db31d7acc9289e42296828935e557ca4457c3b636c9cccd46c640fe3266d8193a12cba72598141c2e8556a0036d0a18209cae525cd3d205942830de91809169d64a3fc23d58a2ce97ac20e7fcb55f676a38dc4ca2fc1cfbe0f2fddf7919ffa2409bceffa87aa2e4bb4d5480974276b357e91441299a2f4870e959052d0faf22b9732c60c48b10edf4e9d2a008c5876e465de750de5bdc2eca9c13eae220d47660e57aec933b00e96d6cd439cce055b8b9bb4282d5be30ac8dbffe833df7ed9352925b8ad3d111c076106eddecda9ae8d233483a683cb782be7029660e44795fbde26b56f3b8d35167e9ed7d4494120aa787211da07a81c05f65190af769fbc72febfa30e8a83d88a2fe98b859b0f5eb3d200fbbbea38be48d9339acf005e191874ddd4eda3ad62bc9a52db6bea279a0f2163aa07795803a935ab99e86db8bdf2f52df0372f1d07886c8b0f0c616940f91de2771098f151db36d5c9e32888bcee0c59317d9635172bae4809f0a999d2b75e094e7f7690011a0eccb8ec868f20afd088062f41b017f2a6678f163feaa64318561243d3d3654e43d4ccf8d341599e1f18e942a110b133bed55b821d0795dd0193e257fa9b66dfb424070e53598836d378cf25346b7437787cc19f58e788c9afbe1045e5ecf840f76224b1455cabdcc08224dcfcdfbd295954d5bdd06e9fb722f0cf82d13cc171b0fa46ca681c1d75fc00d74f3d7c85323b68efb3d2fcc1a4d3dc4af56fd18e117856d426ede918aecb2973e0aa9d74a751c09f57808b1301c47854ae214fe2101d48860acfec1a362259496a155dce6f16feb7d04caaac7c8da15a14589ee822df5ccbaafcb4831b2af48f413936347b435f682839a52c016b47bc9e1a620a8390be2c2f5d2b2c74e4187ca801b853ea7078cdefbd28122979b5add36d61095a76b450a72056870be71579e7ceffbddf115153984dcab7fc2ce4e3190371cfc1629cccec22172b9f9af18d6a0229e71bb5fc2e7c35be8f07c7178a68c828f282cd08ce919a4b1220fb76ca59f7f3cb47dd2163b109bc4010bb358f099abfcc66eb9803f7ca18d5ad0fd1b90332dfd2973ff39714cfc4a8b82a252d333347456031249cce31ac32eaca8c8988068cd9f0176635a2cf9c763be24fd0f7ac23c85ca9e721849f1587f2277ae78f3b576561aef41cd04cef9692a9343351123162c4c0a7ae2e6f081cab3b31afe5983128180c6ae167b95a68551b26b0797af77e0eaede2f698652bea1de3f34604b7c1ea5d66c291757f83a4ed88e20f500046188950a613ba77a1a08576aeddcf074ea76e585c0b211604fa4ed5e2612d91fdaf3b5db357c210ab9c3565e62794f1a9c7e0a6b8c7686f4cf8aa8e97104fb0444f5e76ee9b50b566e5f8fce47cc18df1b99ea5c1e0d7b408f2a770eba9d2d5c420f1ba91936f3625a6029a577311a4cf28a3b461a20fe60f6d740f128b49e99bf87bc4601ea6e58fa7b31f94a629fa77fbdddf3c3f5b6ba75e2a9dbd16e74ffccd0523c177bfe7a7937be062cccd6694c22b07ea5f2f33ecdaae2f7fdb9ccfdc8155bf4bf84ed69659393818471cd98649e2db05a812b30adef8786261fb72642a06ee090cf50d208347f8f065b17ee9fd0cf4e36aff49954831a33ee56af2e8c3bed5d76f903712f5da721f83552cf7478864ddaade554f7a8a9b17e467bd997c9d2b12fbc66947c7a997c9f5f490e9a1e531d036e214d0c240a13fc7cdc599e2c3d369aeaa2b369b3a2249172bd4eeeb46eb55da6dd1e80e8153da1b42d2139924d3b043e63034c7640f1f6889dea3c54616f416701aa5f87440cbe7ba2ea0d552608333c372aff90c9ce5b2bde86b47584ebc237a9fd60c292bb61128a912a4cc6ab845e41c8db71587335c8624046aaf1b6ed20373f8b346d4e10c78ca3cf38bab3766f0ac8ebdc7b9cfa30989f940809f2098e49952190b8c1b4b7b912f996c2ca7f8c2d5d1b777b100e2cac90175a06a482606cc60deb844f86b27ee04a48b8f1d2d5c57c8b7bfd02c229ad15903a300a2dc3e99904d991db730b67b594341f357b4ab501ff32d959971777a3f1a334b418e916cfea98a04af61a56c81c49fd838689c1e0efeb643f7448f8fafe7498674df2e3dd014142c31a92771ed683becff00421f826d752021a922818981e170eed169fb3a839d46604d0a878def12f96eb6271bb6eb6e5a6850d953e6917c0b37fba3106b4a87a3ad3562f227b9ce36ea0ce8d175cf090d9877af2a62a15a9e5b8009fd0f3527f13116224a44f61530bece182929fb4dae57f2b137f2d0b7fd4d475d001a02ccda45098c95826514e0add77e74310528a0223535f38d0d68986c03547a23fc4534d7f832b796169961d1f81dbe5feccf1b01c5d1ccb02fbc75de3c51392266e73fbbb8e26752beb2fef8f1b2c4f2d975a154c40a3cc53c1e579b6a67a62f187b9ff784e3dba436084c48468bb1f036a27a7a50d08f698ec9734327b2316630a1e529523778436ecd10f615063123aa8633bf96d61eb975dd0997cd55818a0d089d148956bc0e26ad047cb54aa1b2d42b674c54dde4297320f33050cb07edf79c9e2226167346ba64e5b9d216d9bb957cd0bad90a51ed7e95240147eec0dff712d328eb59b2c387850ad241c04eb463344769baf4d61f9b0d09573ee8be219e4c19860221520d55313b2100b9fd09269fb29cf2e1e7ecdaa3c104186744705a30eeb15aee58a8597810ee401fe221498388815e1c37223521f843e57c1661a6b1a0277a900ec03bcaf3ecdee8eff6ea10a6d2b542dbb7d34de397ed8b04ddfe5580ecc05539c62168c6506e30395da6d97c82c25df55144a040625f12fc90a88baae5a23ed533f50dd690af7f7af92610ce07c423907bf67f6ffd24aea67ebcb83d6466022f620b6934ce332d7584b7a2920e8c0385d63161fe831e12395b3ce8cad8f1c15fa8c94b595bcc7eda06944b83e2b1b5c66a9040e9b4d80fe6edcfc1ae79e24af7ca295b94244367613e5517447c4b7ce344b50873dc3c3cfac251b99484643272c522947bcf8e5a9fa98ff8b46a6f6617f389507936d421254780ca3cf80ff519a1bb019dcdfcf9dd137967d96660754109f2e7c3a0e83d1f27594ab49eb3a8613d3775e0c65c0e9601bf4509a2d8b292ef7839183b39def2e2c3c455b05f5ac540ccc3fbbb0651bc1a069e87b622c3d2472eb9c4c9b4d86435a2dba164b579e40beaa67248800d62d95fc38d70c76eff04e06aec02f1d8a1d1d055cc86fa3b864f3ef56851aff9917fe45e1cf17ea2d76b8053049f35d95c8df0479a26f267a7cbde8daa451ec012700db7531ba9712ade724c9e711dfdd50aa87964e61a2a092527a136fecb193391740371355000f46d9732f35179d4f17e36e23bddc3077b09e1b9852926edefdefdb905f952486be5e615c4dc8a863897362e2aea80e2acc2586f1a4b4daddccab45185060251d28836df12e5bccdd9d4264c80c4c02348d89efdca056136e1826ba0a47f9389b7fc3a40cd2fbf1a30345dc8db1bc43acfe820b35a28f526d81972866158a247479ff48dd804225ac2165af55fd2947b6c3bbf4f9814d99709bdb92b6d0f80ec9c293de2fa67c4967f199affeb0800d62f3adfe457bafbd1df9bf2872881c9c5e3698d228d45dcb4c79fd5754aed56b878f8d446a362df6f36f3677cda5c84f7b8fc7c2ef009580b50bafba8acf55a8eb51fec48dd3df098e70b2b76712919baa5ffa487ae6b9d7187f059a177d7478f630fd6dbf1267eef69a910d8f0b7d158edbc6be03c934b60392cb7b881f7bab1f135314f71914b649cccd2ca00dc90574d3d133223e25b349b9c8c52db6750fa1bfbe3cb03564d1dfc2efb7ac8dc31a367fde102d9f6326bf9333bf02518a2064eea90b6104b7a4eb3b03d02334a71dc2e493899ea3e4a2a6e68e3bf7e714dbbe902a1825bc50dff6e4b7e345bc057e5756f2372e08041f8ce62f87dca10a7e219d39f2eb946665aa82e6e9492c3baa3b5a763f82f8189eeb4a360484787dc8f16b03d78ed83a798dede3e5d2b6da138ff97b2a900584b43a4e9df08e18fd668f3a3a2fe777006cae4b07e891964545993a58ac84bcf16926ac750e7fd7b54aff9d4f50ce94e553ef17c5e66a2e68a1efae352db6b270fdb7d59f0bb0ff31f8924bc3a16254b635dd036d40ad43b78e5806371cfb08f8f206f354637b02b06998c64ee4a30ef0b9ed60faffd982b685567b32ed72c7d3b3e9c331127489be3acad49a7662c00d4223ae6fc31e987511dfc34f05592aad1b2e5f9de67ecc42d1ea", 0x1000, 0x2}, {&(0x7f0000001380)="6e522ca68b570d310342fd1b4680892d7d394980ef91be390ce046ced7851c7337b2a03aced5daa6fee54245c4e7860969ef5f739a0670e8a8be66ace1114b862082729c190e9cf242f0b3e058d0fde79bf29c39e3fbfe91d64aee74abde9ff54f16e053c18627c729231869d563c0685d47fb069912a3a83846389d27337a0e62e5d5e7979b741481986f77252b6032ccec6e19943f99ef317cf3a064e4a9646ced4d6cb1784eac87590eb2a1f7d56c408dbef80f02eca2e057cac4f0db118762", 0xc1, 0x40}], 0x8000, &(0x7f0000000080)={[{@nodots}, {@nodots}, {@nodots}], [{@uid_eq={'uid', 0x3d, r3}}, {@context={'context', 0x3d, 'system_u'}}]})
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:43:56 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x3000000)

03:43:56 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
read(r0, &(0x7f00000001c0)=""/253, 0xfd)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:43:56 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x8, 0x0)
fdatasync(0xffffffffffffffff)

[ 1704.355118] No source specified
[ 1704.361761] No source specified
03:43:56 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

[ 1707.631337] Bluetooth: hci2: command 0x0406 tx timeout
03:44:07 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000, &(0x7f0000001b00))
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
fdatasync(0xffffffffffffffff)
getsockopt$inet6_udp_int(r0, 0x11, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0x4)
shmget$private(0x0, 0x3000, 0x54000000, &(0x7f0000ffc000/0x3000)=nil)

03:44:07 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x500}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:07 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='{\x00', &(0x7f0000000080)='\xd0\x00', 0x0)
ioctl$FAT_IOCTL_SET_ATTRIBUTES(0xffffffffffffffff, 0x40047211, &(0x7f00000001c0)=0x10)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:07 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:44:07 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0xfff)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000180)={'fscrypt:', @auto=[0x30, 0x5d, 0x30, 0x63, 0x54, 0x0, 0x34, 0x61, 0x33, 0x6f, 0x37, 0x53, 0x37, 0x30, 0x62, 0x34]}, &(0x7f00000001c0)={0x0, "d0fddd5bf36d3aa406ac1921e299255211cfda5be5fec1f4e64409b23b0d94bd681293f2ee8b62242fa90b8c399df6a47da4d985506aaf1cb4ba14f795b993b3", 0x3b}, 0x48, r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000240), 0x6202, 0x0)
mknodat$loop(r2, &(0x7f0000000280)='./file0\x00', 0x9480, 0x1)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x69e34af6, 0x200})

03:44:07 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xffffe000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:07 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x4000000)

03:44:07 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1715.387266] No source specified
[ 1715.394488] No source specified
03:44:07 executing program 7:
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:07 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xfffffdf9, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:07 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x5000000)

03:44:07 executing program 2:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:44:07 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='&\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x800)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:07 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:07 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x9, &(0x7f0000000000)=0x1)
fdatasync(0xffffffffffffffff)

[ 1715.587176] No source specified
[ 1715.596127] No source specified
03:44:07 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x6000000)

03:44:07 executing program 7:
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:17 executing program 3:
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_RATE_NEW(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x84, r0, 0x600, 0x70bd2b, 0x25dfdbfd, {}, [@handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8}, @handle=@pci={{0x8}, {0x11}}, @DEVLINK_ATTR_PORT_INDEX={0x8, 0x3, 0x3}, @DEVLINK_ATTR_RATE_TX_MAX={0xc, 0xa7, 0xac}, @DEVLINK_ATTR_RATE_NODE_NAME={0xf, 0xa8, @name2}, @DEVLINK_ATTR_RATE_TX_SHARE={0xc, 0xa6, 0x9}]}, 0x84}, 0x1, 0x0, 0x0, 0x20000800}, 0x200000c1)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xffffff8c, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:17 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x20000, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='cmdline\x00')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000080)={0xb, 0x4, {0xfffffffffffffff8, @usage=0x6, 0x0, 0x10000, 0x1, 0x3, 0xfffffffffffffb3d, 0x6, 0x2, @usage=0x6, 0x9, 0x9, [0x6c0c, 0x7, 0x4, 0x2, 0x7ff, 0x2]}, {0x5, @struct={0x101, 0x6}, 0x0, 0x81, 0x7fff, 0xfd, 0x5, 0x6, 0x91, @struct={0x80, 0x7fff}, 0x8, 0xff, [0x4, 0x5, 0x25, 0x813, 0xffffffffffffff1e, 0x2]}, {0x5, @usage=0x6, 0x0, 0xfff, 0x4, 0x2, 0x6, 0x3, 0x40, @struct={0x9dd, 0x5}, 0x559, 0x1, [0x1e, 0x1, 0x7ff, 0xfffffffffffffffa, 0x1, 0x4]}, {0x0, 0x0, 0x1}})
fdatasync(r0)

03:44:17 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:17 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:17 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x7000000)

03:44:17 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x600}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:17 executing program 7:
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1725.254324] No source specified
[ 1725.262107] No source specified
03:44:17 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x8000000)

03:44:17 executing program 7:
r0 = creat(0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xfffffff6, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:17 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000080)='aufs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x402080, 0x0)
fsmount(r1, 0x0, 0xc)

03:44:17 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x8, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

[ 1725.422763] No source specified
[ 1725.424340] No source specified
[ 1736.300850] Bluetooth: hci4: command 0x0406 tx timeout
03:44:28 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x700}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:28 executing program 6:
prctl$PR_SET_FPEMU(0xa, 0x3)
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:28 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0x0)

03:44:28 executing program 7:
r0 = creat(0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:28 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xedc000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:28 executing program 4:
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000000)=<r0=>0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x141000, 0x0)
getpgrp(r0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r1, 0x1, &(0x7f0000000140)=""/195)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:44:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x8000000000000)

[ 1736.499600] No source specified
[ 1736.505559] No source specified
03:44:28 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = syz_mount_image$ext4(&(0x7f00000000c0)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x1, 0x2, &(0x7f00000001c0)=[{&(0x7f0000000140)="c72317c373cb9d1a4d5ef8d83ed38cf8903ed917a2d9", 0x16, 0x3}, {&(0x7f0000000180)="d1e7dc6d46df353c83", 0x9, 0x277}], 0x20, &(0x7f0000000200)={[{@grpquota}, {@journal_async_commit}], [{@fscontext={'fscontext', 0x3d, 'unconfined_u'}}, {@fsuuid={'fsuuid', 0x3d, {[0xe, 0x62, 0x30, 0x35, 0x63, 0x36, 0x34, 0x66], 0x2d, [0x62, 0x62, 0x34, 0x61], 0x2d, [0x65, 0x30, 0x65, 0x35], 0x2d, [0x38, 0x31, 0x35, 0x62], 0x2d, [0x64, 0x34, 0x36, 0x62, 0x32, 0x66, 0x6f, 0x65]}}}, {@euid_lt={'euid<', 0xee00}}, {@dont_measure}]})
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs2/binder-control\x00', 0x802, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000340)='fsuuid', 0x0, r0)
openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000002c0))
fdatasync(r1)

03:44:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x8000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:28 executing program 7:
r0 = creat(0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x100000000000000)

03:44:28 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0xb}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:28 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:28 executing program 3:
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x1)
pread64(r0, &(0x7f0000000100)=""/231, 0xe7, 0x8)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0, <r2=>0x0}, 0x1100)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x1100)
setfsuid(r4)
getgroups(0x9, &(0x7f0000000000)=[r2, r2, <r5=>r2, r2, r2, r2, r2, r2, r2])
fchown(r3, r4, r5)

[ 1736.638672] loop4: detected capacity change from 0 to 2
[ 1736.661963] loop4: detected capacity change from 0 to 2
03:44:28 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1736.700307] No source specified
[ 1736.713634] No source specified
03:44:39 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setfsuid(r0)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:39 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x200000000000000)

03:44:39 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xb00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:39 executing program 6:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
r1 = perf_event_open(&(0x7f0000000140)={0x4, 0x80, 0xf1, 0xfe, 0x3f, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x20, 0x0, 0x0, 0x0, 0xbf, 0x7, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0xffffffffffffffff, r0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/exe\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000000)='$(.\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0)
read(r3, &(0x7f0000000000), 0x2000)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
r4 = syz_mount_image$iso9660(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x7, 0x1, &(0x7f0000000340)=[{&(0x7f0000000240)="fb08f7441bff81026d2803d1282075e51ad4a177b3077a383096c889088abc1a60230a494d92729f0ebda4225ef764cac71ccaf8983daf6ecc3f66259569b89ee81cfc570b04ff99aa5a7c1cf6dc2fcd31534a13425287aef8c9e14446792fb0ab308d45c60ccc8e9f7f6c0946df5e371523ed2a0f22c0529f3ef90420fb432f5369f679e0931c9c16dbacb67aae07cd664f4b7477ceb47a34c9327d9a6a0415402192d836229e956288ee5f03904c3fee765737175ffae7b4ed26c9c8dc6063842c6cc2cd7a01891e8fbd5cb0e6d447e3a18b35678434e4d0", 0xd9, 0x20}], 0x20, &(0x7f0000000380)={[{@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@nojoliet}, {@unhide}, {@unhide}, {@mode={'mode', 0x3d, 0x8}}, {@dmode={'dmode', 0x3d, 0x401}}, {@check_strict}, {@mode={'mode', 0x3d, 0x2}}, {@map_normal}, {@check_relaxed}], [{@appraise}]})
poll(&(0x7f0000000440)=[{r4, 0x402}, {r1, 0x60}, {r2, 0x5080}], 0x3, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:39 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:39 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7ff, 0x2, &(0x7f0000000000))
r1 = perf_event_open(&(0x7f0000000140)={0x1, 0x80, 0x6, 0x9, 0x9, 0x6, 0x0, 0x7, 0x98000, 0xc, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x5, 0x4, @perf_config_ext={0x1ff, 0x6}, 0x0, 0x7, 0x20, 0x9, 0x100000001, 0x6, 0x5, 0x0, 0x2, 0x0, 0xfffffffffffffff8}, 0xffffffffffffffff, 0x5, 0xffffffffffffffff, 0x9)
ioctl$int_out(r1, 0x2, &(0x7f0000000080))
read(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000a40)={0x3, 0x0, {0xa764, @usage=0xac, 0x0, 0xff, 0x63, 0x6, 0x0, 0x4, 0x14, @struct={0xffffffff, 0x6}, 0xd98, 0xfffffff7, [0x9, 0x3, 0x101, 0x8, 0x6, 0x9]}, {0x1, @struct={0x8, 0x80}, 0x0, 0x1, 0x7, 0x40, 0x0, 0xfffffffffffffc01, 0x415, @struct={0x1ff, 0x6}, 0x9, 0xfffffe37, [0x8, 0x9, 0x9, 0x1ff, 0x6ed, 0x8]}, {0x40, @struct={0x9}, <r2=>0x0, 0x6a, 0x0, 0x0, 0x7, 0x2, 0x38, @struct={0x9}, 0x8, 0x200, [0x20, 0xe4, 0x4, 0xdfa, 0x800, 0x1]}, {0x3, 0x8, 0x1000}})
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f0000000e40)={r2, 0x5, 0xff, 0x1})

03:44:39 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:39 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xe0ffff00000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1747.386933] No source specified
[ 1747.390266] No source specified
03:44:39 executing program 3:
readlink(&(0x7f0000000000)='./file0\x00', &(0x7f0000000100)=""/214, 0xd6)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:39 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x100000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:39 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:39 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x300000000000000)

03:44:39 executing program 7:
creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:39 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x9, &(0x7f0000000000)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x1f, &(0x7f0000000040))

03:44:39 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1747.523253] No source specified
03:44:39 executing program 6:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
preadv2(r0, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/69, 0x45}, {&(0x7f0000000240)=""/87, 0x57}, {&(0x7f00000002c0)=""/98, 0x62}, {&(0x7f0000000340)=""/175, 0xaf}, {&(0x7f0000000000)=""/40, 0x28}, {&(0x7f0000000400)=""/93, 0x5d}, {&(0x7f0000000480)=""/91, 0x5b}, {&(0x7f0000000500)=""/218, 0xda}], 0x8, 0xc35b, 0x20, 0x10)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1747.544953] No source specified
03:44:39 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x200000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1747.637551] No source specified
[ 1747.638390] No source specified
03:44:49 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x400000000000000)

03:44:49 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:49 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xe00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x300000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:49 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:49 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2000)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x3091c1, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
mknodat$loop(r2, &(0x7f0000000180)='./file0\x00', 0x8, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r3, 0x6, &(0x7f0000000280)={0x3b, 0x0, &(0x7f0000000240)=[r1]}, 0x1)
setfsuid(r0)
r4 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, 0xffffffffffffffff)
faccessat(r5, 0x0, 0x1)
chmod(&(0x7f0000000080)='./file0\x00', 0x1f4)
utime(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)={0xfffffffeffffffff, 0xd7})
add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x1}, 0x0, 0x0, r4)
r6 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f00000000c0), &(0x7f0000000100)="ad", 0x1)
read(r6, 0x0, 0x0)
close_range(r3, r6, 0x0)

03:44:49 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x5, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffff7f}, 0x0, 0x1, 0xffffffffffffffff, 0x24bb9a1c7561d46a)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000080)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000100)='hugetlbfs\x00', &(0x7f00000001c0)='\x00', 0x0)
r2 = inotify_init1(0x0)
read(0xffffffffffffffff, 0x0, 0x0)
inotify_add_watch(r2, &(0x7f0000000000)='./file0\x00', 0x2000080)

03:44:49 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x7, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

[ 1757.190934] No source specified
[ 1757.199519] No source specified
03:44:49 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:49 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:49 executing program 4:
r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000200)='syz0\x00', 0x200002, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r0, 0xf507, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
pselect6(0x40, &(0x7f0000000000)={0x800, 0x20, 0x6c, 0xbbb, 0xffffffffffff0000, 0xfffffffffffff800, 0x5, 0x3ab65bc5}, &(0x7f0000000040)={0x0, 0x6, 0x6, 0x4, 0x8, 0x400, 0x5, 0x6}, &(0x7f0000000080)={0x8001, 0x7fffffff, 0xc0ea, 0x3, 0xd2a8, 0x1, 0x800, 0x1}, &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100)={[0x3]}, 0x8})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x100000001, &(0x7f0000000240)=0xfe)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6d, 0xf3c, &(0x7f0000000180))
memfd_create(&(0x7f00000001c0)='@/[/\x00', 0x6)
fdatasync(0xffffffffffffffff)

03:44:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x400000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:49 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x500000000000000)

03:44:49 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x1000, &(0x7f0000000100)=ANY=[@ANYBLOB='huge=within_size,huge=oever,size=70-,mode=00000000000000000000000,mpol=local=relative:409,huge=always,huge=never,fszame=,mask=MAY_WRITE,\x00'])
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:49 executing program 6:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
read(r0, &(0x7f00000001c0)=""/238, 0xee)
write$tcp_congestion(r0, 0x0, 0x0)
bind$bt_sco(r0, &(0x7f0000000000)={0x1f, @none}, 0x8)
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x10001}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1757.298202] No source specified
[ 1757.300068] No source specified
03:44:49 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, 0x0)
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:49 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:59 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x2c00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:44:59 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x3, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x200, &(0x7f0000000040))

03:44:59 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040))
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:59 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:44:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x500000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x600000000000000)

03:44:59 executing program 3:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000100))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
ioctl$LOOP_CHANGE_FD(r0, 0x4c06, r0)
r2 = openat$cgroup_ro(r0, &(0x7f0000000000)='memory.events\x00', 0x0, 0x0)
sendmsg$NL80211_CMD_DEL_INTERFACE(r2, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x1c, 0x0, 0x200, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, ["", ""]}, 0x1c}}, 0x20000880)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:44:59 executing program 2:
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

[ 1767.516566] No source specified
[ 1767.521258] No source specified
03:44:59 executing program 4:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x2, &(0x7f0000000000)=[r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r1], 0x5)
readahead(r1, 0x20, 0xfffffffffffffffe)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:44:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x600000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:44:59 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040))
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:44:59 executing program 2:
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:44:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x700000000000000)

03:44:59 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
acct(&(0x7f0000000080)='./file0\x00')
faccessat(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f0000000000))

03:44:59 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xffff, 0x8}, 0x3810}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x400000, 0x1)

[ 1767.705012] No source specified
[ 1767.713051] No source specified
03:45:10 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x3a00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:45:10 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x700000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:10 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x85, 0x0, &(0x7f0000000000))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsopen(&(0x7f0000000080)='erofs\x00', 0x0)
fdatasync(r0)

03:45:10 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040))
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:10 executing program 2:
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:10 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x800000000000000)

03:45:10 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000240)={0x0, <r1=>0x0})
perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x8, 0x5, 0x80, 0xc, 0x0, 0x3654, 0x80080, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x22, 0x0, @perf_bp={&(0x7f0000000000), 0xc}, 0x40000, 0x8, 0x7d, 0x0, 0x1ff80000000000, 0x4, 0x3, 0x0, 0x4, 0x0, 0x5b75}, r1, 0x1, r0, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:10 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setfsuid(r0)
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000100)={{{@in=@private, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@mcast1}, 0x0, @in6=@local}}, &(0x7f0000000000)=0xe8)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0, <r4=>0x0}, 0x1100)
setfsuid(r3)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0, <r6=>0x0}, 0x1100)
setfsuid(r5)
setresuid(r2, r3, r5)
faccessat(0xffffffffffffffff, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, 0x0, 0xee00, r7)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000026c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0xee00, <r8=>r4}}, './file0\x00'})
newfstatat(0xffffffffffffff9c, &(0x7f0000003b00)='./file0\x00', &(0x7f0000003b40)={0x0, 0x0, 0x0, 0x0, 0x0, <r9=>0x0}, 0x800)
r10 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r11 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r11, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r12=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r10, 0xee00, r12)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000003bc0)={{}, {}, [{0x2, 0x6}, {0x2, 0x2}], {0x4, 0x3}, [{}, {0x8, 0x0, r1}, {0x8, 0x2}, {0x8, 0x1, r7}, {0x8, 0x6, r6}, {0x8, 0x2, r8}, {0x8, 0x3, r9}, {0x8, 0x5}, {0x8, 0x0, r12}], {0x10, 0x4}, {0x20, 0x2}}, 0x7c, 0x1)

[ 1778.910279] No source specified
[ 1778.923648] No source specified
03:45:10 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:10 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(0x0)
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:10 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = socket(0x3d, 0x6, 0x7)
write$binfmt_script(r1, &(0x7f00000001c0)={'#! ', './file0', [{0x20, '-'}, {0x20, 'hugetlbfs\x00'}], 0xa, "495ad5d1bc134d4909e562578c134ccc1e4e8c9d9d552eb0c97b35808fc8bbd4890c188318f8504a87ecd56f7a61eff8e62f5a6324b03090fa5e7a237881fd060d10121d24c68012a89c9662a1557fd6d83a27632358b64827bb655aefb987bdb6ca15fa96202fe544578b603ee1d3cb3f00638f811de7dde5fbd1fecb55755a45f5b6ee735f75819a3ba462f8d1a7bccff3dc"}, 0xab)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:10 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20, 0x40, &(0x7f0000000080))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x6, &(0x7f0000000140))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:45:10 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x800000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:10 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)

03:45:11 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:11 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r1, 0xb, 0x0)
msgsnd(r1, &(0x7f0000000080)={0x1, "111a7ab5f36c993556b5156a50d4842ffb9315486d1101eb23f5e68e8f309b54a208d809bec9590b3cba07ff9c1ed5d8eb7261d91550a1a0a1b204078c2e71906e5e66572aecddb572b4d86b4e0bf7c0d37691af76359334206a66e6363f77d57f922713aff0f0c2a879a600e8f7cbaadd8e029cfeb3ad3806cba9a6d9e2f046adf2aa899e9dec8b2fa8c32ce37e7c02832b8b78f457d3fb773041bf46e024fd6a264d0c6aafd546829d4638fd78208944f0b092961c4ce06a5abfc421407edb2381c3dceb31e8156dbe3f5fe06d38dd55bc4f9d4e3f"}, 0xde, 0x800)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1779.165883] No source specified
[ 1779.182811] No source specified
03:45:21 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000001b00))
r0 = getpid()
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x8, &(0x7f0000000000)=0x1)
pidfd_open(r0, 0x0)

03:45:21 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
inotify_add_watch(r1, &(0x7f0000000000)='./file0\x00', 0x2000800)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:21 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x4000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:45:21 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:21 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x900000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:21 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='posixacl\x00', 0x0, 0x0)

03:45:21 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(0x0)
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:21 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x4000)

[ 1789.224384] No source specified
[ 1789.231915] No source specified
03:45:21 executing program 2:
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:21 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000000)={0x0, r2, 0xe491, 0x0, 0x3, 0x7ff})
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:21 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:45:21 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
read(r0, &(0x7f00000000c0)=""/32, 0x20)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x5, &(0x7f0000000100))

03:45:21 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xa00000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:21 executing program 2:
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:21 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0)
read(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000400)='\xe3KgD\x99\x97Q\xbf\xac97\xb5/\xaf5\x94~X\xe4\xf3\xf0z\x91\xec\xb4\xf4\xc5\x05\xc5\xf5E*Ol\'@\x96\x16n\xd9\x05\x86jP\x11\a(\x8b\x05\xb5\x84_\xb5\x8f!\xf6\x06H\x98\x9d\x9dZ!b:\xdd\xcf\xf3\xbao\xe8\x98.L\xb8\xea\xb0\xd8\x99l\x82z0\x00\xd7\xf8\xcb\xd1\x8f\x1b+\xca\x19\xc3\xad\x84\x81\xc9o\xcf\xdd\xc3\x97dc\xb23\xef\xcc,z\xe1\xfd\x8f\f\xa7E\xe9\xa3\x962\xd5\xd4V\xa1\xd8\x17#.\xa2\xd6n~\x01,\x109\xa8\xcb\xe4,\xb6(\xc4\xbf&\xf4\xd2\xcf^D\xd9\xdf\xf4[+3N\"2z\x1dB\xe2@\xabg^\xfc\xdb\xdf\x90\xd30\b\x05\x00\x00\x14\xad\xd3G\xb4\xfc\x90so\xa3\xee\xdb\xd6\xa1)&\x8d\xab\xa5g\x10u\xa6\xc1\xe7\xcc\x99+\x89\'b\xa10L\xac\x93\xc1\xb4^\xc8*A|\xc2\xdc\x15\x13|\xf4k\x89\x95\xac\xdb.GI\x1b\xde\x16\'\xa3\x9c\xd4\xaa\xa2\x94:\xd6]K\xdd\x9f\x04\x82\x8b\x11\xc2\xbaE\x82M\xd1P>\x155\xe1L\xc3)\xe1\xd3\xb8\xa5\xd68\xd5\x03\xfd\xb0\x84o\xd3\xd8u5.\xfc\xa0\xa9\x11\x00\xaa\xe6\x83\xe5\x17\xa8\xcf\x8e\xa7\x8dB\x9d\xd1j \xea~\x90R\xc9\xb5s\x05\x84\xf4\x99(\xec\xa1\x80\xd1\x1d\xecu-\n\xc2\x8f4\a\xa0\xd3_n\x8cK&g\x1e\xb2\x86\x9b\xa5;', 0x0, 0x29)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000000)='[(\x00', &(0x7f0000000080)='\x8b-^{=\x00', 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1789.422117] No source specified
03:45:21 executing program 2:
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

[ 1789.431032] No source specified
03:45:21 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x390, &(0x7f00000000c0))
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x2, &(0x7f0000000080)=0x1)

03:45:32 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x6000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:45:32 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffe, 0x2, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x10001, 0x8, &(0x7f0000000040)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x80, &(0x7f0000000000)=0x1)

03:45:32 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(0x0)
creat(&(0x7f0000000000)='./file1\x00', 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:32 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fchdir(r1)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$KDGKBMODE(r2, 0x4b44, &(0x7f0000000080))

03:45:32 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xb00000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:32 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:32 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000080)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:45:32 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
r2 = socket$inet6_udplite(0xa, 0x2, 0x88)
getpeername(r2, &(0x7f0000000000)=@nfc, &(0x7f0000000080)=0x80)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
read(0xffffffffffffffff, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
r5 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000004b40), 0x82000, 0x0)
getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000004b80)={{{@in=@multicast2, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r6=>0x0}}, {{@in=@private}, 0x0, @in6=@initdev}}, &(0x7f0000004c80)=0xe8)
r7 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r8 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r9=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r7, 0xee00, r9)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000004dc0)=[{{&(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000180)="418da49af9eb07342a22f317f2a9bdd2046e061d1d6c70383353e6436781c18bfe4b1802963a4346d88fe8045bcdd260a87429e721e343db59585422d4423fcfa60434d9b0323f45f011aaba17ec35e5be18f0193ec6480cae04a5a8a426584ceaa57d63a66cb86a5f6bc59e4b868d6b5cc2006bc1fdb783d828ead0459080234d51ab30f5261ad70422b529d8e0ffaf6e699733fdf4d27015b5266374c97ce6680a66aa40ea9fb8c5084439b39f11db5dc9f7427a07df97046b9cf3536a3ed14fadd8555896f414b6b94e177e205011ee7849c528219cddd2b679501a1f754a3b14", 0xe2}, {&(0x7f0000000280)="853f2fdb9384c60d925d6c62fc022529d87d839782a7b9f984fa7c84744ea5df69d50da09bf9d1a40b8b37b811f28980a889c011eccca365831bc4e5", 0x3c}, {&(0x7f00000002c0)="58d57387c87695b212299275088a2c64b9819de14e767755d53ea87247b403cb4a6dfd2466bd55d6929e93a8e6d4cde32051518f9ad7ab043e49068b2242b224b35372242350351dc2af82ab79997d015862dad76ff57041bac9a0cb6551ce5a56893c4cff44cca5c7afa1ae32e813e90911a3df764822cac39cb1b9902751eb9c757a666975e740dba1d41c81e4d20a522d1c522a34999808eb301aa9115b176d0d7f54e62241744078b75b216b4c", 0xaf}, {&(0x7f0000000380)="902c590f03b05cd5ac6a8aa46a6f3dcb5a2283d9d13d60b2e8a2f70f7c3ea16d6cb423c597e2e66ffcd37c194d9652f835b423c1c9546842a6a82d12af46acaab2028fbc05ed287e338e0ad10d92b3e5bb8ac68b61e29ea359177241ee4c8afe462002698062cac83536518231592d6bb66ec5add74a405add21df3f77be92298d95e519d70b202781d5368b6fc6cf28857cb28def9daefc1c0bf9285fcf91248ba67709949c9f843b80f6929c133c9ca9b26658facc0f8c2948408e39f03e996596a55366a0e8067e47b267c2c31c495693f1200239b6f8826fd280418fb2e481286a0e1e8b6734edbec2fe4878770b987bbeefd2e51e95", 0xf8}], 0x4, 0x0, 0x0, 0x4000000}}, {{&(0x7f00000004c0)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000540)="851ad321d76863103b70d7aa3d4607dd9851ad5eb9bd29412531bc68ff4b81f84b599c735cc89d32903a1fc0b51cbea713f556066707dca0bf69bbddd4830d788f2207539636b450c38d403fdb7b0214ee952bc6412bd2ca2d22b387", 0x5c}, {0xfffffffffffffffc}, {&(0x7f00000005c0)="973354a85a32abef4ef06d67d1cf3ad761962ee5562768362d31deea7c16ac5e3ae72815f06f58e897697e315421c9c002033dd7b8", 0x35}], 0x3, &(0x7f0000000b00)=[@cred={{0x1c, 0x1, 0x2, {0x0, r0}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r1}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0x0, r1}}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [r2, r2, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, r2, r2, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf0, 0x841}}, {{&(0x7f0000000c00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000001fc0)=[{&(0x7f0000000c80)="7d276ae3021b25e9e909f06d4fca74a51863f5d9d6fc132711f423f7aecb136e1536983c940354e8d2e7e17d250a041471a7a32ed327461994c58c1c0d511638e764cf70600b561838827855ca7897bb81ca5e7f9094be68a0f81d79bd8a7b39cc", 0x61}, {&(0x7f0000000d00)="6ad7e9cb7ec4ff8c635aa4a4f286c92976a3ccaf6822ef7855d493af94db403c8b4c1d4bd41e48c387a22b77", 0x2c}, {&(0x7f0000000d40)="a39022eeacea5d5f765cd88c3d7a8af2fe56037e53ed8e32bfb03f740123bc04c454644ea80cbd662ca5a24a38aedeb3a6dc23734e259883f60f9bb43dee71f7b79d91", 0x43}, {&(0x7f0000000dc0)="4c6b07a47d0bb8e69062d92af9bcc3498f5173e380b625a8b3e8b7244d6e75064235843be4afebd10dd9d34ef522d4a5a8821459747e96fb0d45f0f1163c0378c18b3171bfe276022683caf14313b9dbe13b19fd7114b9cac7aade1e74ceae2e015d80af02418d05fc45ede595da66253e7a786cbb40897b1f944424b3aed69890897dfeadc280aefea09ca0993434f0d62faaa2", 0x94}, {&(0x7f0000000e80)="7fc242f356e32451eddd4ce4b10d2a0d6f87bbfc6f8b7a65305a91267fc62f85f2649a76036a5e999b0c164ef5a76a6f335fd67422d10dc34f9ed373f8985d5744c3382f5e2e5d456b3b9d3345ba6243d862b0f22cb6410211291851c851ab02de9b6a1553ff2f41053d936cfd93a6fb5175ce7b241dbc5d76f8004ef680f73a7415a283e76484232f21ec8708a4855a59faee3fbf8e6250c300ba6af725b35f41d10f77bdeed0436fd057fd457fbeb14c32bc7c7cdba52f0103882869af87ec3e9e61f5ff1e35d1356d8c0fa3be24b40b08c91c660a0bd7cd2d15130951c1e9fba743649d83e3a0caf86df2cbb51cbeb1e50396604a9d97e089fdd8487352dbe4a3d87799b4c1462913cdde76b5e5813717fed6f6aacbf738ce5a72eeb6219bb513b58e24b6a40f2bbd769e7796ff16eac2d4fb825a83961b1362e1c68d63ec3991df6709e139aebb6c1791fe73d12ad052efa20748fadb0a6ac7008ee95f54caa28c2696f966a92401a16e255c0140dd1ed7f562714b03604e001a0f280a01ed95195e9d13caa7bad56f5c2783bd72c56713f98665b772b261e19cc77da5a9175dbf43a30e366e0d2a2c600d415d613ef578ec9b303df5dbf3c76699fabdad2244e9590df3f8397b6c0b2da674686d7ca0778ceebce17f6186e0708f5ae4cd67f4bfed6ad57f121902b151f8b93d93f7d57a915abf5889484c0cc767494c17cbf7d6f4ad9c4d15586cba6f982ae95402676ec9baad6d9d27642ccb508a6eb048e1f61c4bc559f9f9964e097430442798fb009b23ff1dca4da536e35ab81f7a367e07f9ae30311c26a591618e890e12ead92e80013d162985eb17ba08697551ec134545852b99e7b9564f780db8f7cedb859efcb1115e9703b527203454e1f3a47895db60c00ae60f769cf5c27a983d61c3093c2fabd61a458e4968f584db0136fe977228e4ab23ad5095275629c17d0cc750ebf9e4104897267cf5b2b9433bfda80accebca7242336f5fc4f940f50e23f1bf0e77c9506e327cbb02ad9dafdd831f235ef073e011a14d0ee91414b53dc856337f7ccc254312d46da876ab187e64074d37802a03c7599f49524625fa994a887352d053cc4f19e194231f1f1628f3635c6ee7f07ea20bb374d08a753e7ab812fe5c26579d26260faa585b361940cedb609d1f079fe7c2bb9701997676d160391567434bc811a5247ed9d4e065f2b5c251c834c2833f3c53ca8d6fedeaad69ebea3cf05123d1b614c93d2f2f54ade19114c3b2562089547a549fb7346bcbb679731835e35726fa725763832666d1cf402a131d695992865d2047dbc7aeac5325a09eba22c0b58e74502311b67e8b1f98eee7e4608e35493994a152b3f9205ad59e6c3d36ced291338a6fed0441e2a43c505d2242710a44a2d9e2856b1074449618aac4a8e6927382e9d666b9becc9b8799d78db33b336e3f347ae9d40d5773dcf3e868be20dfbb2005e34c04d31ddd34e18046c98d48bc250e3a98878d93c86bef4b2bc86fdf29ec24032a6e42a66f78006831a669b628d860a21198c91015486dba5d7890e734ce82ff4be68e42c9372ec2049161217e5f931604be35675a248b0b75a160aba4691e1a18dd9d338f5f083602494a1c67041e3d6e7356eca8e22d37c2d0206e2f8b5eae57d7aea14abd72224866ff7ecb8bd3e6ed913950abfec02b503492df7e9e1728b051199bbf996b26ca540a790cdded5edc08845911be95a0f943f792eb715ac9f633a79d98f0b0fe2d471dde492e294de98541a2a6ad797f08f85cb7998d0ace67606d4672dc09418e6fcc93e308a940002737ca94ec7393bc9dfbd359ea34e6332c100a007da8deb2da00534e1ae4ff234212f70e9d43594a9638c0c47727bcd8476510b3eccae0bf0bda102c37d63818e0ac0afca3f77d3557ea7c8a9580d74d2a162e176280eee46140e9877e21c924467fd9ca3d89ff15d0e07a021283b2351ae628cab79273fbf4446b5f1839a88f575856458dbc2f8d9f70712b125d797387b325c808804c3f61b8e229c78cf825cea80fda5f25b66e1178a4a24a65a7c65284ee12fcc6f5eed473cf32482c87169afe8286a9d55c77ed25c08dd51b1c8e30b666eb258147f619cd4c0c3f1011fd61ff5d160b08e6e1846d1750a191ac734f5611e3d1c196e9628be315b9d4e596160cc06c137ac4634f245a08342cbaf67eb3576382d457f34bd3440cee8c86992c4c6bdf9eeae51480ac9287d889d1036525b6335efa659bbca17c629d5aac27e8bca9a7cc978e89a59e4d93160e3df2d6ac4792957a8430708b59bbbe106aab5b82890a0a4ae8ac0440fb098d616dcdf8635d0eacbecfc8a3199da0114d1b3ac3aeae93ba02bd3c6bd36d58831c6417d2fdc7ce46f5eed5f75598498bb46f113d98c96e35c3ddc4cf48ecb1abc6d8deb410724609222947cf32f60436606965fbb9de129e073b974e80183951634465b4ce8de28edfd7a6c2098dc5ab13898fe51c5e48185d43181787fcd76bed68e8ac02491b892d514ce10239a323877e3ead9f020fa4fd11ca7b4109812ce28437afb1cc5ad73a44186dc83137f59208c37ad8c415f822cd9beaddbeb567b882ba40cae55c909d172d315ff5c0b02573574508cb64acde025ef8733a096c6cc10d942e2f85b00d26fe553981563d560e642aa14134052937222c44e543efa44396bc658207b3e9fdc3ad578e16ee8c85afdfef72fa520508660063dd15c7ce26639fd3619b5e9ac2c8167c00a52ebc3444c3dcfa6ac6c32a46c073df2eca630299286bb02bee24a73e05b9cf6bd374eb1e5e8ddbafd00837fa284a350987e996844c248495a512032fdbbadf3073faf29cbd0a141a9fbd6d761634359f22258611430ae467c8649ca4d0f9b1c46463123791bbdda9403f9b63c585a58309cb4dd1c29bb2fed699ece63e4b7452aeb4f91f353238752f34b2313e2e56065311213879e0c3e9974019e66837eafdc678b5e4ba9ee0f165767e9b9b49af96525d99c2ad57ec9d2543c765eadb88f4de5202d71a559a430074717523af41b583f84c8c188104c3085d1c82f57151d3d0763e6fe3284521f199fe7e6f3fdf66a0bf90ebd49623d1f5b8a1c4077dc57b6f74f50e20497a2d32ec236767640f17b36baf0bf10b6f8fe54af49bd11a2f9e3e340e5d1cb176bb76d7d0ac7e00c35ccd4041e382bc9c876da0d1db13c6ea4757a3235a32fab73e98624e6e034912624cd711c49984d95a0f8e9364cbaf7ec0549236c4aa0c79192ba6296cedbdab5c8a3c42c6480302e6cb69876b96bc89dbe47231498aa0ae510611303a665684c5b5f219adeec214c75506da743bcbf30119dca10754d829dc47db58306e650e55eb2f6062e604b9691fb7c3609ed4edd31dd19b4662af66909a370e43a6f45db5d76389b189e6af727d448cdf3d54e736488bbbc665dd97fce5d5f8075fb327b88b52307f39c884d5be09c730dd65008f8c1317d5f3a0fbd0b0f7169938428732e731818a3d4fcf2b3a59ea78a0e9ba4d6dc2d0d9ad324074b91c6d20dfb65e1e4381cbcbc39eb92aa4749b7d040d16b1e952f021d3f4b7ee8d7606d23ef1dbb1157d06c32d939616d95a2b64eb04ef411f811cd5a194ee9f1e3ad454d8abdd4824562b5e2f5a37683ed2e42e25bd297ed1755ba15423b3d2ef0364b0b5cbc611c47bf67d6d0f3653630a410cf54687f7bfa88fd6b802dcb484c27df1a8706b1626a0eee4113940f141e37f292a1f2973b8fd66f21ec4adfaa9ba1a88e54358f69e6ba25ee215ae3c2a861e4c8f1b460b69d083bee3c15cdfa62f76ca0d935b3a486ac435a729c62f3dffbc603f49b1ed314136eb1d1abae94c3da562798dfc53ed26d5c42cdf3d2114785d0075c0376584e9099ce0d793d09facce0d28e19e3d45b94fe85bb1f648d2d69e6391318a2e9581f1aef308c0abc4a3f20abde374b671793dc5b8f6c6aca62e3b0d50046c4a260b8c270da8c1c902fdc292c8fa1ba3accf8d0ee01124d3ea12d5a66e07491b7d32b34810a516ae400e7e632fe91af6bf1359dd5df0ab2072c1de7776a0131db4e8d52978244dcfb5b178455508a9d4cfd16d285b915dec42182749a02631c0a85d6498f08b536b976a506de7d57cb3affbc4aef520ab78643026b0446f1f3d69cfb42dff9066b44e5ac185a313e0fcfe827d7181f888b2e581a4b19600957417ea71190ed0050e0a952f2bc54d9f9c1d92a41defd784d9a10f9d433767601924896d38749370d85922bb04f4d2750ec90d9b92838f4a11142c8b0c620f18e7c90180b4c5f3aedc1ecadefe17b9ea1580c6012b7778de7fb48bd3d06fbe7201c9884f3166b4c776a4bdc87350d736547ca796c977dcd3fc22ed76637b834789657ca83a412085ddf05733b55ccc268c9d48fe77e7cad0bb22db8c8371459a0448b0352dd114df399779941c695152299abaac03bd0e3b2729e116644a4549c856eca60fbc49307b26176dfff47d6f5516d4bc94f328f3913e7c99762b10544d290a9c19d2a8f39a7bc8e0dc7c0a80e4b95f4d213c35e4cabf9067b7cb2a0ba0a58d5935735dad0d7463724d210217bc1505ce83524fc246f18abf594aeec1579a8384c2e19cd12d94bb9783878f5dfe85c7e74f4d23d09a5f776f4b1f3bdedede4ccc7f54e06ef1408bf798a0bd4a61518e3728de8c22ebdbdb2b1d48c8a71b57b7b11f4531612abd59ed4d5d6c1160279f4d7b11a4d5dbee01bd3d33873dba3d854476a10aac73a8f0fb9e451ac08d42b46504ec376958b38fbac5e6e6fbbb0e8ff7f17fa776945e15e54a66e5fb0c7d8675ed2398c08668d287e420d59c783527e1b9ab7ed73d24ec74de5e66e8f697e3fa8720e11d1b8efbbddb073e99ec87ca1ccc3a09d733a0bde0c85f4506146083e7fa0a7ec9655c5940577c902834cd8f88c5468a049a7b37d6bdbf74fedb7112b6b4c7d04aef269cac127452c2bf197a9ebf0ea5ba5ab141f7a62fc6a270535e327ae38c14355eba6cdcf2a6cdc6ce3af5e6e0b4d81ff520fd125fff38dd615bbd4d77dc925472e53c8e993632614bc2a745f9e39a2d810a06f16be764c4adfbd5a0f6ca0b023a5b9d24b4bd8636e994d7c20f817c2efdaa05b210a99506c8d917c706eb1bc19f33fd5dae5d028a8ec2692bf89b138822918dd17ed0fc7c810fba6f695e272b1f31e55508d9e6c595ccb7dca1eb0e64433046d7bc562a1820cbf058967f7bfa2b9b4fef62a6ef4e72401e3ca7a6be0e72c1b01aa82dca3734864103970ac4f90e2c40520dfa4a4fc495b0b90ee9b761def176a9a8ceb9c3ef799246d481b12e7b929b2102093d54c7172173fef74c7106939ba190e4a7d993d60e92e80136f8d74ab723b78414cb7bef770422d62790fe3f96e9e7738b86261b5b311cc47e97b05cd7c83c6aa0dd6bba9131ab24ea07b8e5335e90b1f247671a45f994bb2a8cb7406451e02c3ffe4831bdb63dc8f89fbed1df24b412bc0bfdd1e325e5df1cdba66cf524eeef87745395586ca875dc5c4d97cc9d1af9bf5318c5eb47b71b87ef644eaed59a25eb5433322e00a0cb89e5850d7f43c11a390e65e248c88077c6fc66016d7a5ffa11689e6442916343f223eb2639940a22333103d8450b7311fe719d2d879701a3e8d9c62c78c1ab0d9e230ef477a6370906c7d53a83d451cf6f1f3366d6977f4546eeead1323ec4acbfd61bef70fa87ebffd538c29e42541c13da6cc46fa2e02ad02fa4b0a3489bbf34d6b6b7131768be98754f63ea8182ec3c", 0x1000}, {&(0x7f0000001e80)="97137910a75816afe1a2bc215efacf8619973d3a4611f0216f5802f51410a365f8a8b053700cc106d9549f4f16dbceafe79318829d925d7aaba14352fe56", 0x3e}, {&(0x7f0000001ec0)="d2cb82d88a45f3b7c4d9bdfe11fca37e542426cce9d011e2d0483ac94f41892566d44c5a0a16bf0ae42b524808f96a3f1abdffe9994f08d325caaccec34022323300475023a23ca4584afca5c4a76bb47e23f401da41b62c487c7e049257e883e8f20cadc2f46d033da6879a20032bff0667fd1f69e8809be120d238be55f44a807f1ecf9b948d1625bf6034b34f7a3d92eda95e66bada2ac8bd3fa6eb716adfd2a1773a721656fe46e8132a859c", 0xae}, {&(0x7f0000001f80)="cfab6105b5e6b33a5260b84303f6092111b20e5d0bff1d", 0x17}], 0x8, &(0x7f0000002940)=[@cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r0, r1}}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r1}}}], 0x40, 0x880}}, {{&(0x7f0000002980)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000004a80)=[{&(0x7f0000002a00)="546f9922d4bd59da512a23869ee1b160c587e0b5bb592d76fe6fb2019a2b5351539c16803cadaab7bdcbd4370b9ab92d347edd56979c865d9bb5bdf49c8dff11fccbfc6c8d0bb0639111abffeaf5d4a93d4a5c617258e685c8b323b5dfbbb88427312da85e47f183", 0x68}, {&(0x7f0000002a80)="9c412b187ae3978ed36fc8db5981814bf767852821bd6804e7ba61e3446acafd652f079f51c7d0c854ea8a6328d3df12e1e7b25c87d2b4851834818aadfea53a9d3b5db0a29d7c6c5601bbb3eecc3a2d038da6edae1fae8744e1f5e7522436886ba9f605d6f45913ba44840943e4e72c1d980a88d355c9feb059eeb631adae31f1d4a2e38e5bac77ae0262eb19a5b744f112691e489941ab4b3b473678d4eeb0f1b5c83a94386551696b0e87a81cdb4f8a5aea3cbc778592c4e00ea1357069aeccbe9915eda15c703c4ae87b6df8dffe073853ebdcd0712335a094424a0406693b17918ed952b2f845e90c1043ba799593f1f7a3969daa4e9a07f9f20788f3b3291cdddb226ca8cc0fc93180afd9bb81fb1c60fab40f71aeb492cffd8ea9fbbedde510e38fdc9892cca5fa08cfb5d5a9d007a64111671dce0f3cfdb5e9c4f1be2ab19213623db968c06b953acdb1f4af5bafee6b0dad9d9965c13c09ce632c226de5c0798480c8a43d684e45c2df8fdea50b2585130006ef810b92ea24e623eeb5a9f0388cb62561c0062f36a4583380d00801f1fb112f2b46256d45e7af95ccda3768721dee3a6680d4939ce5e7a85a6bb07acc71399aa8e05e9d5009dd92c306a1217effe0d43f316436eda07fce25ce13ba9647b8ae1b80290d3309031826e54df5a639d056d3ad6d066c8d7ba1970ba9c2fae348ecd5cc0242e6626dde003374a358691e7d5f09f3356ff0763bf44d55702f2ebe832908bd73e83e7badf38d95d68d2e32ecc74550182d984366ef5b6be422e05ad90420d7565d99e060d494c6dc4f7f5cc37f406723827d9de8a79de569163b936b61c7085c1902042c91f186c7684fa53c70082e9c958b50ae2389f30de237ed84af5e9f4c93b08cdcf50dacab764ce3c95ad90c6fbbbe04f905d56706780a413c3e964290dd344992d0bb2eb9a38f787d862d02d95b1122dd985980241791cc767e4775bbe6c01b6f130461b551c0cb4c55ec6467e135f109af5c1029f4d3c8de8598201a679a4fb0bffa71f649f1f4305d1ee31526d8c1470a384f6b3e407b7ca20ff4a37f407c2b924cd4e35733489a5540db8aeb033ebd685b1eb15fcfefb0424017946adf592508b2e66b5dd08b2ebf73f139e0e11d7ab42be080b25da0552268d99263319fada207ecf9be7593521eed2ce899171376f4c68b6973ed2aaa5d873a5a2a0b705112c37bc08b83e3607b2af8880cf2bd8527ad51817b78c153f003d82c2b3e860e8c099ad79cbecf7f505558a71b488536adfcb4eebdde6ab2d997d7c15980b0c323b6687b68b6c4a9fca92b7d5d8e28f9ed7fa99ac6512c11e347690ba8bf3e444a7d19faa8975970b4e796ba7ec54ff9141f29e6c851c7bace617f4f8cc758dfbe594d48b6abf92a9f8bc856bfbfcecf80c8fb63f25a211f76828b29fcd66d8d2241a1c1892c7ae1fc76a3918966e9d79742c6a05590cdf07ab4de2c93c99501c30a7c9cb03fa42ee2a6760535e9ad7ff31b6d7db3167fa6afe9812442e4f94460022187ba83b473038f6f4620dfd236b84bc9e6dc0761681f2030134a07f614a96869e3d2916b8ab451bca94aa146659e6834aaef4a070c69389ee1c6889fb012bc83dfb0ae658899411c05c56fa57669f8edbdb7f797d4a028abb541fca95aca73d8046e19a1e9f341ba593ef769576109207fb6fc2226700406447f62babaea744712e96b8d9d1a12e4ff96f86e62ce3d8bfc32951c09ce5333296a0aa14407c1ca9f33ac1b2194dad03b0e91c05db5265fc653f7e738c0e21ba58b08529e8bae819ff26ad8a84d785ce63a1fb306e6a265b85356a3f92972318952a5d6fddbf8f7176120dd23dddf1cbf6185d2455ed4347170781e29c702c1dd9f849a6d796511b66fa746dcc593fea8fd032b037daf6d5fc735005683f733ee879d0a65838d2f211925a2b7a9fbaa1c1788c45e6fc719c8b3c242aecacce52789a3c64e1884d4927a7a79c6805a717ec2e40253dcf33d363d500487f173d38037641c487d56f1ac324b4ab5c2cd1145cd54729d2056dd4bf298c4ff702d9be564af487c1bdccaac029a5d9d51698d13363ce7e1673cf5c38babbf7ea1f23e103e1d07fb6b681428ba01156d5e27fb4e72f0414f41bcb0887d9e5ef4b96b9c2abcbe55e4141ea1c77c17a1e3e1ec5f7934b4013f1e354847f11f7cbcf0b68404a67963fe84009d0e50acc758e0c02db04fa29feb1c04dfc06928dbab845d2ea986b965919eab1cea1c6aa3beb59059809d6d541a3575c8041190c7bd5f50bcfb7e6b904d451e71f78c4217fccc2689bd557074a2a74a2d84b1e7161d6c87273ee5ac8a8869eb64ca0858f0245440d11a113723ba69860287a9f92128b0027fb362bc296255fd7bf7b9f1c4071760baf45f0a9bd494473dceb394b46ad6f3e05b4cc3691c06893ab0dc5e2278502dd7e586aa15e6e45086b9f609a7c6d5ef4a549bd5edfa9eeb1ba571f03459bfbdf8037fe39370f35925cc1f52d6b69609dd3c4a1c4a0bc219c11ea21f87513574c5da212516b6ed349d58c49e3d12e8e830dedbee6eecb4664832b37fbc96ced4b51afc14db313c0ffccfa46cb696ac13ea98bbf1e7a7ace7a4136c844a6f8655993c3a47171ab8fd7170e203a264a0d036e589ef0cdfc9b615ba6fe9381435bb37f71a327176f0abd7c44e2f3b406ffeb0db622b6d4f9a9f628fa48e0bf4fc884688c3b8f2e85c9d5dd4422781b827161e709eaba59c1f7b3c712ff0d5e6bbaeaa7cb68ebfa712c35c432db94847ff4a4e41916a6f1f61c36956f4554c5d65810ff7e41022d8e42052ed721e0ced44365461894cf92d6bb8e200346fd02821476d0d399e29c9eedb2258f6757825cd933e30689b2b11c7e40558176a089883a74eaa91bdb96a619f64b3b7661ff87ed059298a69a13292b7e0a0f3213c8e7c76fc671bc3cfd628aa29d3dd73fd5e890de4f337030f469a5138b7d1bada14bda7625c88fc4028645d6f22b1ca7904db228055fa8f2b2b395ac5ed8884e78450ff4a6a998b2f2b1412fe06daeba529cabac0dd707d31f6778eb9287115881c009caeff7e02168a547a5fcbb8803a90512a31cd41284a90937888793ee6e536488197bcdef2c5da11e7804e02f6ad353777a929e746dc04c683bbe88544b6146e8807a3b2050c16698f471a3e0a73b8e58dbff4a46e988cc448ea5a466343612e16506598ac0663b36d408bfa5698812ba1fad0c962017fc669d3dc4aba7c8f8587879d3a0370bf5904b3b9ecccd4df8b64039b6efad9c0f49c4f4111dadf702556b6e0d49f5086821871d7aa9be8117ec6ca983d08be6ec144509ac312ccbc1c821064d7cb74029fc01e570aa871701e9ae4ad78d2070241257c1141381caf78a0fda17a1145195fd6b3898cc597cf6c81de25580878e3915c45b185978274fd80d4bdf14baf6e06735d5e9527ab3430eb3469f065a9c371f98dcb5002f0c1e6ea666c155943028d04e96b7ce04a86077f6621abebd28e9126a2ef373b0ae3f06e6ec35c59bdccaf9d470918c18426131e646acf1f55a6b6cb1feca949ff6f412b1583ac9657f429211c2d82c71b6a784d87ef103e4826dff0df6f7cd03d542fd51db15f8909134323ac009692027cdad3c81807aa23d183c25ba70f39293a609b5be7ab91d3bde14689c2601ec724a679b73f2ccecdbc3e6519a6467bc40a58ecd4033667d2ac4ae49c46103b37994f5ab279ff03dd3ce7a51836c21340f4186d45766a323d69a2a6d8337761319b7fd1ca880b1c43d8d03f77a7aac854134669e9f9e928dea08ebb30232482f50b81e2740cc001914abf3e2b2f196f3c68db9247bd66318d0d21e11b3e96ca07cce4664061fc41847c5d53f271ef64649b8651e9ffacda16e7a18f2d7cdbdd64d59db14cdf418d4f345a69c6b91ea0de85c2c21ee26ce5a9aa211596d76de4da519972f957abf726ea6db29a5b1367fe64eb0f0965e2d5185a0d5f3ee165290574cbd9ff05f83b8ed096ff0c32444ca77004e2777a1e13c08c61cadd99b282f10ec7208f0056441d9705cca1d025a37ff63af6de50ec333181297ef113fcdffcf0ab53bc9e6638e799151ec0e6018dcabc21d7f7ed7d6fc337409a5f050297f2cc581b08b37144f33206f2e7ea0d57d157f136b19e285ca2c5f14216214293dad2da10012602a797a0e4de55f335f13f118d92464cd83503310add9636d78ae05a03c040c0906e33cf329df25d77b3797f6ce208ba73425ae35310dc7f378634d11c6477420824bea844e640b3135d526256726e3d2af1fb55a8b8c85be0cad40e70f72c0f4816a91ba3aee1e7da5da5c03c00df0eb0eff9b4ef561d173c5eed06e35130b551b564a981af4f761c6f0df6e23a9d5b5eb5073d6dde0924f3c973bb8e694c469a74ba765780b786e3b1f1323adda33c96ad3946b822f92397400ef743c1e6ef8e3559107209ed6de439332cc6c8041c27704b2abcc21e56790309a590eaf0fe97a04146f99b416e3e2cd25367b402b4444401d4798fb44709d57b77d1a975de6cf618e12b0ae85d9c079d33bfae14388dd553e1848125652e6c8b8f6b400b464fb671ead722135849187ff8c84837aaf3cdd8d6750bd06abea94ef951366a14d6b61a2b23cbb787488b997a3b055e606ae6c54d63740965360868d444ca7e2f3fbc3bbb93d4e7e2ca1d32b0a1b8b49240d523cafcbeed78b1e1298a267c61db50346c5607e2c80c7ba1f97358cc51dd90689c0538ae2c2a548145aaa72f19dee8aeea62a7349728c5d24f367dad4cb92c441edb8cee58246bbd028ba534344f34bd98a7f8537d0d8b96a4f9074d27c9c4a68f6770b0ea5396eaaeff05c5cefc57b540e22ac9f463a320730e8707640e12572ca211d735f4f0303a9973f7b459f961dc07a01a60d9eb89cbb56eb0f962129e77425f1c1ee43c99f748867c4c7a70746e69ff446826f3f928ac66632d88b513edb285362816ef3ce5d813d1fba8eee600dec85df6dec18f003f2f03d59370797c0b6d3aecfa1a225e738b3c2c60070286aa2bb9673e56751af6668b16576442ed4598290abf6cab783571e179440074a55668ef1c642b2a61966c2f36d51dab18c067e462ff92b07216d8cf0f59024e10e0eb79623f87a6e39b1d166c44d0e404921a6f8f78f29ae0c02daabc94cfd65fc18a6ed63281117d3e8b8443e43e2d7188fe166bba6c799c884b3802787e29501116bf2707c2a4e09139a2202cb25ff3aec133eee82d16db0277d44eff82ccce8423c85e18a5e262757717344b0633a894299a3ef71af9800f77559f87976caee94b4d89021e6fc5bd118b9873ebbc9f2b2b1e9be129fc9eb9965761c428f659e74dc7a46642c28f4d8d168540edf0bb796e7da5ffb33d07d1e8a5e24289885aa71656988902b8561e229f75b9365be30b2b511f96aae105863772d1660dd62dc468ac8253d8eca3407da88b6c12d84a1a623859da0d7923b2ccd7430d8b37d63b8b1e6baa8b2c2aae1b36307940c79b7455f5de9848f07b28659b45ab000b9f976702515a96254b8178e23dfc6af3a15c8077e68714ab9ba4baed5f9319aa84796ac622e65b65edf5559d1592e01a2f89c042e97c88074e88c0538109db9cc19ae2585bb3ba7c4c59afc48d7b43a0a85b737becc9d5a86d08a9ab6668089edaa1e8a7a8ca8ebff3885c9e1e632e27d31f9a35a020eccc6eca83df88f0292b9ec9f420813e029d0a26c0fb65741c55996bbe83bb95967d5c0345426f7fa1c9f75c93", 0x1000}, {&(0x7f0000003a80)="887ff27681e207f4e001cabac4343bd522fa00dc9a6e1ae52ea4c4e35094771290d38e6ce964fb8779fb88b2fb90c3728fbdc5b71179507a5312b7137759171b6a0eb953b5a26ab38608434476771986cdeaa0b5ea4897387cc772c72dbd33350d62e7e1b37cf3a9eeee5138c171c2be050e5abc62f2273d700f4a094b9cdb11b2754107d3f1c27d3e316aeb5dcdc5b597cd7cc5c464f718e1f1fb1b02228271226ba26b9e2c9851eddf2fdc0a71d14d4e9b3c7a036b595d51a36232c949ae6eda53e7f98ced90a5967a27d8b7536114432b473fc05f179c8d7f38eadec23d63c4cd5da86da40c3a4f1cd95ffce209ae55dd9f82fa0ffbe840ebdabd341c9b6178f9f3d31a7a8d76b24a5e20f7d2c6718a098f69cb206a9f608feb15074d375a44e7b8116832e205a2ced0f001eb75a10e2f8c25c34b28247ed3e3d6799ff705341f0b52cd97b93e6a0f8b25901c58cb5872dfa2f897e4f43ce1b0599b0e011b3e2308c2555f01cd935fd29e184d53dd1713e91e5485e3017f1cb3b9e444c59aaba84fd865ed5e3916ba2aac42a577e98bd6270edf16ff4eb5156df60ac97751e2c17c97fcf5de38df7d665010e1baca619d940807e3d8985d8d7797df5ccb67729a1cb55c4068c451f300e2a9afd1c21a75f7a2e7ec80a9501bf3919fd93abc7a30209dddd6f1f8b7bc08f92cc83ec56b13561efceeade7d711b7bcb85796c42ba1374f47888b3f89e8464d3920e67109e6029d7e81e295158ceb46c8a09c54317d92ec08e98499c634ae864ba86e2426b3b23bf1f1220b314197c510832a773f19554d2128bf4579183fa25935358d83902250943d165b07616b1ff3e8ade14a4be86185008cc5f6069b748ed6e323153f00a2306f45307257432332905fe4b0a57fd2824f0d5dfc08ceae4aa8b65558705f6052b668b24ccdcea20559c0e2f84529ddb04aca8656f859e46d234f443b827666e0932d5aff5244930d4316c82d487f4785fb8dc786aec53808a11bd076cd577ea7837ed8d49bfc4b7f85c184385b7dca93aa6abfdbbb07515e658fd18af6f6e501d4eed2e9b3d70a1baf3961310e7ff44b94409bc607eec12e8aa5e55f681b3bbba0e6dce3eb1b0f97e78fc0c4f0df8f8a0e2779103c65a2992ab5df7f79bd524b20861118ff1e8c48890b32f2845c1fdffd2b72280ba194a719327f55df9b505d1c11003054d573bff596ad8776633dca21b3c9a5658263f2b95a37ebdab5b381ef9fed54e11ca2c1c530280bcd5068d41375e7fe4247450ea7326e133dcb421dab738c31e0de484d41adeb7464c22df80bf4d2c1d8f25ebe5e251955d7e72275953e06670652f5f26e3e8d674344cbc6e261c0bad2f05de061212edb1666d3cd68fc0de33968aa7dce3cc679c5a6bc6c06bd9593fe483ff0f76f4d5a5f6a5de093f81fd449b1111ad6b67192068ef2dadf0dce4f4f04e7ebd57a9bffc51687d8232d9d283d9ecd1ef9f2177f7b1e787c236537d0e3cec4bf69aaa936bb92c77b0ab8779403ce047cd3e62f10a0169a283c183dce20f84b55864f764648a2590e8de50383dfc75aec3ede5d208d2ee2d9e85b9ae977a10e94a566a0938913e2beadb7c85590ac4b038e0d8bb57ec6bd9d068866210368684b2fea57dcbd084259f71fa629960758c8381f7187698aec6bddf0eda47082387e83cf307b97b4566a0f66fc332df8e6476c4070643d396d22015a350d027ae0cbd69253cc67e6753b0c12d318fdf522ed4046d1d35ae9e922dbc6f915b2e7b25233239536d925f872d5b80a6361a04e99b1da6792843d1aa7ab194f182e2d1f34691af1f3096d6e8608390c2094e3122a029ea7e47e0d9c8265ebb44bed76a76f39ca68e5d6fac6fbfafb39d3cc2e4e4981ede205b4862671e5ca94339c542d690ca571260785176f170e02f1a52b13fa8ee88084c63cedee4e29ab0a71a1f5e491233dc63cc8e983bfc53f86048639f623652a9073189df0e527c705bb334675b86e8d0472d011dd2318a1654090b0f15662dcdc39dde840856947b1ca2aaf72fab7755022bae7087cdd214179e3412d143057a6dfd47f781dd80c62b690ea9fa1a32c4a19f1bb5cc1efaf1629a53ca6fcff9d211dd0ba88b0f41116604203ca1fae590f9f9c06949667f7d9f4fb35f4001f97f9f9061e0467a77ae256c05fadbecb2f3f7aa6b3b0e6b181566a23208e73f7823538d53450e7c9f4de10f1c4734b3079be4a52db057f72cfedb498f375acff442d8b9367ccb8908f381c0b1f45b9cf48426f1167b96a059edde4ad6f031f7d3778b5f960f77ce55e52f58d17e97429e7469b4d15111cec52e9a93fbfefd6a9a3b8e4b4440ce8f6952255c846a2a0cd9ce6233a94a8a95dbccbd3bfaf195ce87f2e1b0df94df561e6c15d8be53740cda9247f93eb762589ed27792417ee5058d8037e0593cf6417c698e38877e693b4c4e1bac1932d2fe62e9c0e019379ad2c59aa10d78ec1e52711b27e92f06c9153db5a29602ab2a8571da81db80b3cea9035c3998b07e385830b675b2c79b8c4319b2eae4f702d6b63dba7db3c07cced2e306c78e7c9b50b1bbe84d14beff620c7c4ea1bad104063bae1f1d332df05b91d04d3a83475b7cb788881d567ea279841351d5384053c85c3f3f1d96aa4d11f2061cd808ab812d3b91dcd0a04e2d81e117141e5247f68318905f23607b819871c0d665438d07afdd038405f50aff8ba3e8f7ab3aab03f0822ca6151a312c88f83d2506d49ac7a723d9058200129bbbece0f86b4327c105cf8528ced7185741fc1526f616c81399fd1945fc86e08a9128d1e15cb68895294a39dca1f1c7e9b4cbe4537fa57b27954f7ece9cf54764ce83b31cb7b21b5b1d9868d51422f8347cf6d2f143712a0b01cf009e7d3cd2a06f45fe1587e819484c1a6c5854b9d5a8ee91cd87a032dc88e0677c59138c6dca86f1a784a5e33448ba4ba32e8290ef2ebf5bde8e1bbd636c13475d04134d7fcfeb3132da370aec90b1ec2527c7d0b5cea46303b2f2371886de3ffa649b23918629c4f5fdc73333a9fc3541088f02a9255cfa146a9161a756731256715e3fa7b044a01db58b8303d4fedccbdecd853c55bf7fe6c1b0d1a7769cf985ae66d70e9cb97d8c54161d403167f111b75058f044839f646c480142af9f5ba4a4719045bfa9d0607eebc767e9d25f1ba3d9e885ddf53b54602c9107572492ac6f29365be1f68e8a568728eff5cd611c2bfa87f6ed33467694cd8746fab13bf48eadc2866c3147892aea82388c5390917820beabc7b5ecc63605e1151f99b873ea80ec283ee43aefd923b965bf7753414d493cc4089d5c8c48821ecf529b2b56db17a1a7a833ed1181242e588de19521deef93f13e68fe8d7c72f78924e8f2a29aea9f6c4201be25ee97e939ff4d1bea78186b9050691ccbcd8c43de845ba82d8e1d3df21b21d938b6157275ad92213163b47c3ff34224fd4838d2de708c8754e9353c27b5d9d2d1cbf9f1356fc2cc3893451124209ecf9a545cb1ae6d6d09dde2679e8672359aa372ce9007d5b82fbad804ed11ee217ab6d5c268cf17c6d5d32198e4d80171ee22ff9ad79507e94148b1796a62e4ea33a3812b21e09729a6769e2c0d23b2da143ee1e7f5585cca3654b355c629c868567e7f41b295d2897cd68e0f01493ce087de12ec9e764e69d39525dc48d5ed0ac88e5f7e9ee10b0ef611de329091828c5069440aad69eceb04006b0e0fd6149f16ee65025e295a4ce2239f0bc2445074671415548c4fc54f554b0754b0485ad3cf35c62174622a56b9750df476262752009171a0b08c88c00ed6a02efc5ca1770057546378ee98f4ef2544a1244c2b3484ff24532563905cb1af2cb9eafadc28dd85c3f3028803afcd20c3b6d6975df584cd6197905b9aa2ae025ce510b3d37c4a0544d465f67af80ea10917bc9d568e4f204258c63dcde482b4a0a6d53a978168afd3c1424e32016effaf9887f72c627697b9ae7b5358983b5dd6f72c51a7524e7086e32a94f7b86edad653ab75d3a8d8d55a46a9ac7821a510b07684ef3e6834f80ab3f3e59ae10632ce6c383adc6b852f15886e94ae6c1b121c66397dd4d902f536db51a81b18ef82be3d847c176c2831d8e73aea8ceaee6a445da78a0a3d4a9d19f679abd97dc34fdbe38cff2c85b3a8698f9723e97d97f6be3ab87ec383de592380701327b416d9ee41c6a4909e88917b72cc06d02e16be14e8a262b529c201622bdc5a5c930f4c89bc162d0c9a4ecc1dbd3d01c51f9a35393f5727006ac14249a56614b732c03c1f8ae72be5bcb5001ac75a13989c3962558547bfef7b7b8759253736ca45396bf9dcde8b146a632499c4f6a200fe39f234c0cca885ebfccaf46b4cd8b062661db5657d9e8741f5b14f26eb004d176336efc37599a74e6fae97b305c1635e04c6b9955e96612c9b3482d2590bceec29c7bc28cf2d25001f164a3778f5be44e2b94e2989fc57e907e4dd2c33ae62517da2e874574ce47dda97839b8d0d63f9c16c795596e46a921b6d89a86cb805bd12e91c24b969f9e5141316f8609232df8f76394edc4b0b13ed2253c0fa5cfe2bb481e7ee27db43a78ceda3c9ac1643c241a5c9d73cf2e71c3dd755fe6b9199a1ee06a13a047100dbd004ed822f57587e84a839bf557e79010c32e30a31eed4c609605b1be78892f604197393a5e30877c17e1389d162e4747aafda8e88d7937be45615d4d7baa3e1e03727ac5d0a51ce1f0da90b682aae0aa95e5284c6d78b6e64b302c629511ad1474a95a51d66084bc87c4eac60cc27e66ea2076df0d3a5f612b57d8ecfe627c9cc6f05c5108b0d2debd960342feb8f9b97c8b4b59ad19df9a2b9a06a7b314e96699ec807b12b66c13c440693fa3af5bd4324ee3d47f53f190a81e2fe34d55caf8a16218d9e07991befd145545f85d57f1429ab859d1efe4df19bec72cca1140e0913fda5691575edbe62bf6c6a4f376be965d4dea42901322c96036161373021b957dddf9a451f5ce1b9ea2e3920f6c474399474b618c4f07542d2f23e18f2576a2fc3531d6992fbaff7b211b088272b978f8c3f9a76011f35e666b5ec868cb675dcdba6d8e56a92c87e123c01e444e2be0df454ae1219ec03583d003268856f5ce303c8998e1a4b9a844de9f21f0ddfd16211efb8a5f231be1df1965c5047a37dc7d73e94bb18ef620c924c19e4508afe56340c7721893710209a2ceca5c77c668c34019e4b33f407582f1e0902834457a8b5b3080e42ca081c177c2d9179556beae7f3febb4343efc41731949601e7e41ce87a895cf3b2e3ac0a14818485e4955e51148b5b53e1074fb5766f249a2be2d6303153db66f390a6e716b94ebd12036cf151ec1822c2ae95ebaa55cbc94b9f42f03a87aff222460ddea38823160ae79b31f506f8e84476be91bf3d392cef79bdf0bdb01b85578d87e5e9fcf42fb4193b593845ee4852c4ffbda3b8d3a2ba8ddbdb37487287489969b816bd12b024f7ab9013abf6909e843d17927eab7981923ffd45b76e4423bbf5903562951501e944f5b7d2c12db3bfd1a7d2f940c4b2435846600638370d4587e16a06bdc630c216028106d8ffa844c92bf2478ab070dab900fad919b998b70a2e587f23e3da8eed5dd319104a0b3656c878384587d8076348d8c7a4a165f95d42e727bc6fce56e9e20905868adf8c43d029f001102dad4a13ebe6194506aaa7ba30a7adbaf3babaddf16cbaaca347973ad141af0c0036e1aa49472b313d448194208fa27b5351b0c", 0x1000}], 0x3, &(0x7f0000004cc0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r1}}}, @rights={{0x2c, 0x1, 0x1, [r2, 0xffffffffffffffff, 0xffffffffffffffff, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [r3, r2, r2, r4, r2]}}, @rights={{0x18, 0x1, 0x1, [r5, r2]}}, @cred={{0x1c, 0x1, 0x2, {0x0, r6, r9}}}], 0xd0, 0x200400c0}}], 0x4, 0x8800)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1800.450392] No source specified
[ 1800.460239] No source specified
03:45:32 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x1000000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:32 executing program 5:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
ioctl$F2FS_IOC_PRECACHE_EXTENTS(r1, 0xf50f, 0x0)

03:45:32 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsmount(r1, 0x0, 0xf3)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:32 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x84000, 0x110)
ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000040)={0x3f, 0x7f, 0x6, 0xffffff00, 0x1})
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:45:32 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r0, 0xb, 0x0)
msgsnd(r0, &(0x7f0000000000)={0x0, "22817c957195ca23be497ca68d024a8e682856fe127b2190c7ff359129f5e5da0cf4c43a89b54865bdf03266c23624161e9f63c32abba2806c5d1b7a2e2b410026e9224c7d05a3f246e3b71e25aac94523b6def234d51acfd05fb4955ceea372916563572cde8510718e20a4471c40ec67459014a010285771f568"}, 0x83, 0x800)

03:45:32 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

[ 1800.656214] No source specified
[ 1800.691542] No source specified
[ 1801.836900] Bluetooth: hci1: command 0x0406 tx timeout
03:45:43 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x72ee}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:45:43 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000280)='\x00', &(0x7f00000002c0)='\x00', 0x0)
read(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000300)='\'\x00?\xc7h\x86\xadj8/!\x9c\xa8\xdd\f\xd3\t\xcb\x86\xd6\xb2\xa1Zjt\x8c\x8e\xe3\fb\x86\x93\x95\x03\xe9\xb5\x13\xa2\x90\xc7\x19\x91~\x83j\x8d\x1c\xd6\x0f\x99T\xb4\xcb', &(0x7f0000000240)="ec9c8ff063d37cf4e867b5597340a6", 0xf)
r3 = syz_open_dev$vcsu(&(0x7f0000000000), 0x2, 0x800)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000000080)='\x80)-$].\x00', &(0x7f00000001c0)="432bb360cf435252c1089328e871d2ab48d82c851723b66dfd973192de21a6ca6422d4d7b7e0e4bebd2f314cf24b970ce68406915287562538767feff685ee29512efbd086a18f86ab922240820aa215f43d89", 0x53)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
read(r4, &(0x7f0000000340)=""/171, 0xab)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:43 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x7, 0x4, &(0x7f0000000480)=[{&(0x7f0000000680)="3ca3de9140cb9efb3a0c686d7fba5b1cba9aa8cf80a7574f51dc11d784d04bbe723dab8dea9d6da4f7ee11431ed4c0d755b241e991332eeff2fda8af7066f395f871d759c42285a87a2d8981efc2c67874cf22adeb5932fe7712854d551e3fd5c2622a6f3474173b3a41320a5de9248380c1ffffff36ce16cdf1574f591a549c231cd6423b8e6e7bf99a74ff9fd1a02ca5eedbb89fbb254fec7aad172509817b0ba6af07fcadbb94d408ed141d2279b03ec101b6ab86e350db5ae8380800f34e20be978e09491085c502ba1cdc0084532caba778404ea2da50c743f3fa3ef597c0192894f6d1dc4c2e6f38786dc96ed66f113c345c32eccabd2c4bd1868f27f67acec44096", 0x105, 0xffffffffffffffff}, {&(0x7f0000000280)="5347836c801a166c37589b0baf6542da36e5f23d0816e0a8f21f7556460c5f4a23613b50b8ef3bf1f4d5a7c03369813ab2a8d5617103a8fafc2c72f2c0de569faca37cae97929470f98cba8a30c1b523d65b6b42df19f8f6885dee48578d80276a2a0d7f195fe61fde51142d2cba8f150a194918281ba8a8af685d5197ae426087da7ecf12e9da6ecd3e22e5d07e45c49bebc047eb84cf829ac4d5269874dc39727091b54a974c4bb43a51c9ecf036f8dd7fc47acd3a", 0xb6, 0x80000001}, {&(0x7f0000000340)="eae6092f86c8e429bd7fd6c6eb7cec3ae783ff05578f1e0775f0eabf34cba30652e7f6da19b5ab0ed5a495423019c3fae08dae281ef374a77a9b41fde90c596c1be410cb296f123f243d1ce78e6ab212e94fba46804d5e821bd61ca13487f2cf522da6f783d1d6538c7c8807758236dcd27455f7d28c3590aadcad2a0ad8aa2c52eb8a64a81e4633aab9d856aa3ff1814c67d558940438163f6f1fa542f2740ded0c0e0701ec81df713675807a953fce2514163279b6e6331f475eb471b9613bf19829b02eb5f3d2d4c81324776bbc40c4f4ff74bde69c346151a7657f617d7292378167797c00138a80098e023255e1f39197d41b4012", 0xf7}, {&(0x7f0000000440)="d69a37aea836890dae183bde88ab09cf5a", 0x11, 0x4}], 0x40028, &(0x7f0000000600)={[{@map_off}, {@check_strict}, {@block={'block', 0x3d, 0x800}}, {@dmode={'dmode', 0x3d, 0x8000}}, {@utf8}, {@nocompress}]})
r0 = fsopen(&(0x7f0000000040)='mqueue\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x4, &(0x7f0000000080)=0x1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='\x00', &(0x7f0000000100)='mqueue\x00', 0x0)

03:45:43 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x180f000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:43 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
utime(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)={0x1, 0x4})
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH_EMPTY(0xffffffffffffffff, 0x4, &(0x7f0000000000)=',\x00', &(0x7f0000000040)='./file0\x00', r1)
syz_emit_ethernet(0x3e, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @icmp={{0xa, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local, {[@lsrr={0x83, 0xf, 0x6f, [@broadcast, @broadcast, @remote]}, @timestamp={0x44, 0x4}]}}}}}}, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', &(0x7f0000000100), 0x2000)
r2 = syz_open_dev$vcsn(&(0x7f0000000180), 0x7fff, 0x101000)
sendmsg$DEVLINK_CMD_TRAP_GET(r2, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0x88, 0x0, 0x200, 0x70bd25, 0x25dfdbfc, {}, [{@pci={{0x8}, {0x11}}, {0x1c}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}}]}, 0x88}}, 0x4800)

03:45:43 executing program 4:
write$P9_RLOCK(0xffffffffffffffff, &(0x7f0000000000)={0x8, 0x35, 0x1, 0x3}, 0x8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:45:43 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:43 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(0x0, 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:43 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000000)='R\x00', &(0x7f0000000080)='%:+-$\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1811.180583] loop5: detected capacity change from 0 to 264192
[ 1811.215012] No source specified
[ 1811.223801] No source specified
03:45:43 executing program 5:
sendmsg$SOCK_DIAG_BY_FAMILY(0xffffffffffffffff, &(0x7f0000001140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000001100)={&(0x7f00000000c0)={0x1018, 0x14, 0x20, 0x70bd27, 0x25dfdbff, {0x8, 0x80}, [@INET_DIAG_REQ_BYTECODE={0x1004, 0x1, "3dcc57b21238528b8856f9916a5f173293d0d4cd5b61797bae61bfe5ec55299aceebf23962b4c8e402f68a2b18ab4f668bca663acafedddc5604ad810dabd4f9fd3cf9cd34c5145dce4b746a9c08b266b3320492c9f34b7fbfebc305f2ff34ec2611a7327c188c3da525f8bb5cf9d47f483b6a3a83a029494cdc00331df507f6bec7c5d092811448219d172caeaec084670a04a35918b21c3b460d065e3fb64791f4f0ccc2d1b053256e8087eb78026cbc35a72982bd9fe8778e2594177f4b36bd0fc9539bce50810084fbbc19aef7784d7478c8ce79b9a27637a99d2e302953fde77873740a92d307055cc69c2bfdcc8d07fcd674e395992bf91173c7fda21a5892e431382758199dbb61435041c0dada580c6a10b41ff1b34e67cf2ba20ec0681cdd83e597400126b8301970a41765553e5a4b51ba603ab87191777f4528cbd7687cb97b561c48f49eba68e7da7630bffa039ad3759a300596cae34cd6be027706c02c7b88a92202efe02e47839e99157b4b9e7b8953974ae503bc88c27f475665fef3277436fa2b2ae3592021172a3ae0ecb5405a0e30a3c93f3e526639d595852d7e5497dab4d3e7ccf1573a9a9e80b131e31be38f47e12eb7900cb17bbd8998362c7caf684660b8dcc86e67468e29b74ebeeb5be87815f655d808481e2ff0bb3ee69e3d8af5d7d2699668eb5c752483769f6aeed956139e6f8861338e9e6f7e747a063cb6e1cc4b03a3b2efb3b0f82b4e404b44a762801a06ea26b35cbc9bbcf366dc5475e4e1f040a56055efc783e9be134da57acdf3301398223dbd617b8f7edc8f4380d9ebafc5fde318374133088d19918c65d578e20d07982ae1b3fc17ad15d226012386fe273443630852d24cd41c8df4035784c2d5cc83711d6c8407b5ae52446e558ed5101b67d8290a12bca0c8f205508cfed8abf005f41a146634ae217a54b7dc7c1733dc4605cded089917f672a017999f96ecbff08c26c0b028e4adfba820346cdaea138ae130c4f8f4d3bacca6f8b52360ebfabe755e0555ef87e04000a409162c230386c9cc853af55f97ff505ac63be4d9c8d51e33ed69155039701a41fec594265b0163a04bd416a7f738a5252d6ff2df1b22fd2570c0c27fea0e9bc5a8e67bd71f991d2baa311484c2e096f7eb1c8a8e6ed689a9edaefb5c321ee07982d34ff6b0c320094a687866f2bf25ddabd3fd228dfb86328fd3173ac640eaa50390da255e485904bc0b0982bdc9f217b571eece53d65124716fb0cfbab3cef62a0fb5db45719ad673aadf530668b27f26c6204c906090a400738e751c1f0e4e452bb94193cb7b24da0f6acf82961485bd7246fb7fb2050844f4c9c5927e1bc21a897fc434438f263c3cfbc65f374f3f6b196f9673d60929862af7e7fb2e03a023df06b90b1bd5a099e642a4c83b4f3047d2566b766ac09f610b6873b32fd9042dad08d5310270bdb39f9af86c1cff61232d7c24320c7c212ae40b4224a6a1ec85e54cbb4d83698b4f280e806b46f614da9e3b54e067b74d1c656ffa22006b8bcebe8520f65a32ffcd71259ac621f8368d2142d858e352bf79c8dcf36d2f7506a9f6d6a1d57dae362bbb2258850ae74c251e96c54b11a516a078ff705f113fd7f8a5b2942fa8c619a75a2dc41d5f2e9ce95a234dfe822ffc520329bbe34ae88c6ad58c1d30a898d1d70901a707a885e4c62739c1d9bead2e21f1bc80a2a897370bbc9a7a3ee3ba57db90c8e65387827346dc5e4c48a560fbab44f1a918a3a5a5cd402a8bfe4bff143b43cac0d9017f909ffc8bf7be0035ea07cd95631f1df22bac5f0632b17b37aea8fb225ee5534773a4c39ac8c5be29306ddb8347f4143c34cefd1890af143d411a1eb8c50eca9e560fe5d14679c3e16ee13fb0efc16bea002b07c23fdaaa333d8811c407fa735a31c7b2984ef6158d2068e2c15e0ae163f7fb21479dd9bc849d949070d32b1254a3769cd6f2c4d2a21ff6ed3a0c6621cf8f33a1f5b65e693c4f47b4fdc150f5082af38333216ab952b3c8a3b760e3fdd9b16f3951d3101f8c7964ca6a1b7b0827945f68f81a18b6db27a5ef44c7e7f24e8874a14d970a32c26a3a2b73794a94bf4ca9f98aed5190082bc78b608299227dac83fbb8a3bee27cd4a68a97f812cb22cb6cee8dbaec8fef0087cab8e6e0e84fc4bb583d1ec23a2510f9719d17fa34a2b09ef35a86e4b7837ca271c1b5dd011561fc2488ce0b54e4656d69a2e37e4453a84e3e948b67b93dc46b1106b3f4126ac235159fdc614f637a5523e4782a109c32d2817338a99b4a9548f0857736d47787dfd087c95166d240c002db2d7a0a43862578467aa956ddaf829fd2947acdffd989c25724752d5ef247056ea5525d36aa2e6ef6d61e15b759b5b7af1fc1bc81d6e878a4297b9cb82024ed3d7d81db3466d2b111a9b762de064241bed74af00fd18b360acd97c7ed06e2c847c9d1cf3e74a70b6698a8af4863e2399bd38a896bb8f25b8dba9617aab086f54f7de2c8be6607a748b726eddeced8cf457b43fb588da0f80bbd638461c60a8871c08e65cc16ecf41916dc70694701b6f13fbf926cad6c396d99699f0f5e0c6b57153d5f745c3e5b70d0736c508fa95f12ba8723e921e879c993d667cd790735d1e0b474a209bec00c5edd97396a48ea8703951d3c4992d8b425b3e04af2906b4f6aca7e481c4b79984d877a97401c444ad042b73e12843d09f58ee797f7cd3a65e15e19230ebf5a08d1e8569c3f32f8f42f103d5d61b2f0add18052533f6a79bea9931bed488880c79a3f08bd2003e64c485fe5d33087194feb663c007396b315eaea9f93866e6228ce9f3ae6e4f31dd4adeba15f72169cc2c402e5ff9018e0fbecc893b35e3c257cf773e8cb72533d55337bbb792da0597b59d6b367439943eac1846b8fb7f6991324733eac07b64e4f59b2ddee41b7398c23499fdaa372752f3bd37fdf15a7f626bf2a72cad6ea6deef137ba0cf857f7fe2fb3ef40f61a41572486aaef55107534b622c6685443c01cb1c804395e62fcdfcf9802a733dce502813837cddb3ced5e98dc375ced6452212c6ce0df4440d447a3a26ce005a9be28c815955f8d5019c970aeccab0308d4ed5af3c9db59245e376a204bd1f16316701e40ad702fe32528576ccbe79b2ff0f1f57d0ba3cd19104a180112497d22de14c752a26cf8a9cd93f94143eb821369478fb7e9781d48c5869dfbfd2d2ee962c2270b214b8de00c73e0dab93eb447c7ffbca8496a9cd7e04ff7942b08f06091bbd70fb0224bdeb10332bbb5b9a985571a35b1933c1bee0066aaeb60448fcffd182129f151954d1dd234d39202bddd0e48bac53e38d17034b0bcd7d42250cb3aead1baf521149fa0ae251c92be19c560bd9b20de388f4e1b33973a848d72dcb580ab17951a25527b13bb400149a9e9ce24c213a5e53914aa86c837eb966959bc675e8ce13c1ea0b0a4bb10f2fb8a64bb79afecfeb748061aaca0d87c46b238dab4a2ce96d29a1931bc14015ab619dcea1a053c7df60208974adc37b7bd78077f5abc73c527ef46b25dd292995265c26caf567e91b4f036b3c322e0d93ab9bc784aa6a9daf7377751976ef4983d5f26de92d3656882fd7d8eddf4332df9a92e067193d89692f31d9e7b8eff524b0bd6add91abce2e1aa652d9d696ebb28505d9a4204d44519aa7d16cf06e5d14438aca3ab03c28863673210e2d41ad3231a9dd8fa114d789d74f6ed2c24a5a247768e216d668d3423c16e1af984d984d6575cb0214106af962e296140a6d5e68b43c12b0f328806d6d25fde9f5d5b1aa5bb1e190af841f2bb8c303b69b13b02c280d647ae9f1899d994159ee058ab51e815cbbce0005adb54c7bd3ad0cf6640d08a72558c7ca707f43497f9005416a98e93fede6c523d095832ef672f261394a422cb28abc79d530a67c38e56ff3e729efb24ea35c5ecde1e0509002372ef8bdc438daad33e6f84331c95aebbb7bac589a07596fdd280d5986622a6e549bf1bc9299920fcef9e7b63ac0368b67ca048d06eeaea742cbd28db8a78f926dead5a3d3bb9a42af9ee4d62627003b4ca0412ff2e9b6ecbb6250d154473a5f0bc8e59876be29d95a35ab815745445e4c14fad92a80749f97c16af800173724db539922e5baf77e5d2d543cb842f8f0c2b071a755a40d94c3823d99c24f0321373ef5ed782ca67d3cf367ac32bc1e1f841855d538ebac11968953aae7935c3c4fdea6a6aae76895700de926ba2e3f0d20a53f3b2ac3ff300a411c22d47b0aab540566052776123a080f822426ddd76306712a9fefdde338638a8d972aa18684a66f13afd02b79e9a21c3a426251fb6a0fcee353d151e424da1d5421f4d4d52c2bd1271de668b909c394f76d8a0fd6c821d017d93d0a8f4dd70b4c56baa5e613a4916f2ae92db9a41f3bd7219123d3b1b07b7e814fab4044ad3d4e684d9b30772a8634171260c2d41301ea80b93d3509924e98702b67153306d3aedab3312cfd4e4139bb96956e064b55ff75ae52f10dcbc7162e38bf6f17cba18eeee489bfe95f1fd4c5321feebdd0fc18741ce34d2072d461379755bc4782148d3eeba19ee059de4cdd3e1b02827a69cb8fb1d942e479d81c0c1c75f97ca5eb074c194042397a7f0de3774d84f2588aae8948d265007105bfb1b71916b1be272b3af72a847276b69d52ad5458dd29fd2816e8749f8c0f5b7da50c9be989ef4fd176be460f085063cbfbfb06aaabef4a9c977b6464da7d966a004dd44f7e2d942a8a9c8082d9396b2a59f5ff854bc7ac3bf2c2e39b46079bcb5eed37c115f2dd2dc77231261ae0b92942ba2a48843ba5808021a886ebf2c6dece1e7bc0900c205b70e2d39b89a583fb3b09cd66e42cee99e99ae9bc94c752de409a354ca0d21de3a82d2de56ee8917af9e9c2f20eb6a077b515e4c4fc99a03fd7aee8fc9a2021cd7cbb474258e9586ce7e5b12f068d3d95d484300fdaf544b7676db2aa9a43e561cba6e8fe1e48130af1c713e45699fa17cf9f024104f9fc26638774d25884962460c84bf39c4f76e337ee5d9643b525c36df7153a188adc9bd64e5965ef667d980fba34b0ef5ab602289c65216997d8668ba4fd532fbd8faef6bffa36a4fd0b6d7112761fc8efd39b9186501e577dbfc8516873e3894a640b0a27e927f8c6454356a4496831a52b3b9b8a572163323d1f80297d9b25d9d40d0a94ae4f12918fc78554f6c4b2cd19e4c526c7759425039de570b9abcd69bd5d3835891b4def7945448f80fd5136368dc76e53e95becb93f84dbf0dfa5da6712ba952a07af4bf508c550466bff82cdb7523871bd1fac1aa276a9e050d49781c8984f0af425da2c184905b13d5e2c3f004e0ccbb8e5f0436b002e97e6b9e56e3133b1263baff828e8fc494efba024cec158737632b3449d0a3154157c6670a0ae7a8d9aa528583264bf1f85f593e6c7b9d9e140dbe05921fd49e8fd293ab776c21e9e85d1c7449f247fdbe736ddaecb63163444fc9f2f9b94b643778690ceaf9552ba9d11cc7ea8eacf7bfce66a3fe7b6a85e70b641e5fe5c2bdb43d5779d22d0482763d110b303b3ddd62875eb9995c008013f5a3e6d3e2732f9c9d13249372a22997645a3284f8e3a660382e53884175327cac4d2ea1b7c08381ac704ecf1856aff3f69dc390a70b1b5f21bc05f03a9dcd4ddae3354cc753a6dd7326eb6619bd5ce0901b930078b955a457a066882bcd265b5ef21147405b332c24604a0fa7faa83497c9b03e3eb883e1406df4b50581b06a33"}]}, 0x1018}, 0x1, 0x0, 0x0, 0x4000804}, 0x84)
sendmsg$IPSET_CMD_DEL(0xffffffffffffffff, &(0x7f0000001280)={&(0x7f0000001180)={0x10, 0x0, 0x0, 0x88000000}, 0xc, &(0x7f0000001240)={&(0x7f00000011c0)={0x64, 0xa, 0x6, 0x402, 0x0, 0x0, {0xc}, [@IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_ETHER={0xa}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0xffffff44}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_DATA={0x24, 0x7, 0x0, 0x1, [@IPSET_ATTR_PROTO={0x5, 0x7, 0x33}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xd9}, @IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0x7fff}, @IPSET_ATTR_CIDR2={0x5, 0x15, 0x40}]}]}, 0x64}, 0x1, 0x0, 0x0, 0x10}, 0x4000000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:45:43 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = openat$sr(0xffffffffffffff9c, &(0x7f0000000000), 0x10000, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
vmsplice(r1, &(0x7f0000000440)=[{&(0x7f00000001c0)="ad7a7b71602f4b762040c40d18e0c1bb16843b3f1df3e5c768aeddd5df0d26a1ecc00f034fe09109096e124dad8fd0f138a068303dcdac6835291d4399c60ce5294ee468c0df47e0", 0x48}, {&(0x7f0000000080)="df", 0x1}, {&(0x7f0000000240)="db72a34228526d2bb215d33736bb2b727d59cded7e097b261d4a70d8666850aabfdaa58acf3e0b0155ab4875bed19700bb248d890e2be2a6e9fc1910d3ff7b620ced32b8d41e2d5d53f2ebb1713e8012fa9c7a18b9bcdee730e3e04db94c7cde2bf8d8e53f33dc35324881dab29b3ce32e5edb16cd0077d99749e6fa682d740bf27d79712a41924ad147d3702577ad12033fadf1a9c2394d6863a2fe78870fe351b98aab2f7dca2a1d9e48d3e52c7534078480f7", 0xb4}, {&(0x7f0000000100)="2de3044ff6c5877a0800e8ca0f1567ae42754e180c79a7e1347f7328dc2f80fb6c2fbac399a48f2a2d05905437ff9ffe1e22da4985", 0x35}, {&(0x7f0000000300)="666b0eecefba74ae5bf9f10969aa0c7466d9c318d078cf417d210e34e5329ac5d2ae3800c85ef11e927b3baf5ea47a900827fddc3eb53a9462f87ec1e6ccfe3b5c546cd5ea4469f7583fd58e39c715377b940660a2c70b4991b6b5d65c7b75", 0x5f}, {&(0x7f0000000380)="dd761816372dc961df26e89d7a0538bd3fe79982aece81eefd2cee3299bb65d43802885e1597daafadb19133063f364f6e2abe6041d14f7abcf3b2f6a015573aff", 0x41}, {&(0x7f0000000400)="422a1852", 0x4}], 0x7, 0x3)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:43 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:43 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff)

03:45:43 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2000000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:43 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fstat(r1, &(0x7f0000000000))
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:45:43 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xb4, 0x80, &(0x7f0000000080)=0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000, &(0x7f00000000c0)=0x1)
removexattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=@known='trusted.overlay.metacopy\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x62d, &(0x7f00000002c0))
r1 = openat2(0xffffffffffffffff, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)={0x240840, 0x4, 0x7}, 0x18)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)='trusted.overlay.metacopy\x00', &(0x7f0000000280)='trusted.overlay.metacopy\x00', 0x0)

[ 1811.435278] No source specified
[ 1811.446458] No source specified
03:45:53 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000001c0)={0x1, 0x80, 0x3f, 0x0, 0x7, 0x5, 0x0, 0x1, 0x820, 0xc, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x80000000, 0x2, @perf_config_ext={0x1}, 0x40, 0x80000000, 0x8, 0x8bb03d65bf199ec2, 0x1, 0x7f, 0x4, 0x0, 0x3}, 0x0, 0x9, r0, 0x9)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:53 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x80fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:45:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mount(&(0x7f0000000000)=@sg0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='iso9660\x00', 0x1024d8, &(0x7f00000000c0)='\x00')
fdatasync(0xffffffffffffffff)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x203, r0)

03:45:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20, 0x4, &(0x7f0000001b00))
creat(&(0x7f0000000000)='./file0\x00', 0x3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
memfd_create(&(0x7f0000000080)='\xf3/+!}@\xfc\x00', 0x3)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$inet6_udp(0xa, 0x2, 0x0)

03:45:53 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x2010000000000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:53 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:53 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(0x0, 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:45:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
add_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r3, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, r3)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1821.900543] No source specified
[ 1821.905227] No source specified
03:45:53 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:53 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x8cffffff00000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:45:53 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)
membarrier(0x2, 0x0)

03:45:53 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640), 0x4000)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0})
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1822.030562] No source specified
[ 1822.036530] No source specified
03:45:53 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000080)='ext4\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:45:53 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(0x0, &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:45:54 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0x5, 0xff, 0x6, 0x9, 0x0, 0xa4, 0x40004, 0xd, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2, 0x1, @perf_bp={&(0x7f0000000000), 0x1}, 0x2400, 0x6241, 0x6, 0x4, 0x6, 0xa29a, 0x48, 0x0, 0x8, 0x0, 0xfffffffffffffffe}, 0x0, 0x2, r1, 0xa)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
r4 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r4, 0x0, 0x0)
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r5, 0x0, 0x0)
r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000001640), 0x220400, 0x0)
io_submit(0x0, 0x7, &(0x7f00000017c0)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x800, r2, &(0x7f0000000240)="e3df2d9de6414cd435ddaa32e66871793fce29cfca85c2bcbb44b12322d19b17ae9cf3d22e0f3ec3bf54d4d4afca0930d1b5b8276d097037648a1f983133bfec4975b089737d5f02be50c7dcaaa7e037ea6961a19290b5ffe7e422cc7d1a4a0eaf073bd27c79b1ad25b954637bce0147ffb90ba6dd0c7f1367e35cebb735c0a57b0f9da5262dd8abe0120478edcbf4344db8900992f7152e47ff5d60f72a335a0fab673dfd47a6ceae836745d31b3e6069ec7eeccc312f64150c8b5e8a513d7db5c8e16cc2ae711a7644ac42a35e1953d764586c6a8bf6d9f1baaf680b57cdc19e80586293fe49c0481d196fc7b74c2c629ea88cc515820c0616b456badcb47ef786328006a5e944647e0e03400bec2cea65e78a422608470c3e63b97184721c3150349071043bb295307a0e2da9fa6f5c1018bc8a6f83d4d8fdb4e92260a1631afae22bec2ed36e07ebce6db287be2e0ae723cd4d21d3f279f1d0c392f4fb87d2344e03ba7a55d9b781acb3ee92cbe97f1f4fa39c573eb1aa1da46ecbfc1ac7dd46afab87fdb4872200bf42c5a91bbbaf0590a32a0e8088848bd7c2e64954c04d8a7b590e0aeff2eccededd09e818ac9875ed07bf94dec04c34eb94880f79edb90e998f73689ab68a94790fc320dcb20a0e301064d843b927d3648aa7220bf1d13a9a51b04910dae42f873fa055b1fef7f96b456369eb123c58ca9dfb7944778675ded4960384c8dcecd4c98ec5bcd5bac1a643633ccc3f2b2e109733297ee5d0f67cb4ea2ce8916cf191961263864fd537e2d6e3e1cccfb484e2fe2ba1ae185f348a1cfc5d65caf61bbd6a6b1c62e0bd016e5ad4d8cd0f9c393939b1b7fda20d3885090e9af608cf2324b62b046d3a56fc0419897d36101d69a4cf848aaa7a8672f27db3db1afd067ef15339d52ceb7c956d1cb5f83518124199f17585966431608e04218a103fd84b678269c7803e2aaf2b0deac309d7d70e9a5cf753f7c7b3d4486a807041037aa0976762895778a7c5b5779bf27b0299e67f304584c657c2a7b4573d3d8423cb2c4c51569c5658aa61442c48c57857da428f7e69d4b0c0a95f37688c09389a96a39e9db839d9ad640462aa05c6679ad5674b5e1acc43729e9c2e69f2d5574384d771b3f54c7d564a2863e640e105d94b1c5a9deddf2424d02d9976d52ca115eccdf4aab678cd10b607c150327e6a6ce1aa717846209a5a67ef817500be1c328dab3c7a449de3e807f4c2c83017e2024732dd953b9e209e8a8b8c761ec42fcb419877d1787efa078a9e2e7ced37b0f3fbba6814b4da3847e65ec15a4b88663d04e0ae4b7934b3a04c542ddc25f47c8a30a90ffa76654e537378b2e6873f9dc15984c289eec23d76e60377e4c1bf22eb211f0f63637d5134bf57703d744f7a9d03592845d96140765d524bde65bdc509aea3ee329aaa5ca4e325bb523638b86525b91f9967828048369766f6fd6bca84cf813726ad312793bcfe93d512a07cf12e4e770e7ef67f4d80ceac9342358f7e17e86119d5013e4e90e579133050bce909d35bfaf39fdd1c1e3b73fce0c13fdd6eb76bef23faf0548694db5853b7474659b573003d03f5551c0d33e5b2ccfe48619e4270a3c283b4df83a9acf418a94ff4d9c8eff8c2edf6d66d627057ea94e4502397a3732697593b14bb2bda5302a60fb825d43017baf54855b99633199803763d19600276d6c1d9d15e3c771cfd4bad545f3afee49fa54f77923c63be4fbb2afe534614993cc3e9d9802bc0dbbd286a137248388f69cdca2d732635aa688cdf9c4a9eca6fc571d6ec566d6876fc9e55162658f91be987530f32a51640108f73c01516ec5e49341c7e01e7673e6f452467e89ab004aacf5871752fc88da215d7ad7fbc93444e41f53425ead0c7595baa6439b8b52c5ae8b0d411c2d9a9a8962c9952c5cea360877c56a40006185bd5810c552328fda85459e83fe11eba511caea4148ecd807594f14a7726ba0910821fd25138bc2018cddc426ae98ef9f2f46b4f76b6ce1de7be246fe4379cf9ff81b144ce4e1c40374d61fd65eda944c0e35081306cf4cb7121e5c9cab955504c26afb3b75efde65edeb69b998e53591f447d8bea9bd91e822a30dcedb001938a9054a2d0cbc50ea0c76118556e6270cfb8e3d327272271d64f2c8c88bfaf9ce76c6c8ee8c4d37e1011c603c97c62e4002d4764109cbd486e5cff06f5bae5b3016913354a04d92ad430379463c3a68a2a906434cb4b1801396926c9aeea7f422ba66e00f3591ed3baab9341138aa895d008fe9997d46312d13d0d6b2648fb910ece504c32b9474fec971ee24da16bd09c2b56b933025550906452ecbd51819aab7f6b25b393844ccef6629dddba5b4a88286b81eb2739fa6fa9b256569a3a4ae3fbc8c7496a56ac3906fa976cc4f8dcd76d381c33f1480c95bde23d55b8a4f08b1999c4816d6fea208d2f18af7d865398adc4f1235b21809b3d6160488da6fca9141e467ae25ec6145898934c459a9577dab4eb4643f25c68dcdc1d4330c26417de7008a7583edc661fa4e522bbd848a05daa86eeeb3baa40eae2243f40986030ae82a79f0e805deebed391435978356f2c67677c5e9d16edbd09b8bf249f64b295a3d77c04db81cf03979af0e494e7cf0a42b99fbec9e3459198eaaf7c00a534261e24f190f04c99254c40113c880b21828f65621f179183091620cab5e0da15c1923f54e407001fe9d5c71c85df24af832deae246d8d38dc42b8887ad81b5a5338ca439a15494e21f7dc4192f44e2e10f941a8c180eb634b65d9e9872dc54b1597a8e405ceef060eea6221e7372f50c39bead524eeee57e12d7a63e6a8797d5b77f162adf7b3a4e7880cb49d78698f1146395fc49ff458538c87ccae93f9a17281f823a628329aacad9410aec748248685fa1749b23b0fe4ce96f9e770b246e4f1162e4ecd29988f6857bb2939ab8a5ae396c42782d03871f9bc14244ec03c6c3ce3732416d3ddd4fd65f2722956e1c9668cbfe9e75b2d1fb901f599f807b543b992b7d723cdaf50b946166116101d27b8a2fc1aed95ea9992c42fbf7f08a7435b8d9693c49ecc1bb9e7ae3713f0a6b7af55d8b6ce6406a46b284b19bc80bca1e832043001a937f21063f13304352bda4cc23799cb326d1f08ba40d14c153b0315cc7d3d368fa4d5298aa400343787f0813ad9096ad7f55b3db6474a00d1e74785f7141d79bbcdce0afb5619ab40fbf40386b3e63daebe301ced76683216994badcadff52f5394b7fd03440c3c516084f455274826e18e78d072ef9afdd009ce12ce10ee485443d2d6598ec25cba3d2334134bd066c6dd7e957ce09599043ccc3f4b34fa03f415c1fb2e706ddda63dd7aaf157a249ed619ba6c198fe987ac4c8d9f0f243d7bdcd176e1b3da32e720d9ffc28717b81d7dc4d830d4a2ff7191af5522293d420bc71d7c2b709b742c60b6db9c3438065236aacb735d9e82d5f29f0f51726166eeb54401e1a268458397150dd722df0de45f24170bb5bb14d57779dbc9bdb469e94d4b1e309de19620e2d53f96bee6eb64eb046373635f20de593a114867929796cd682a7af7ea53c4bda1a26242b819aa288007693762e34f59434ce5720c92f8bd0a61c6e706aa66027928d468c50d0929f0a81e68a71c17777082dd86af6373cf078eaf25a16ca4ea3a5b8f7e30fdc9035615d4a30273bca15b52496b143940bbe558b5a0a58ff182582f58f1fc4fe6c47a249b7cd14577f18cfcfde977fe4e49a0f2fb7705046ccf14ab2e14aa47ed7928bbe6802be6575670eb61a773ea52a5744a54e2683db7163fe8c165a16b4593e6b83e6db48777f2248413cf76a6442f86802a9a8033f0f28807db5010d619c0b1d4203b42e8c1d8d3af3955951be7d96bb97971c71c15a7f2030a8a6c8ec892e678602c94d12094188d1900fa2fd726a7a2dd56d49e2a49d3306fd3d478d700131bae2c93b25e8fdb25c2a643d2ac294986467c67a6360cfd0f705f0ec0b8c9ad9605d3fcc8fd1633d5f0a83c2d08567c88535e6beb95978083306e1c5ce2c982e2f223c6af8b196299ccd055cbb9a5e406ca353eb6837ce194bd87ceef2423bdb42f1b24c7f9853c35dc5744f28931434b59dc40975c7f41d24f716ce61736d6a721f526e20409b1408c3df8308c2ba68d53d2a5f68a2989b11f1eade0582a8fcb185d3bf98183d9349c1106e0ada2b298a0454a8feb546cd39a8df3157c5ee9f299ba8407e03d7f2816ff8e8cb3eb369287fb6d2a099bd79536500db299abb19b8e1b7138adc4fd152c48cd7755e60f12e8fca0c032d670b4c251074d6681f11a007cd9a990ca5825a2d03ac32d1c01f4be1772164a749db348a1b42732d141543c02903d1dafe8c6cd25c9f70e04e8de33e6691caad256ca94d693a1190dbaf0ebb27f4a44d0a8c8eac206b3294bf3fddadc778a6c2dbbc4dc85ea00f33aad4d3d2d188e10c7c9c706ca1ac7ac2f85839c36c58ac973ae119ea2654d1c79da62b301f8570ecc021f58ffd4e0b61ec486cdc361cacc3f6441bfbd3ac233e2407a3156466197e57bd21c3458ee9c3e83446bbeec2d7bd9b332259960eca527c64e15728ac28077516abd128b425e1c51e5699fbef0d7f4e9ae3cc1477b05dba61c12b2e1c5807a86383daa3a60580df5057df658294fedadbf7bceb3130a3c9e4d7f9d8417b2565b848338f74c7cec011cb580afca9c19d13375b2a75383def0222f010034ef1d23d608ddbd9b019d8abac6031ea5e510b2f35139b39189f57d490ac7b889b1c26070cb8f066bc7c0af9847c051a9931800179bbf3adeb33d66a22a6d8ed51a48527e6b1f5897293dc1f4c9a5d44e9b0ed63927158bd39059c58a5699fec3a1fd499eb9dad06ea499012dc01fec8eee8f4f328d755bb7a93800b7a99372ede42ed831111488f46818e80bb06f0dcade7979395aeb237c1259f2b2608f86e6b2b80f90896a8ce91ee872202a5609e741c24aa0dc2af8a27935c472da8f81c3f9893576eb35f1d3a6ac69f9efb7a86bef092ba657ea8b928ae8d80e63b9f0d9ad29214ad081af60b5bdd53f92ca2c6f6b1f2af511774d74aa66de9bd639888f071b41e833033e5a3eb970771d9d2b09cfc6b35a2716905747b33918d6383ccc6ae226df3c1eb1097799076545aa88ea60227722c2d3dc6cecb9dbb014206ae274ec3ea2e8d68267fab53225ba9c84d84ab7fb9b201f478a686b91fdf65ae2f1fe83d5a45ff00d9ad87938f871c0b5a996f7c8dd754d7cea7b5f89ede03f69315e97573af4942885029d36db93211edf1aa0f3b5b6fc147c2f15662639c9fe1d91a741800375b2d0ab97dc8fe8261a4f5961c9ad32efb8a862f94b262223ae18b344e1a29fb00baec13ebb91353c5a4e025ecaf43326f725b5e7279a4f361940506adc48dbafd927d10e2d44cd50e66bb3605b47e3306e54887c0bebb11d8cade7bd89e7079dbaac90fb4c483a952a5f84f0c97da97a7f4436e5d6832afe63ac8455fff0056276e8643cb9b70f2f618bba17a1a1aeef32bb4616e68703c9c13a41bba6fa5bba1f5958eed69130c3eb06fb4520b35490290546ead86226bad073f66e8e0378debb4828f325580114ffc702b07627dd1381978f55c242c02a4a676bf668936c7bb844aa2bf7d0ad31e9fd4a5eaff3f92f72dcc36940604822f638276c1e5fd40e933eb9f00930cc0d18992c68e168958f48432970213328e7e9bb4da3008387025d5d4264270b450fb19ca703766f18fb68b4e7c2f565", 0x1000, 0x8, 0x0, 0x1, r3}, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000001240)="678e239aeda2eb4102ce2f57f95ba3b8611e7f763a4772f21d87341136f27692458317c0bd055d52b3b1dee25ec6b5ac1157ca61a703d689f72d49b01798f37fd7530b126516b597a277ea16fc9b1378bfbe895ee9691ad78c0014e026fab0e8674e88ea5ea7a6bdcd3095fdf988d0d2c5c6b1b710bd7b7b9b013370b29f4e4f9e6552f447c466", 0x87, 0xdf, 0x0, 0x2, r4}, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x6, 0x2, r0, &(0x7f0000001300)="33d971a5568e076f4e6993007882ca6a9d1eb433d9eba4f7b866511eb1ec90dd10da9c16e225606397ae6024a18d85353d0e40f1b8d916775dccd8032b49fb739ffa84676793e2226ef0a0b2c8cf515682a3ba74406896f266bbca27733b31f15576508f50639ee2e0d5febd32", 0x6d, 0xff, 0x0, 0x3}, &(0x7f0000001400)={0x0, 0x0, 0x0, 0x6, 0x5, r2, &(0x7f00000013c0)="99cc319c4ef702536dc021", 0xb, 0xfa380000, 0x0, 0x2}, &(0x7f00000014c0)={0x0, 0x0, 0x0, 0x6, 0x3ff, 0xffffffffffffffff, &(0x7f0000001440)="52c2f6ffb190e756b4c6d2a299bdefdc8c6761f73632b577b896d9e10e13f23066c21d0cad4eb03482ff0ae840c62e4c485bdd25966ea91df879af69a0b68cc5ac5e3f320749b753c913a8ec1423401a574bda0cbbab58fa18375d1bb6c1f4c60e970142548ebf1ec1406428", 0x6c, 0x5, 0x0, 0x3, r5}, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x6, 0x4, r2, &(0x7f0000001500)="5f19eff5d6971150534ed9881d0244d28b7e6e41c804006fcc4ba1936352e6d40a2390745dc22439ecdd1a7c890ddf4151047209a3353204d52594e048cc4b4b0f711b748fe56276eb7a0fa883d255f7a934d5b61890ba9405a7d5f726ede2d7a3c20f38983ff6da4e36d2e6b6b2e0d81260bf909421ef9dc283cd08639fa3855f163e19f0579182d986fa5a89d31ab4bc986e17ce05ac8fbc814430332c2b1edb451e3a2195eea2383c8969e6e1b34612eb94c931341c083abc0a8c3a950476d28c8ae5f21bf0c003ec26223d27c3621310e763ab663241eff4c343feb98f346236", 0xe2, 0xb3f7, 0x0, 0x2, r1}, &(0x7f0000001780)={0x0, 0x0, 0x0, 0x3, 0xe88c, r6, &(0x7f0000001680)="2b0e01cbfcc10a8295658db3e778b14d0e3d4d90bfdfac8064a3a69ca5feb566147f771c5db90d11c986b695ccaf97ec324ba930520fc59197fe623adc4a661a4430778e3845b23ec98ec9f72a46b4dc0ba21e97ae6add147905f086ebcda5edddc708b776137236b8d9e65381d5f78d8cfe51e26d644e28765cd4b10092a488c5ef60982da3629eb45e9073b65ba198e8e62539e47297edd1ed72f6c5ba0a5263565260a88d1cfd17f839993216e077575d4ad13576182e51f6cceb922013ff631348c95930a2776c24f2513babcae705", 0xd1, 0xff}])
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:45:54 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xf6ffffff00000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1822.136964] No source specified
[ 1822.141732] No source specified
03:46:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xf9fdffff00000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:03 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:46:03 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
clock_gettime(0x0, &(0x7f00000000c0)={<r0=>0x0, <r1=>0x0})
rt_sigtimedwait(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000100)={r0, r1+60000000}, 0x8)
fdatasync(0xffffffffffffffff)

03:46:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000100), 0x4140, 0x0)
r2 = creat(&(0x7f00000001c0)='./file0\x00', 0x40)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r1, 0x2405, r2)
inotify_init1(0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)=',%*\x00', &(0x7f0000000080)='\x80)-$].\x00', 0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:46:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0xffffffffffffff01, &(0x7f0000000080))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f00000000c0)='posixacl\x00', 0x0, 0x0)

03:46:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x44200, 0x3)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:46:03 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(0x0, 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:46:03 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xc0fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:46:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='cmdline\x00')
lseek(r0, 0x0, 0x3)
io_setup(0x7, &(0x7f0000000080))
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1831.745119] No source specified
[ 1831.750070] No source specified
03:46:03 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @perf_bp={0x0}, 0x10001, 0x4, 0x200, 0x0, 0x6, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000080)={<r1=>0x0}, &(0x7f0000000100)=0xc)
perf_event_open(&(0x7f00000001c0)={0x4, 0x80, 0x0, 0x5c, 0xbc, 0x40, 0x0, 0x8000, 0x80000, 0x8, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x6d9ee026, 0x4, @perf_bp, 0x10800, 0x2, 0x40, 0x3, 0x100000000, 0x2, 0xffff, 0x0, 0x5a3, 0x0, 0x9}, r1, 0x3, 0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000240))
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:46:03 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:46:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
msgsnd(0x0, &(0x7f0000000080)={0x3, "9c64e030d8595fb6f127120bef428050de6e0d45c720f3a6811cf97df27203ff055c8d5229a7818223b210d7a844c511abe1efb04bd0f78f04cdefad17e66c12b884c32c0cc1dc8e9d762601c47ef4b7319c5059203482ee7d41e7b767e831fa4d2f9060a886314edb1100f5127879ac9d997672588ea7d0e1d410c2a7f3f15f19a2ad897fa17e47667421c8c281d14084526c38"}, 0x9c, 0x800)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:46:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
mount_setattr(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x800, &(0x7f0000000140)={0x2, 0x80, 0x20000}, 0x20)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
setxattr$incfs_size(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040), &(0x7f0000000080)=0x7, 0x8, 0x0)
fchown(0xffffffffffffffff, r0, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:46:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0xffffffff00000000, 0x0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:03 executing program 6:
semctl$IPC_RMID(0x0, 0x0, 0x0)
r0 = semget(0x3, 0x1, 0x4)
semctl$GETVAL(r0, 0x3, 0xc, &(0x7f00000001c0)=""/130)
r1 = semget$private(0x0, 0x5, 0x0)
semop(r1, &(0x7f0000000040)=[{0x0, 0xffc0}, {}], 0x2)
semctl$GETALL(r1, 0x0, 0xd, &(0x7f00000000c0)=""/100)
semop(r1, &(0x7f0000000000)=[{0x2, 0x1, 0x800}, {0x3}, {0x3, 0x40}, {0x2, 0x3, 0x800}, {0x0, 0x200, 0x2800}], 0x5)
r2 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, '\x00', [{0x7, 0x80, 0x800, 0x0, 0x8, 0x1}, {0x8, 0x1, 0x3, 0x1, 0x1, 0x2}], ['\x00', '\x00']})
ioctl$BTRFS_IOC_SUBVOL_CREATE(r2, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1834.358082] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1834.361440] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1834.363562] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1834.370717] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1834.376389] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1834.452823] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1834.458818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1834.465391] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1834.470166] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1834.473309] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1836.460764] Bluetooth: hci0: command tx timeout
[ 1836.524762] Bluetooth: hci2: command tx timeout
[ 1838.510787] Bluetooth: hci0: command tx timeout
[ 1838.572739] Bluetooth: hci2: command tx timeout
[ 1840.557764] Bluetooth: hci0: command tx timeout
[ 1840.620761] Bluetooth: hci2: command tx timeout
[ 1842.605685] Bluetooth: hci0: command tx timeout
[ 1842.669706] Bluetooth: hci2: command tx timeout
[ 1843.738366] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1843.739896] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1843.765966] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1843.766539] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1844.003198] No source specified
[ 1844.005902] No source specified
[ 1844.556761] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1844.558087] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1844.598564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1844.599142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
03:46:28 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0)
rmdir(&(0x7f0000000380)='./file0\x00')

03:46:28 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
r1 = inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f0000000480)={{}, {0x8}, 0x2, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000001c0)="d703507b2876e347afb0a9cd47302d864b6d43c5788cbb6efb23aa762e651768de9fb81990b80de6f7a6269e75c76718863714b8a5506b18dec9cc54ef7a1a1795096b960e4f4e5350de3133577b2cb659ce9f4e97ba665d6702ce9417fe456df7450aab6e5cd7018d6807c8bb717906d2c6db30d1e9e3505fcde983834fd314141215fbd011678f1b9713fb5ad1a133b271dada2d94ece1793bbda816ddc0d03de7fdea788e16738d9ce3f7", 0xac, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="02000000fd000000010000000c0d000000b08c3177b422668c951be6af25e30000006b23f00ad9c41dbd3c1e470879141577ce836d09c5f6c0b98a51e39299f65d06c82affda54769091048dfa8a91d3a73b1fc3362f27360ca74f0c7dd350b344f5eef2792b6ed48919b2cda4285f564179a9316009b03fd105ccc12e6a6c76e1db01c57eb37c71b6c44b01258ce9eb663a8e19a41ec10cd1473b010f01c8e09889ce02fa574b5714732a0b6a83407313df42b40d48441ce00d5520a9d5bbbac37c3e61ddf990c9bb309695722c88fd70b0d98c888ecea33e7520268538122eb008390c1435943ad2547e01c86ded8376db5c8faaa3c5ed000000fd38d8a23e7e9083cddcd0bd1939c5728d9c497932008560610c4bcf937ed71a833bb36f36aa32320218d430db1bf02201ef51cd8e354d8c3c6b40b96b923501792f5f28344c638f39a6b0ae782c63e9a9dd68fbda0fda7f88028b548dcab8d9b3ff0896094dd2e3c98d6152bfd499c6dd2903d006a6457d67fc13fcdaea5e9b233ced9c946ab97df75c15ae488320ba52687aa062844d149ec4ebbab607b3b1e9a125afe10e6b03ca010cabb76db31f43a97c1902a749e02e18c4a534e1678822c38910fb3e75ca684e511b99359029b5e626b4904311f8a85be9b0262b396ef416d77701c6970fa64dd3932e464511a4a32284e28e2332b0341fe81a3acfa9fbde415d2ce35400076cb93cc3fe7a13e67b2b7611c7fff5a41134a37a8b3328e87ba07c622779512437f3857e4746142ecf01ed83803e99034c275fd78000000000000000"], 0x1f6})

03:46:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1fe, 0x0, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000000100))
syz_emit_vhci(&(0x7f0000000200)=ANY=[@ANYBLOB="03c900bf91bf3a3a943a6b57ca12ceb40b80955aa026c7c3d398771ec3ac914c918165216fa244f4a4c14ff1b2f5537cc79a0dea6d41c55f53c74ed5da22d9e468cebaae751e6cbe407e6c997f44af64d6e4cda1cc345ff0b86b40b67bcfc70bb5f689d344f0fca93b329253b6049585e6fa39f7bd72ed3a9556d225be9b0304001448e6bdd3fcdf1b7597c483fbd3d3d4d5784cd7fb9778f2ce54efb2e025acb55d94e1e0f6e9e4390820e1536c46f8d2d63143808aa56039111c76648e8a9654e45ff6a990fca47c41a450084a99aea98f6267589df53ef0305940f5d7f31d99c9315c6f902ac7b4618c0ff22cacab75a529e073d1"], 0xc3)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
syz_mount_image$iso9660(&(0x7f0000000300), &(0x7f0000000340)='./file0\x00', 0x800, 0x1, &(0x7f0000000440)=[{&(0x7f0000000380)="a7ee83bba5dd1cda88ef6496b3832abcf7458a8d03d3b40e23dbff60cbed2e8121520e521ac52e2c85758c2aae86038b660db26aec613db7b8297cefcc52c7ea50d601f40544f7fb713403d8bc8d06d9a7f1a2cad3e953f1d8e27114e880ee18b093432a23651edd53f32c01bd56a9ddea61c198a4d717b7c54b756bf6062a1a5972b171e416ad1b7696893fa471541cc9b4e832241ce7f00f297eca4eb3d74d3255f195ca", 0xa5, 0x1f17}], 0x200000, &(0x7f0000000480)={[{@block={'block', 0x3d, 0x200}}, {@dmode={'dmode', 0x3d, 0x2}}, {@mode={'mode', 0x3d, 0x81}}, {@gid={'gid', 0x3d, 0xee00}}, {@unhide}, {@utf8}, {@overriderock}, {@map_off}], [{@dont_appraise}]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000001, 0x2, &(0x7f00000000c0))
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000140), 0x6, 0x280)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000180)='rw\x00', &(0x7f00000001c0)='-\x00', 0x0)

03:46:28 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000300), 0x101001, 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, &(0x7f0000000340)={0xa7f, 0x0, {0x1, 0x0, 0x3ff, 0x7, 0x2}, 0xff})
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
r2 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r3 = syz_open_dev$loop(&(0x7f00000003c0), 0x2, 0x100)
fcntl$F_SET_FILE_RW_HINT(r3, 0x40e, &(0x7f0000000400)=0x3)
r4 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000100)={'fscrypt:', @desc1}, &(0x7f0000000140)={0x0, "d4d67ceea31432ee99f72d8d980be26e0ad088a206786f1e4c60f050fccfb55d9694889288f44c6835ea3ff04b0c5506ee05bb925e41f0b9e061853c938e7d69", 0x28}, 0x48, r2)
setxattr$trusted_overlay_opaque(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), &(0x7f0000000240), 0x2, 0x3)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r4)
faccessat(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r4)

03:46:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:28 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xe803}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:46:28 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x5, &(0x7f0000000000)=0x1)

03:46:28 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:46:28 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x220, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1856.437411] loop5: detected capacity change from 0 to 31
[ 1856.448903] No source specified
[ 1856.451089] iso9660: Unknown parameter 'dont_appraise'
[ 1856.460307] No source specified
03:46:28 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x6000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
r2 = dup2(r1, r1)
sendmsg$NL80211_CMD_SET_MESH_CONFIG(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x24, 0x0, 0x4, 0x70bd27, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_WIPHY={0x8, 0x1, 0x6c}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x40000)
faccessat(r2, 0x0, 0x6ace97058690a2d7)

[ 1856.489734] loop5: detected capacity change from 0 to 31
03:46:28 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

[ 1856.509844] iso9660: Unknown parameter 'dont_appraise'
03:46:28 executing program 4:
ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x3, 'dummy0\x00', {0x1000}, 0x3})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = signalfd(0xffffffffffffffff, &(0x7f0000000200)={[0x4]}, 0x8)
openat$cgroup_netprio_ifpriomap(r0, &(0x7f0000000240), 0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(r0, 0xc018937a, &(0x7f0000000280)={{0x1, 0x1, 0x18, <r1=>r0, {0x4}}, './file0\x00'})
socketpair(0x2c, 0x2, 0x20, &(0x7f00000002c0)={<r2=>0xffffffffffffffff})
r3 = fsmount(r0, 0x1, 0x7)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r1, 0xc0189378, &(0x7f0000000300)={{0x1, 0x1, 0x18, r2, {r3}}, './file0\x00'})
r4 = ioctl$TIOCGPTPEER(r0, 0x5441, 0x8)
r5 = dup(r4)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x8c, 0x0, 0x1, 0x201, 0x0, 0x0, {0x0, 0x0, 0x1}, [@CTA_TUPLE_ORIG={0x30, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x8e}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}]}, @CTA_SEQ_ADJ_REPLY={0x2c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x4}, @CTA_SEQADJ_CORRECTION_POS={0x8}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SEQADJ_OFFSET_BEFORE={0x8, 0x2, 0x1, 0x0, 0x5}]}, @CTA_SYNPROXY={0x1c, 0x18, 0x0, 0x1, [@CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x10000}, @CTA_SYNPROXY_ISN={0x8, 0x1, 0x1, 0x0, 0x5}, @CTA_SYNPROXY_TSOFF={0x8}]}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4001}, 0x20014)
r6 = syz_open_dev$hiddev(&(0x7f00000001c0), 0x7, 0x620000)
mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1000000, 0x20010, r6, 0xf433e000)

03:46:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x3, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000100)={{0x1, 0x1, 0x18, <r1=>r0, {0x700}}, './file0\x00'})
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f0000000140)={{0x1, 0x1, 0x18, r0, {0x2}}, './file0\x00'})
socket$inet6_udp(0xa, 0x2, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000080), 0x200, 0x40001)
fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f00000000c0)='dirsync\x00', 0x0, 0x0)

03:46:28 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:46:28 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)

[ 1856.696467] No source specified
[ 1856.703431] No source specified
03:46:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = syz_io_uring_setup(0x27d1, &(0x7f0000000080)={0x0, 0x3fae, 0x20, 0x2, 0x306}, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000000100), &(0x7f0000000140))
r2 = syz_open_procfs$namespace(0x0, &(0x7f0000000180)='ns/time_for_children\x00')
r3 = accept4$packet(0xffffffffffffffff, &(0x7f00000002c0), &(0x7f0000000200)=0x14, 0x80800)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r1, 0x6, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000240)=[r2, r3, r0, r0, r4]}, 0x5)

03:46:37 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0xfe, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x2, 0x0, 0x5}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r2 = fsmount(r1, 0x1, 0x9)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
r3 = inotify_init()
r4 = inotify_add_watch(r3, &(0x7f0000000040)='./file0\x00', 0xd400080b)
inotify_rm_watch(r3, r4)
inotify_rm_watch(0xffffffffffffffff, r4)
r5 = inotify_init()
r6 = openat$incfs(r2, &(0x7f0000000000)='.log\x00', 0x0, 0x50)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f0000000080)='\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0)
ioctl$BTRFS_IOC_SPACE_INFO(r5, 0xc0109414, &(0x7f0000000200)={0x8bb, 0xffffffffffffffff, ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']})
read(0xffffffffffffffff, 0x0, 0x0)

03:46:37 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xee72}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:46:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xf6, 0x400, &(0x7f0000000000))
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
fork()
syz_open_procfs(r0, &(0x7f0000000040)='attr/fscreate\x00')
fdatasync(0xffffffffffffffff)

03:46:37 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
r5 = accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @empty}, &(0x7f0000000180)=0x10, 0x100000)
r6 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r6, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r5, {r6}}, './file0\x00'})
getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r3, 0xee00, r7)
fchown(r2, 0x0, r7)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:46:37 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:46:37 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0)
rmdir(0x0)

03:46:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x4, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1865.299038] No source specified
[ 1865.300169] No source specified
03:46:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x5, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1865.367149] No source specified
[ 1865.369695] No source specified
03:46:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x6, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x1, &(0x7f0000000040)=0x8)
socket$nl_xfrm(0x10, 0x3, 0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000001, 0xffffffffffffff00, &(0x7f0000000080))
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, &(0x7f0000001180))
ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000000000)={0x0, 'tunl0\x00', {}, 0x263})
fdatasync(0xffffffffffffffff)

03:46:37 executing program 3:
delete_module(&(0x7f0000000000)='keyring\x00', 0x200)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x400)
setfsuid(r0)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
delete_module(&(0x7f00000001c0)='ceph\x00', 0x0)
request_key(&(0x7f0000000100)='ceph\x00', &(0x7f0000000140)={'syz', 0x0}, &(0x7f0000000180)='@^+[[\x00', r1)
keyctl$read(0xb, r1, 0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:46:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x75ae, 0x8001, &(0x7f0000000100))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x8, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffe, 0x40, &(0x7f00000000c0))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x4, &(0x7f0000000140)=0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 1865.456521] No source specified
[ 1865.460085] No source specified
03:46:37 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$mouse(&(0x7f0000000000), 0xffff, 0x501)
inotify_add_watch(r1, &(0x7f0000000080)='./file0\x00', 0x2000800)

03:46:37 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:46:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = fsmount(0xffffffffffffffff, 0x0, 0xc)
fstat(r0, &(0x7f0000000080))
memfd_create(&(0x7f0000000040)='\x00', 0x3)

03:46:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x7, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:46:37 executing program 6:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x22000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)=']^*!,\\\x00', &(0x7f0000000080)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:46:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mount(&(0x7f00000000c0)=ANY=[@ANYBLOB="1f05fe35734bca6b9c11462ba2e3e5be21396fccef53530f3d90c0107f1e8d3ede52374d668c8eeb386ab7e25f82b34d4ca0b57e"], &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='sockfs\x00', 0x1030800, 0x0)
fdatasync(0xffffffffffffffff)

[ 1868.025421] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1868.029757] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1868.032086] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1868.036137] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1868.041510] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1870.062023] Bluetooth: hci0: command tx timeout
[ 1872.108790] Bluetooth: hci0: command tx timeout
[ 1874.157769] Bluetooth: hci0: command tx timeout
[ 1876.205753] Bluetooth: hci0: command tx timeout
[ 1884.456748] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1884.458035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1884.522906] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1884.524152] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1884.818078] No source specified
[ 1884.821388] No source specified
03:47:06 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0)
rmdir(0x0)

03:47:06 executing program 5:
sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@SMC_PNETID_IBPORT={0x5, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'veth1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x48}, 0x1, 0x0, 0x0, 0x80}, 0x40408e9)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:47:06 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x8, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:06 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xf401}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:06 executing program 2:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, 0x0, 0xee00, 0x0)

03:47:06 executing program 6:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x200000, 0x0)
ioctl$KDGKBENT(r0, 0x4b46, &(0x7f0000000080)={0x6, 0xdb, 0x7})
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:47:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
creat(&(0x7f0000000000)='./file0\x00', 0x20)

03:47:06 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:06 executing program 2:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(0x0, 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1894.580091] No source specified
[ 1894.588256] No source specified
03:47:06 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x3, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:47:06 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000080)='hugetlbfs\x00', 0x0, r3)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsmount(r1, 0x1, 0xc777fcf58f5874f6)
fcntl$getownex(r2, 0x10, &(0x7f0000000140))

03:47:06 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
r2 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000100)="250f0f4d880fbc84308515d600cca1c25d449639a405bbb9cd673feb6d6c15f445e982416a90d7af872c327e5946aab5c782018d0e65ae6b93e2d6b9ee55ef916eb517d653b0827895a24d1bd6a82babe1d2615af58d8ad264fef782f2173036a8bbefb5f9a24970a2cca9e1f6064b24125d663647682407f6ea8977a610a4b535b0fe61af6c8a575e3d19767392dcae1087934dcc728de195cdf78eefcf07911d8cc4223deb567a7c2d51", 0xab, r2)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000440)={{0x1, 0x1, 0x18, <r3=>0xffffffffffffffff, {<r4=>0xffffffffffffffff}}, './file0\x00'})
sendmsg$nl_xfrm(r3, &(0x7f00000005c0)={&(0x7f0000000480), 0xc, &(0x7f0000000580)={&(0x7f00000004c0)=@flushpolicy={0xa0, 0x1d, 0x1, 0x70bd25, 0x25dfdbfb, "", [@sec_ctx={0x8d, 0x8, {0x89, 0x8, 0x1, 0x7f, 0x81, "154fb401ed55a3619429ca87e9ae1df121a8e769010b21146c1ac08d8904020332e273ffe149440276194b8c9c475f6cfeb8bee0e186ab984332584f4e12a90d09f4cbd8987dff8135d3e5e42b12d863a338f94827706f21e3e8fa5344554fbe54574c5de4c64ad99e23b57767af298fc5924a92a360217d25ee6ec868b6a2f4d5"}}]}, 0xa0}, 0x1, 0x0, 0x0, 0x440}, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x1100)
setfsuid(r5)
fchown(r4, r5, r1)
lsetxattr$security_capability(&(0x7f0000000380)='./file0\x00', &(0x7f00000003c0), &(0x7f0000000400)=@v2={0x2000000, [{0x7fffffff, 0x6}, {0xfffffffa, 0x8}]}, 0x14, 0x1)
r6 = add_key$user(&(0x7f0000000080), &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)="ebb72f2f7db3a6b8b057f8b534c1d2ab89d074cf83ca392e4e10964b80f661105679dcffd4a20e76967dc49d81d35a32d027035afe54cec45c7259f2f54e0fbd8d9662103eb286d8a54464bdfe03", 0x4e, 0xfffffffffffffff8)
r7 = add_key(&(0x7f0000000280)='id_resolver\x00', &(0x7f00000002c0)={'syz', 0x0}, &(0x7f0000000300)="05b55db45f473e422825fb6a467a4d9b428cb4f6e6e3b281530b66d1d23774f4a234153206ed60aa58ed57ef72e74ad628a7e1524dcd382da665122a8aaa44f4988a88e77f69e9df47ef8060565cb925a0b728fd5d463903e8ed989e7b97e0091afd22bf1e1bc80e9cf0263a9cfe6d4eb25a7d48affbbfb608", 0x79, r2)
keyctl$link(0x8, r6, r7)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:06 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x9, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:06 executing program 6:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, &(0x7f0000001180))
ioctl$sock_SIOCOUTQNSD(r0, 0x894b, &(0x7f00000000c0))
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f0000001380)=',\x9f-$]-\xdf', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
r2 = syz_mount_image$tmpfs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x8, 0x1, &(0x7f0000000100)=[{&(0x7f00000001c0)="a6758e10285c9050a6ef84b33bb25c7037a1ad074114d71effca41ff8c56486e41550098dd7b027b216ba0da400b8a02074c135022507072b460de56f09f2a9f42c9dd15f1b2a80b650a864c3aabd69ea20b3e284d86057e1453cd536a7c7e2be3354bf12eeb79bca9de4df077857ef079fdb3e4857868bc187253f29577170c4a0cc278234126da44fbb853fc86b7bb5fb7d44f9cf12f6438f28dfa729444626b9e64b600a0b3781d205782575fb94448ff10d719ff72737a928ea2329739fd3dacbbbd6a2499423e22de6d19e37ebce720fe34e52a72a398ebb8de0df790c22b4a5dcc3712620567963fc8e90c48ff", 0xf0, 0x5}], 0x1000, &(0x7f00000002c0)=ANY=[@ANYBLOB='uid=', @ANYRESHEX, @ANYBLOB, @ANYRESHEX, @ANYBLOB="2c6e725f696e6f6465733d306d38336b0939392c6d706f6c3d696e7465726c65617ee53d7374617469632c7569643d", @ANYRESHEX=0xee00, @ANYBLOB="2c687567653d6e657665722c687567653d6164766973652c6e725f626c6f636b733d3578302d31336d36672c66736e616d653d80292d245d2e002c00"])
read(r2, &(0x7f0000000380)=""/4096, 0x1000)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1894.916780] No source specified
[ 1894.926361] No source specified
03:47:16 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xfc00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:16 executing program 4:
r0 = socket$inet6_icmp(0xa, 0x2, 0x3a)
ioctl$F2FS_IOC_GET_FEATURES(r0, 0x8004f50c, &(0x7f0000000040))
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmsg$inet(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000100)={'ip6gre0\x00', &(0x7f0000000080)={'syztnl0\x00', <r2=>0x0, 0x4, 0x18, 0x1, 0x1ff, 0x3e, @mcast2, @mcast2, 0x20, 0x7800, 0x8, 0x3}})
ioctl$sock_ipv6_tunnel_SIOCCHGPRL(r1, 0x89f7, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', r2, 0x2f, 0xed, 0x7, 0x3, 0x10, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, 0x7800, 0x8, 0x7, 0xfff}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x100000000, &(0x7f0000000000))
fdatasync(0xffffffffffffffff)

03:47:16 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7f, 0x4168}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0x0, 0xffffffffffffffff, 0x3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
r2 = fsmount(r1, 0x0, 0x8)
fsmount(r2, 0x1, 0x9)

03:47:16 executing program 7:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0)
rmdir(0x0)

03:47:16 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000080), 0x1100)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
faccessat2(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x1100)
lstat(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180))
r3 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)={0x8400, 0x8}, 0x18)
execveat(r3, &(0x7f0000000280)='./file0\x00', &(0x7f0000000400)=[&(0x7f00000002c0)='@@}-{\\}\'\\-/&\x00', &(0x7f0000000300)='$\x00', &(0x7f0000000340)='\xfd!-/}!^\x00', &(0x7f0000000380)='.%,$L\x93,+}{.\x00', &(0x7f00000003c0)='\\]\x00'], &(0x7f00000005c0)=[&(0x7f0000000440)='*\x00', &(0x7f0000000480)='.\\+&)}++\\\x00', &(0x7f00000004c0)='(&,((-)\x00', &(0x7f0000000500)='#!{#+,\x00', &(0x7f0000000540)='%,:\x00', &(0x7f0000000580)], 0x100)
setfsuid(r2)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r4=>0x0}, 0x1100)
setfsuid(r4)
setfsuid(r4)
faccessat(0xffffffffffffffff, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r5=>0xffffffffffffffff, @ANYBLOB="01000000000000002e2f66696d653000"])
openat(r5, &(0x7f0000000040)='./file0\x00', 0x424002, 0x1d0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x81)

03:47:16 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000000080))
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="02c8000a00060001005300"/23], 0xf)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
syz_emit_vhci(&(0x7f00000000c0)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:47:16 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xa, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:16 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)
membarrier(0x2, 0x0)

03:47:16 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0)
mmap$perf(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x10, r1, 0x400000000000)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1904.806521] Bluetooth: hci6: ACL packet for unknown connection handle 200
[ 1904.810296] No source specified
[ 1904.812934] Bluetooth: hci6: ACL packet for unknown connection handle 200
[ 1904.818591] No source specified
03:47:16 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)
membarrier(0x2, 0x0)

03:47:16 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='afs\x00', 0x1)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r1=>0x0}, &(0x7f0000000140)=0xc)
getpgrp(r1)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='afs\x00', &(0x7f00000000c0)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:47:16 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xb, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:16 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:16 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(0x0, 0x28)
rmdir(&(0x7f0000000380)='./file0\x00')

03:47:16 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
memfd_create(&(0x7f0000000040)='\a@$\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x88, 0x4, &(0x7f0000000000)=0x1)
fdatasync(0xffffffffffffffff)

[ 1905.045162] No source specified
03:47:16 executing program 7:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

[ 1905.060096] No source specified
03:47:26 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:47:26 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)
membarrier(0x2, 0x0)

03:47:26 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7fffffff, 0x100000000000, &(0x7f0000000040))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000001500)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000014c0)='\x80).$a]\x16\xa5\x90\xa5\x7f\xe0\xee\xfe=6].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r0, 0xc058671e, &(0x7f0000001380)={{'\x00', 0x1}, {0x8}, 0x10a, 0x0, 0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)="be34742ea06cbb571593a38defe6af53c14e7e6103769274906fd5d3a49b8dc558d094776d71813785daa7a309f844bb322e400e7cae9630e0de730ea349303f61f2bcf6df3e4952812c06a9213d59e36f441494d1bf1b69eff05668351de7720e533023c168d7ef0c886cb3f8a0c0e66ae9f17a94aaf1788a0a97662bbcefc9c8a9ea32add48e500a5cc4c0013b41a78e590590bd7ef62fa4455e7747f39aba3c8f018a551516025f3799719974e174558e70b36f15f2c79e631a4fcaff3a1b58a4ba8a4e98bb1bec382ce1fc6da21f9a22a4a03ac52ac7843501abcdf8988cd58a9e294c256592fc5d8658b4f1739a014e2911243b6d313f6930fb09f0d423c63c7ec4b95d59907cc3c10f3bd704114515431c224ae79c0d2d420a81eac702a7928c98583138de387caf92d458457d299736089266eacdb01ea586f0dbfe6f0471bef13dbf34703d82fd7fe6543f75b10513227fe9fe7a794f1341d0e1b4a11904724e9e6382bc7b26ba43bfd6ce4c5c2667e79477fa", 0x177, 0x0, &(0x7f0000000240)={0x2, 0x116, {0x0, 0xc, 0x23, "3bf7e1ea17809b6c75585251b958628a7d2ff23dfe6058ffc9c1579106637950816f0b", 0xe6, "5830d7fd0d8da270c6a2f9dde7403c561407bd452ca90f7f5961beae8277881512b961215c413c353d8e33e5ddd33ba62295046f5a11bac190e340d16c08a773388b76a85c60eb28c7dfabed8794b65bc7635ccada67413456baa493889f2fa701111202f91e6a4cb89934ae4535760558b569e12b51df568fd09ee2ba61dadad1c6d9c7e7126c5ecf8bd0e4cd0092583eef668bf25dc66f0bd144a586cb1589e7b614c0eb0c3d5cda5666768ab0ba36460d48964ac63052b1de76b0fdaa2633b38f3a41130e1cdd02287f3476f0976676c430d8132b50fa5fdf4c9b271cf19dd45916af7f8e"}, 0x1000, "d16682df6e2621f8932f319c5537c5605da293cade21ae33dd9fa2514bed5d3b28a1d234f1b41f04b8184b41edfde40aa5e38a6cec3a715f187cdfac51b515c278f922a5196b6902aabcaadaac66d9a360fa7efdae87be6e53f7235479b7d57bc2cc25e85fc50d3731b681a54ca1be6270ba7a652a169541b1dd7a5e291100b3cecb9c18e91710e2171703daa05c39ba16b7d44f07e9ef0053f17085ce647ec152fd72bd7cdd067b1496f1a04c1d13182bc7245db9579fbca46455f9884fe41f24fd44dfa7d4f427ae22244500543d3966cb2a893cc72f7ef0a467d8120e87408e88e388f513ed4355fd77d74e4151265eedf081dc087d30bea7fd0f108fdbe2cfb724cac4be52f9303a44e3609e3311c5ac64f1e3dfe413355363a2dad8354546b1e2097ce334d1b2c79d1dca9b019f0b0955744df5276ea21b9b08bd13b827c97bb2d6c812a158f490779290837d83009b3519860383ea9e1631032cfe203205eb77adefeb861fc752c0e5ab0bbd39f4134e95f3cfac666808b48f33ee128505699761a6666daa496e22a60739915a148c791e8f712d239c7838601cdc9176494a9db222439012955760ca9688260fa593cfdfc523513f078a3e4d003745dbf7d6b5abf170b3671f002e2f61ca843bd9c891cd7fd67cf638c1241d646aa0f5d39b796fbeb2cd87335a85932af26417102c6b9eead0edbe092ec55fe9ba9f20b22fd1bd826e60bb202532ef6dd7fee6b4135daa95d94839b044fa2ff09efb0e672c22eea19d162b217de9ae690b2be724bc61e0b4a216e861ed09b12be77803c78b3ecc64e55c9d33d3f3ae330e0e17061517d9f2baaf76b20a40f6201b584eea827aa340a8fc161ad0b3873bf25e7dd499b655cf9e1f63be69a30cd30946e5dbc6483f4912d3647fb44aa18c17f9b7688fd6849c17c68627281b735c1dfc09533731928af974d7df4752e4c6f57ff270c7474b39e1b1e309b9acda826c03e8dbca7b2ea5d35b82f589308befbf9ab695723cdfc287b16444995f5841617d530675e07ae58fb9930d3c9cc5799d25b7aca7ea8159aeb32078a4e054f7a8b3b71583eae77cf04c0255facf117cfdd2cae8d78c8b14222a0520761fbb3f51f622e4f9f2047f8900f75cd48afa842dd762d991b55fb6d01c06cf8956fcbdf14bb96f084457f3a2e56be5d8c457f27d0ed7f1b70d1ad4e1161a4430e2043d0ef0ddce2adfdc9745b4e0b0f6eea094542c1efb4e745d8225bc326a7d738d5f7038a42fb7a332390470d22b5c876ea7d4a851ee303a9635718176801abc07b5443fc2331a659f963e70ba179ebaabf7d9a0fda58951b8960de312ed114b7fe2e72785dde8753736bf007836ca9e58e53fa5f8fc295f6efd513ac38ba918647a02459f202dd4e2463031fad2673f6691d3bb92e0809470ec12b2560c469cb8a20b146e0149590dc4e9c04878d96f76dc1eb7584ae462b00bcd30538d9448d049c2d8caa19e837dfbc88949054fa58085c48dd0eb75c772dbfb8039b981f2ee652522aafd5300741283585061551d81ee21095ce6dba62e28e160ef9aab37ad12929ec007c2748f89359d3640772050db3cf5a5f02bd475b6e07f6524aa25de3e9062944b1d3d16fb9850deaf532cdc998b575d60909757d54fecd1bf340db35520d870dd2cfd9f7b910eb44974c9ef15c35b45d84bf3585946b422c55795dac650278b7f1f2c91619224fde3a19986724065fc1f943e45d55523bee2d9d672612c2480be4469a981d1b6b977d54ba47b73baad2ff6b170fa0db75923eedb9c838ddd0fc912131e6960ea929d5f2a63ae22fd8536489592ee76ccca0225b3f1e2e0079323c5130883664f25dcbe203890e4786d3ddd7e4604ac2ccee365a7e7e202179446cbf0ac02958f8e7555466b8c8adccf51e7d45922c5a4d1f441a91529a2d91ee0d1c3221f74e4b6ea69bcb3abe55d8698934e89b1b33abdac5f3260a2d25fda9ee33054ffb6d8db3aafa5aa0b15f23c26007cf3e7189f2067064fe9cde445c765a4e88bf9babbd2a9838c003063f8c927ea47d18091ab53e52c7806fe06a02a6fb8278b9d0d266418b3f7292ef36f23d9f47dafb61ec48e7b562ff9f6aae494b3c2c6774a46274f1b69487e47097d13b1f9da9e1a024736d333dd00e9ba36eec7949547ae6ac7cef7dd99d275248a82981bcaa92b4d73d7a4e8de0d4ad5a7db6dac7fcc52eeef0294a17d993088d803bd8334115abd29dacff4229a3ad583989b11c0c47636a7ff3523cb38bb9e94f714da3bddbfb5ec9bd4120ee976a0f9de19aaf49943e30e1daa64b88633e1fb23034381ceef4fc8714b3239067683affe241b1149523bfd400c52dfb8242fa34a4f65550c4f7ff0915d2c9e0acf2ec0ef8f26758e774068017585873e0ad6412ca30bd3116c5aa9557de1319f92ce24ff8c9c79d0061dc8ecca067c5443f4ac9156442ddd6c1d724b0f3e9236ba9187ba40160b794707fc74e1a733c8844e0745254b1a9cc73617e783281c9d9e1f795b40ae98562f29b791aa9c23f3c345000f39bbecef8e638c8d258cb85f229daf0aa1c5ad2c3b504b57793d6f514eb0d1c76fabf2552175add1dc6b13dec555089748262db6e21077a1b01a999d0df582b38f4c82bad12e8fcaed11bf4fc698ad5e0928f9a53da94789fbff75bc0b74253026ae3de2100fae10425d559b673a751fe9164b05353f75a52f6b6bc9eaeef1eddca36116f67e0ae0a5b43ac2ba3bc3e916401258a1de0d65e7a4972a95acfd11d6648098541c115d421f9ab1e1e3f521fd662ef385511194be3a95dc84ef55bc93db262b8441db754bfd671f27a2ce4a7587982c9444f9acfab5e89e4cacceadbabd0af391e727647a319001acc9166dea0dd613568209c16a10284c0196e9a145878019e8db7c9dbd23a322fa646f70c761478afcb4c8a5411db6e75292c088ff1f74644affdec6aea83666fc3244858936233c9c49c4c83a25e95ae84368ba9123c547b92a464ad58d1a825844e34a472494312499fc87a887e33473511a467ad4d224f2b181ec72da0cc092b34f92dca67a8fd1ff1242b1bff686233f3d32a21e28a5c35f1944995105a69e6e878cfe9c67d84d9d7e3f0470ecf5604f33d8c3511dd20d8d7ae277f58d0eca8e8a17bccbfec47b6239bbc1fba6cd93dc07f9647f341e424ec25cc6f7410b5f34ee7ad8a52478678181e8c72bb68b4ecaed1eb0cb93e8ac84d556d899c0b8cc0c9b5dd42f4c8233fae89de902709bd8eef5b978bd1e436e00d886a39cb0bb1b2596763ebf578736b0c747a43a77e716a6f6c6b5f53eb3a86f00d7e3d3547079da4c019f0b98bc6b4673c06ee170bbb4047869d0a3d2ea72b43148f157c2887a629ea9682979f47170bbf1e7f881dec758531c0534132294b127221361e606d2235cbc0c27000d753d09fa2ae22b5a70637abf3ecefc9c057ed0efaec59ebbdb2cd78659cfd40ab53a00ca5e33ef139b212116d981563906dc686c50c3c0b38d0eae3c01bcf75b7b551775e1edb29882efbeb0c5faae0ed42a727b1917960d0708fbf110af846a5db7f3f1c732c12bfa5121ca1d3abc1af77162269c01ed70c712b3035fc32335c7baeabcfa70c35564ca1e72c255c8a09e44582bbd83b4517fce0ff31fa7b0a4947f9496c1387835ab70e22a5165eadbc8122513450b599e8ae5f16b4d4e22d3f7a11cfb8dcc71a01c478806beaafe2aa493abeef1fee31c85cb716277a6b7296d7b759b5919a4c41f6403e330e94261d0ed0e78148b1b7b4237c81b7d4cbf10d75c566840ca49399893ac5bdc818c4b0d5304b7a26148278db5e804f5620a98e6ca470b15982086fe44e668a91e178d35fc85d55879b547577e6b683b6db27bd3036311f334f83404a8552811d3e1e90dfd418a4feeae444cd2829b57408a7f0de66d243b0f9dba4d453b9e10385548c977fc8d43cdd8609981dd2066841309b876b1669789f74dc0fbea77557c9530c3419c62b2877f8de4eee2db3dc0194402d70019276350472e87c7737254c5f3f357db5b8e0243d86999eabbcf76dd525d49faed3efb97a8687703a237e036ce57ccf7f5944d843eadb8a55c360a2c31248d3194f1629abb0b7b84ea2096ea252a4502193709d5bfeab5da42a2887079129834b3b38c72322139fd7d11bc006780d8343a3c943ac214e4944b67743ef89181137299121cfd2b051eb9a7c84d7d4c17123863d8209ae89ced4f92221388fef0ed6cced9587da0aa9a719d4e90462cfa267773da3bca576165615012e1562716f76b6d7a481ea8c691c16954dc8ffeded61be9d9cb79e625cb956ee4430a82c9425ac132e07481bb98b6a1bdbe1ae621e2022a573c845b6e38eb344cd81185dbb77d4f6420017da29fa7d5ebcfed6e75531931bd7158502a79d723f7be23abe749a38e502e3d298b6307f58b90d5c3c07097ef2b6c5fba1c7b62655a15fd884289f16657a2e909cb2a67b2ffabca767cb8ee17a5b41a891a6ea491d13b7ea5bfdcc451b03e8030cde02ca88d64398c38ab79bf0c2afc1713a44acb338ff7089cd3c107ae3457099ceb53f6659fe28b3c7005717c2fa1c89c68965f5ff2bbf9c2b36c52079c3ffeec801e38d584e3760d6902f8e9549bb469c618be5c5f68a383636641bc14d35d03bc41e3dc5deeaa2bce9accb5a2d6d391ca872474ecc35945e9ebb30960cabdcc8d75b385727807089f9ad4767a37f2ec24d3245338921d4a32d636228b412db09749bf1636e50ec766066bfda96cd3003ef7e85f6bdcd4db998f28cf77be9e8cc9890f783f889ba7748c7067b0c8bf06acc98c0995494b75270720e6792c5aa593d0dffb8bd93f25a43b79e5e586d7eba76828cb43ada27696df5268ede3a1518de1f957c42ed5811b6bc79588a81a1b88afa286dfc2828725e97556b593741bb5db2b0202e7c4ff92670f8cede10faff9225e2297c470bcd161670b383a1c4d86882c49841c01fbdbeb7527c786f5d92e23a7a94e967baac01c8e6b1c76d4b2e6d7d4bec3df40d8bd9ffa7c7e28b8f24f23b621d4ee70bd9d68ade9b2cedbf24a724f71f139da6c7d4dc4d3a44867ab1b2097c70e7068f5756e732df41ae28d5ec122b49a658d44c1a5b172ede3a29212e85ba06d5dfc0532d381b41c513364c1a84bc5ef69baabf68369f4485de46a21376e5382c251dd0235bf51db318357bd4e874b237b6a2e77515f5d6bd49b9291c81cb70c11b4f6a3f3a099e6622976937c53f7b9b122f68fc89dc3c13d0d1a28b1d8b77b6f151e24a9bbf5d2b1347d237e3b335ba382f21e1515e1b56fafef7e1a3641008b294df1f8bfb175f6ad3a16ab2109ed0d4128abe9071c25c2558bf1185967c82adcddc02d9bb4a8f854d506d7b00be2dace26247f29b968338979fdb20a63b5cb7c139ac44e2fd388c5a44545895604602be0c20ee4dd8a7a6b4489aad2412ceafb8ed8cf556013a234e7c954f51caa847ed1f76d58c8c8a984a8a61c1e811d3ee8f0aa0361c5464be75fd4f5c5b88e1789caa0ff88248af0e3feebe51c378848aea497aa8cc9be062a71dfd5bce0cb8acaf177d6ac3a88ce1da82ae1a1bfdd41c69c05ae73eb9e988533db50de529d1ad81afd0ef14906ba62686d7cdcbfd48e8cbc85b89715825fcad7a43829183f16168aab95106bbd91b8e047b087d17ca718a9fa3ffb8e0d101543bf5d15c21a3fb0cd896adda5384ce254a23f7765b79083d808fd51f4ffc713e36cea6f1e969eabf74887c2235dc213dc85a9"}, 0x1122})
r1 = creat(&(0x7f0000001400)='./file0\x00', 0x80)
ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000001440)={{0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x6, @multicast}, 0x24, {0x2, 0x4e23, @remote}, 'bond0\x00'})

03:47:26 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xfe80}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:26 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
getuid()
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:47:26 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x740e, &(0x7f00000000c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x5, &(0x7f0000000080)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:47:26 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:26 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x10, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1914.473173] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[ 1914.485115] No source specified
[ 1914.491525] No source specified
03:47:26 executing program 3:
ioctl$AUTOFS_IOC_EXPIRE_MULTI(0xffffffffffffffff, 0x40049366, &(0x7f0000000080)=0x1)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x400)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$BTRFS_IOC_DEFAULT_SUBVOL(0xffffffffffffffff, 0x40089413, &(0x7f0000000100)=0x3)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:26 executing program 5:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r1=>0x0})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000100)={0x34, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x4}]}]}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x34}}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:47:26 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x300, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:26 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x40a85323, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xb, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000001c0)={0x0, 0xffffffffffffffe1, 0x3, 0x1})

03:47:26 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)

03:47:26 executing program 7:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

[ 1914.680430] No source specified
[ 1914.685389] No source specified
03:47:26 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
getgroups(0xa, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0xee01, 0xee01, 0xffffffffffffffff, <r1=>0xee00, 0xee00, 0xee00, 0xffffffffffffffff])
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
stat(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r7 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r8=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r6, 0xee00, r8)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000180)={{}, {0x1, 0x1}, [{0x2, 0x4, 0xee00}, {0x2, 0x3, r0}], {0x4, 0x2}, [{0x8, 0x6, r1}, {0x8, 0x4, r4}, {0x8, 0x0, r5}, {0x8, 0x6, r8}, {0x8, 0x0, 0xee01}, {0x8, 0x0, 0xee01}, {0x8, 0x0, 0xffffffffffffffff}, {0x8, 0x4, 0xee01}, {0x8, 0x6, 0xee00}], {0x10, 0x4}, {0x20, 0x6}}, 0x7c, 0x3)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(0xffffffffffffffff, 0xc0189378, &(0x7f0000000000)={{0x1, 0x1, 0x18}, './file0\x00'})

03:47:26 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
faccessat(r1, 0x0, 0x0)

03:47:26 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='mand\x00', 0x0, 0x0)

03:47:26 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)

03:47:26 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x500, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1914.877899] No source specified
[ 1914.881341] No source specified
03:47:37 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x40a85323, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xb, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000001c0)={0x0, 0xffffffffffffffe1, 0x3, 0x1})

03:47:37 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xfec0}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)

03:47:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)

03:47:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20000000000, 0x0, &(0x7f0000001b00)=0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8008, 0x0, &(0x7f0000000080)=0xfd)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x1c, r1, 0x5, 0x0, 0x0, {{0x7}, {@val={0x8, 0x3, r2}, @void}}}, 0x1c}}, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x7, &(0x7f0000000140)=0x1)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f00000001c0)='mand\x00', 0x0, 0x0)
fsetxattr$security_selinux(r3, &(0x7f00000000c0), &(0x7f0000000100)='system_u:object_r:getty_log_t:s0\x00', 0x21, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1ff, 0x100, &(0x7f0000000180))
lseek(r0, 0x400, 0x3)

03:47:37 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
fchown(0xffffffffffffffff, r0, r1)

03:47:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
umount2(&(0x7f0000000000)='./file0\x00', 0xa)
fdatasync(0xffffffffffffffff)

03:47:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x600, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1925.769603] No source specified
[ 1925.770372] No source specified
03:47:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)

03:47:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x700, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)

03:47:37 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fdatasync(r0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
ioctl$FS_IOC_READ_VERITY_METADATA(r0, 0xc0286687, &(0x7f0000000000)={0x2, 0x4, 0x81, &(0x7f0000000140)=""/129})
read(r1, 0x0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000080), 0x1, 0x20000)
r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x490200, 0x0)
ioctl$BTRFS_IOC_SYNC(r3, 0x9408, 0x0)
write$eventfd(r2, &(0x7f0000000200), 0x8)
read(r1, &(0x7f0000000280)=""/28, 0x1c)
fsmount(r1, 0x1, 0x76)

03:47:37 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r1=>0xffffffffffffffff, @ANYBLOB="00000000000000002e2f66696c6530006bee4d00aa95b0042cdca40430969e154e6e948d1f04b9ad9bb48a4cbf134de5cc85e4daa00c4149fedc8d7693be22500bf39432e6810378fb6a865e33398c1e7eca982745cef3bdaf22bee1c673ed8b65d3b8cfea16"])
fstat(r1, &(0x7f0000000040))
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='ocfs2_dlmfs\x00', 0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='lazytime\x00', 0x0, 0x0)

[ 1926.015295] No source specified
[ 1926.025910] No source specified
03:47:37 executing program 6:
perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_QUERY_SUBS(r0, 0x40a85323, &(0x7f0000000040))
r1 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0xb, 0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff}, 0x0, 0x0, 0xffffffffffffffff, 0x2)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r2, 0x0, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r2, 0x2405, r3)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r1, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000001c0)={0x0, 0xffffffffffffffe1, 0x3, 0x1})

03:47:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0xff00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

03:47:47 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)
membarrier(0x1, 0x0)

03:47:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x900, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
r1 = signalfd(0xffffffffffffffff, &(0x7f0000000000)={[0xffff]}, 0x8)
openat(r1, &(0x7f0000000040)='./file0\x00', 0x24000, 0xa2803b1f7c28d5d5)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:47 executing program 5:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = getpgid(0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r3 = syz_open_pts(0xffffffffffffffff, 0x4040)
pwritev2(r3, &(0x7f00000002c0)=[{&(0x7f0000000200)="d445796a31810d22370aa00b3872e8a7da96f95af3a69e5094068e6fd7e875deeec9a54688e0e6ea119ba9b30cd3ce384673300e8a805ebfdfbce4774a1634ab774125be4862d56a282c47ac30e6453c15e601e7843a839a80fbc440a31ab5092c86268c3de14015995a3559ce982437cffeba3ceca012639c951c979899ae8f61ea475876400b8bd02dbc84a10196ebc8b4c66b39d9f638dd", 0x99}], 0x1, 0xfffffffa, 0x401, 0xa)
r4 = syz_open_procfs(r1, &(0x7f0000000080)='loginuid\x00')
write$binfmt_misc(r4, &(0x7f0000000100)={'syz0', "69761c4e04e2105475b487f927ee43265d3a0a08064b03b9a3476878868d484c1a9be965b2390c4cc854455be61a4e0232418f386f9f8da2f2755de6c8f96a8973a2de04b361ecb21c4dec8cc49cb9f1d786e91adab6827e7db498cf76f81e0f9006aa1e774109e5d4b2481e2bf9875506fa3296574fcb295a22b50aa49d47294f3868641afbe4d9fc4c3844cd14fd0944e20d0bb4345081f6515edb2e98a757e3b2b6db3d82ea4fe496aa2494be91b3602ffc51be47f22c6a5030a76484d4646fe805f2ab127f2a53f33dcc7f7cb755f284a1ff055b98f8e46a"}, 0xde)

03:47:47 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
r2 = syz_open_dev$vcsa(&(0x7f0000000100), 0x9, 0x125040)
ioctl$EXT4_IOC_GROUP_EXTEND(r2, 0x40086607, &(0x7f00000001c0)=0xffffffff80000000)
r3 = fsmount(r1, 0x0, 0x7b)
r4 = fork()
fcntl$setown(r3, 0x8, r4)
fsetxattr$trusted_overlay_redirect(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x8, 0x2)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)

03:47:47 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
socketpair(0x26, 0x6, 0x99, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8001, 0x3dcde656, &(0x7f0000000100)=0x1)
pipe2(&(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
r2 = perf_event_open(&(0x7f0000000080)={0x2, 0x80, 0x9c, 0x0, 0xff, 0x7, 0x0, 0x9, 0x22400, 0xc, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x81, 0x6, @perf_bp={&(0x7f0000000040), 0x6}, 0x6184, 0x3, 0x80000000, 0x8, 0x3, 0x7f, 0x0, 0x0, 0x8d74, 0x0, 0x80000000}, 0xffffffffffffffff, 0xe, 0xffffffffffffffff, 0x1)
r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_CHANNEL(r3, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000080)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r4, @ANYRES16, @ANYRES32=0x0, @ANYBLOB="1d00060005"], 0x30}}, 0x0)
syz_genetlink_get_family_id$nl802154(&(0x7f00000004c0), r3)
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
r6 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r6, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r6, 0x0, 0x0)
ioctl$F2FS_IOC_WRITE_CHECKPOINT(r6, 0xf507, 0x0)
write$tcp_congestion(r5, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(r1, 0xc0189372, &(0x7f00000001c0)={{0x1, 0x1, 0x18, <r7=>r0, {0x3f}}, './file0\x00'})
r8 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r8, 0x0, 0x0)
sendmsg$NBD_CMD_RECONFIGURE(r3, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x5c, 0x0, 0x8, 0x70bd2c, 0x25dfdbff, {}, [@NBD_ATTR_CLIENT_FLAGS={0xc, 0x6, 0x1}, @NBD_ATTR_SOCKETS={0x3c, 0x7, 0x0, 0x1, [{0x8, 0x1, r0}, {0x8, 0x1, r5}, {0x8, 0x1, r1}, {0x8, 0x1, r1}, {0x8, 0x1, r7}, {0x8, 0x1, r8}, {0x8, 0x1, r0}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x24042000}, 0x4044800)
fdatasync(r2)

[ 1935.734009] No source specified
[ 1935.737440] No source specified
03:47:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xa00, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)

03:47:47 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x80)
msgget(0x0, 0x8)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
fdatasync(0xffffffffffffffff)

03:47:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 1935.842256] No source specified
[ 1935.846160] No source specified
03:47:47 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fdatasync(r0)

03:47:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xb00, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1935.966884] No source specified
[ 1935.977690] No source specified
03:47:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:47:57 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:47:57 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)

03:47:57 executing program 3:
write$P9_RREADDIR(0xffffffffffffffff, &(0x7f0000000100)=ANY=[@ANYBLOB="49000000290100ff06000000030000000100000000000000cd8f0000400000000407002e2f66696c65300003000000030000000000000040000000000000003f07002e2f66696c6530388f4d53f9378e700326efcf5b912a19ec9cf1aa7d1f274a999421365b710f85d32911fefc93189d716dbee4e1c825a51b5d4b4a763319075c8db1a7fe9e10924244238317a12b45f8ffbbf4dd7d7cf64b1f68deb4472b59e617dfefedbd6d65804daf67fe21f2b11f271d347f59d80cb5126a3de670"], 0x49)
open$dir(&(0x7f0000000000)='./file0\x00', 0x202, 0x24)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
setfsuid(r1)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:47:57 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000001, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
sendfile(r0, r1, &(0x7f0000000040)=0x7fff, 0x40)
memfd_secret(0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400000100000001, 0x1ff, &(0x7f0000000080))

03:47:57 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)

03:47:57 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r2=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, 0x0, 0xee00, r2)
r3 = fcntl$getown(r0, 0x9)
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004b00)=[{{&(0x7f00000025c0)=@abs, 0x6e, &(0x7f0000003640)=[{&(0x7f0000002640)=""/4096, 0x1000}], 0x1}}, {{&(0x7f0000003680)=@abs, 0x6e, &(0x7f0000003b40)=[{&(0x7f0000003700)=""/254, 0xfe}, {&(0x7f0000003800)=""/58, 0x3a}, {&(0x7f0000003840)=""/243, 0xf3}, {&(0x7f0000003940)=""/236, 0xec}, {&(0x7f0000003a40)=""/220, 0xdc}], 0x5, &(0x7f0000003bc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f0000003c40)=@abs, 0x6e, &(0x7f0000003fc0)=[{&(0x7f0000003cc0)=""/10, 0xa}, {&(0x7f0000003d00)=""/149, 0x95}, {&(0x7f0000003dc0)=""/177, 0xb1}, {&(0x7f0000003e80)=""/100, 0x64}, {&(0x7f0000003f00)=""/153, 0x99}], 0x5, &(0x7f0000004040)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}, {{&(0x7f00000040c0)=@abs, 0x6e, &(0x7f0000004640)=[{&(0x7f0000004140)=""/56, 0x38}, {&(0x7f0000004180)=""/166, 0xa6}, {&(0x7f0000004240)=""/226, 0xe2}, {&(0x7f0000004340)=""/248, 0xf8}, {&(0x7f0000004440)=""/198, 0xc6}, {&(0x7f0000004540)=""/64, 0x40}, {&(0x7f0000004580)=""/176, 0xb0}], 0x7, &(0x7f00000046c0)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}}, {{0x0, 0x0, &(0x7f0000004980)=[{&(0x7f00000047c0)=""/124, 0x7c}, {&(0x7f0000004840)=""/114, 0x72}, {&(0x7f00000048c0)=""/148, 0x94}], 0x3}}, {{&(0x7f00000049c0)=@abs, 0x6e, &(0x7f0000004a80)=[{&(0x7f0000004a40)=""/49, 0x31}], 0x1, &(0x7f0000004ac0)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r4=>0x0}}}], 0x40}}], 0x6, 0x20014180, &(0x7f0000004c80)={0x0, 0x3938700})
r5 = syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000004cc0)='ns/uts\x00')
r6 = accept(0xffffffffffffffff, &(0x7f0000004d00)=@sco={0x1f, @fixed}, &(0x7f0000004d80)=0x80)
r7 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000004dc0), 0x10000, 0x0)
r8 = accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000004e00)={0x1f, 0x0, @fixed}, &(0x7f0000004e40)=0xe, 0x80800)
r9 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r9, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r9, 0x0, 0x0)
r10 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000004e80), 0x40, 0x0)
r11 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r11, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r11, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000006140)=[{{&(0x7f0000000080)=@abs={0x0, 0x0, 0x4e23}, 0x6e, &(0x7f00000002c0)=[{&(0x7f0000000100)="bea96e91477981e90a0d70ebac83e2686642a9c59898ac22b5675a0b569517c6", 0x20}, {&(0x7f0000000140)="ce83babfc5c409eae0c23561cad1894c83ef5c780ab9ad2c8d826ffd5aee9510d6278e38a49923b35f8215230e95da0c4242ee6262c861bf13d7f3421487a475c2894e7896ff671261439239e8f53df1c0b9e644eefb7e46337e039aed7b33ff870af8c12920dc87911891eb02abb92a333ba3f5feeb177e9b6fe5c4bab9369833a87aeaf84df0600429d9f347d2bd2c4ab25c4351a0915576b39af17cbb27c73f", 0xa1}, {&(0x7f0000000200)="a4580e53ad5af766ad6f1835ad51ab8621006e560075260a8636d3dcf1f0658bda8a7abb08a6548ce231a41a47d9dd13531ab5a3082e313830d2eb8cba43185a7f474d115d7c9873f33eca275cdc35c8c465274e1581c0bfced090df0e9362b54e0894b8f6acb6fe7d317f3de1b089413fdb4c369b1a0997f8709d2c752f7109fc73369b26a9190912b24cc4dcb17ab21102dfe24cb1c35199", 0x99}], 0x3, &(0x7f0000001b40)=[@cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, 0xee01}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xffffffffffffffff, 0xee01}}}, @rights={{0x28, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, r0, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}], 0xb8, 0x30cdadbedc5d2be2}}, {{&(0x7f0000001a80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001e00)=[{&(0x7f0000001c00)="aaa5673abd45d327fc1eea5df4ed0c4e5c7c4b1ed5e36ae51d61d898e7876ad61843024c6177602fc9c9f9b573a032d16031d5aa02f8d23af3eea559b4c58fca34892bea82b85edfcf9dda5965c4b4a667229733fb5b30fcf29f51497f06a21c1c74601f33b447d9d1b182af03ab2e80cc6def9e3edd4efdff30e4b770ab756ffbd33663af1ddd54daa0cdb44fd42ea877cb51c2264e6fc12f79c1e166b98e0de678b4abcc2122858559feeb4d0524f03bf9c78af8157a325e751eb225fee8d12cb98938978121bef36339d360a9ea12584fa456e10baa406c11f49a520cfa798bdd050270de0687dea4014f57344083ac66bad2e05d62", 0xf7}, {&(0x7f0000001d00)="3fe2f608edbf8fd181c7156ab405c1d9a45aa0b0fd74610c6e6f6db4b42130a00d919fef0f7b548c80217248a529303299217a41ac93a901de40dd00fbe7ae07af430672ff6914a206522e501a4693026e164229a6f4fa7c8addedec63c749a24a3c60c4c4d7f84a2e6f676f01f6e7634fa3f2cb9f99dcb9a04d7305c0ceb7b1158f8f31b40d44ebfcc765cb0b7db29116ee95b677d097952b9a099473956256a88b44720f4b7aae791e014ddba5c40896ebc900db22fb6bb3ca18f42ccae7d21554d5fb1aa023d7418b475a680a33b44f4c77d21da441ab", 0xd8}], 0x2, &(0x7f0000002000)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, r0, r0, r0, r0, r0, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, 0xee00, 0xffffffffffffffff}}}, @rights={{0x1c, 0x1, 0x1, [r0, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0xee01, 0xee01}}}, @rights={{0x20, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r0]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, r0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xf8, 0x40800}}, {{&(0x7f0000002100)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f00000023c0)=[{&(0x7f0000002180)="d661548f3a3719fe65dc86dc1d71b762f4bff027fc19746ba4f8cb2ce38f3a0c7d05ab7af8a36ddff5da98352291c27e8934a0f5b4b04ffb72c5f6ce87ba66c4df7a869b9f698060bd2a1e84df1cf6831dc49320de4ab6c6af33dda68435c2ca", 0x60}, {&(0x7f0000002200)="56e863250cad0ef2d14ca3952aeb3dfc558f33f38a1faa7b0783e6d9ffeaf88d1ab11da0f6386dce60f8a0365f38ead3cc6013f88fe459aea2f999db9ff306c64a275169c83469e8f7e2563517a6f6fda75434d0590591f6d436262387f9bf8de42cdbe2d0dbcefbf27c6e19dd7f007d1a6a5a953d2be5673c3e99ff519f9ff648cc7ff0daaa455d43", 0x89}, {&(0x7f00000022c0)="549b382ef040abe539e73a5b49c8f35df5c286e87e077bb6b50fa9d42cd22253c4ce298e6fa0cb4e6105afa1c03db4839f6356b45e2fbcfe6912cba1a0e4fbcf4061c3977d1c0140a62f85133fd015d8f52e3fc78788a137b4e1863d1caf5cd4a71f88a0c0e0da76318f6e0693f6bb75576215eb23593808b2e2c245f96ee2a19af41d3f224b1a1ef6c77ad36f635d6a78a43457f21d28b874d1656b8be203617fa6ccb03ae39d4f8bc2f27b7fadd1a4d35a11c17b54e36fe399c67230058f322082bc043a6f8f9cbe9e4a003cb391", 0xcf}], 0x3, &(0x7f0000004ec0)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [r0, 0xffffffffffffffff, r0, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c, 0x1, 0x2, {0x0, 0x0, r2}}}, @cred={{0x1c, 0x1, 0x2, {r3, r4, 0xffffffffffffffff}}}, @rights={{0x38, 0x1, 0x1, [r5, r6, r7, r0, r0, r0, r0, r0, r0, r8]}}, @rights={{0x14, 0x1, 0x1, [r9]}}, @rights={{0x1c, 0x1, 0x1, [r10, r0, r11]}}], 0x110, 0x1}}, {{&(0x7f0000005000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000006100)=[{&(0x7f0000005080)="4133a66d5802bfe2fb41685440d4191a529f33eca8a506437ed99f86cc97caa3ea9d45e8b9b8d70617c1c7e3235706483cfed66420fe34060b4abe4568705d93d1ab1d05783a9e15cc663fb4900c11fb4dae8153ab352acc52d678180d5d31ac77ecc066f780086a69df21170b92953509de77baf12b5b9c0a150419e9e55536bfae862cf6212f68cc444bbcd4c54430abaa915fc0afc2324d54658de6808de8eb0667370e6a5c1965760f7ca414fecc153e739fd551336fe6d28e9f7c46181e02f2a60d32f491915c58802c74cc1b02e47fad42da2b24ac1c44ad9d3578e66156f3721bf76f7b842882bc6afc9b6047c67fdcd874739a9bbab7f87475aaa8e934ef33b343ad61e547abdbd652cf771658a48c24804e9b028a8213957646b7068bb53237fd2afb4d2f1ac9125cd95739fbf659119cfac25ebb51f593ad0d1a6b201cf2c87d69bcf059ceff83e9e4e2a0403e72e435555af6961e0af5d8bfd07c3b6d09070313567c8fdefc8296a441dd716ead5c15a1cd134902d982b49f676aaa7261b04b27cc4c5870f47c439929e95ed5cabb181eac488805cbdeb566a17ffe4c58cb150e00f7d2f45b1f85bb2a25a56c69d903ce529cbd5a605c43646463a58ba884ee4936cf7f1132b7b6dd3fe6f17aa22b3f4d310c010761a0efc2a1e759d7d18c21d270971724ba6ea3ce4f421c60a6be574f8668733a918ddd2c050f15090cead27c322a627db1c8f0d8ff6580c9e353fe2ed5df4edbf8a61738de9a7f7a2d2b86332b0f103390855d91edcdb06ab93b3f14a3e5eb0deb17cc39660ccef72da4c57f0a48d3143420df0b08f5603ee8307b9142a5c33b31ecce9d6924d3e7accae6f4385638fe734acaf2da231b6f5ab2ac0957d5562e64c91a61482c7ab6566614eca8e4d411e5fddabae7a46981d781ae802dd89717b65deda12dfa947bdb43f5b73479aec8ba5cebc762ef2d809f030140db53cd4a0d687db667a21266d260590c39bb7cdf716befd8996d411d4699af49e641e5832a1b9c0b13ff9577a6984c6fb5fe504dc3356533f24d91ea36923ce405beec7cb2a0ef30b73a498497b429b469ecdf82b735a1dcf91a4d89a9e13b05eb18fdf11c2e0e09f6025726d6154890c03138cf086d72323ac3192cbd0856aae04853bed0c5fe43f244c02285b1aabb99cc68a877e8b22c802d8caad0a1185f1ac4ffcc88aaca87f43ce493f12bdedd7789509e1284bb45b4c1c8600c2c1882f6c2d84c94e99081f865d94ea757dca85787f01f41c1a2719a4423d3c8f360d74b6336caa4930af42608c15b4a54eb6b7087a6979b9f41cf416d39065f109850adcb98b8be931bbc449d5d3787a21757bc6b31cacca40dbf93d910bfc3e802261f83bd5561260b564344e0a3cd92c17c963fb2d9006eb5c5f572d45f32bfb7f9b73e031c2b799c07b3f19aeab64ca13cdbd7b2489c385c19565ca7b25d9b837b5026463fdffb9a063f9fa6f60d972b72d56a292fa8d30b4ef0e77cfa521662799cc139996ff72f1419949aebb9dedac742f86d0e2c73934e850ea466e0dd0031230c07f9355515b73b96369895a21d4a8a7d42b0947982caec7405c8e6f05ab3bdc565494429bc99e0333bf58b9260449106f668d1f17a7e4ea9cf9289e66c808d4394dc360efa097d693b50788e726a1f1e786beb839e13ea8746a98cc6e62e1033c2d883693dabf31554e5d14604d1a7e6ca0b038885f5df5f0cb7e934ac6f2d13999593e60556ec0d906726d8d5aa0bf495a2523be1f3fbacc6b7247b12ee542d566837ed10e3c08aedb0a22876ec726607be781740fef7e17139edb78c7c90a922bfb11aeec4bc68c37a13b6a7bd36cc06b7abcfd3347481bced8fbde011b3baee544b44df1f4d855f23939e851878ed0ffdcfd52b2162ab7fd17ef5c2e0852e751faf1ba34a89ce923b1b0991691e038fbe2fd7310ed1891fdf7ad0a80962876e5fdfa38378cc449bdbdd2e801ae5f5946db6b65cf75cfa60f8fde23c418ce4c4c62ed0356dc30fcc554334a2054cf5eb0bc4e83b7b360a130cf290ee8d2f1eea0015b50b924fcf1a37d46aa35db760d1d55c3eaff16cbb756012e9c8fb947f335ef4940a7e5ab9aeb30ec5dc04f71d32db563658a09a10e1595b86af200e42bf3a355d3007fbbc08100c10e78276fbc4f10779bc5150fa904dc03b7824b70a1fc65194d3849b5418f8dc050f49e7c173ee64beda819ecc27866315ddc740f32268deb626167954248a7f503a76506594eec2010ad49222e591e24b973c577c093a766bdcdf12fc95351e20329eb7387711580b35f9a73081efd69f85e29064426fb9c9dd71ad787f2d77a5427d738bb61732eaf27460493eedf140a81cdc1e8f0465e5cb768bf7e619d7d8aa7e39f9f3f139c11ebb7b6776ac324366c61253ee2160d9a077116ca2a9af10da780b71cf7f7a977ff807559701272f1d61231da916ff18d88f25a8b101f3722e59028ae805506f1359282a4b389a7b4569478bf969e9503fd509d66059e7cdf1ce3f86adaabed4701a8f426594d6f33ef7b539d3475b4424b067a5df6293c50d200a8115224ed78ab3e4a80c022d88753c5c815607d56914c68f2f334d5e38c0e8bcd69674a3bfa921c33f0c4906923f8fa4a6cdcbdcd3e4cb5f7fd388b958370aa35e3a8252b669d4c0843583edab9dc247d9f8282c46cff1616aab95a67e5cbbae961cee3f8dfd51f36a650feb57b6f63862e0025b110a40fabf6cd28c77592109eb1b5ed990072d220ac9650e9ab830adae19a20cdc0ca78a0ea292b6c4ad84c9a2121df892e87200314c1d7958193c007ad1ae23fd104c3da2317530a84a0257b88a60cd5c10348a86a1aee42fb4bb3ec75017d586dcd669f47f8f6d3d80925f3397be5224cc75df1de253ead55b21ed2987c260c966c0e9a97a3afe7a51f557870e2f850a36916bdc06f14b5cc1a1a03de00ab75956e46c925c1bc8098c6c5a8f5cac3d2e0aaed671888ed40d59ce2b7c10ccd2d3c7a5ddcc501859ed14b58a6898d544992535c5efcd93c3327def15c2248c17253b0428d97d1188fdf58483bbc85ce607c86dbd89f00eab83459dafd0fefaa465a476a617f4e55f25ce075ccc50a30366e69c62df514f1d24b3b09d132692c9b6701a29b740e78540386f6824c071ad42d6b3d80bfe79313ca63de80c11cce7d60395ea805ec3c2bcd68dc8b7910399157171957c9023b6d9c52621e6bcf04598d29b2c709f79878eaeedb431b88ad9f341583ddfa1b2d2d30392e64e54f898f29bdde282c69263c44e6793bca9015adfc26d1581aba1691cdc7413019d0d485e9a5c391cdef9647ab5c32c88423179cab37e0fb7cbf7960e73d4f753f846fd7c04138437cb705cc6dc9854d826cea042ee56e74260270b97e4caee5eb0f41a68498cdaa5516159d15287712be57364a1d81fad34dbaa9afe395206d9c29ec6fbcd579cf1d74e466b6c02734645a2b94e8668b6b261fa779eb472ae2a982d76e832451c35670ba8542e560ed8967849328a309e5e3b2e9322038049604decb87d33381e83a1a4f78ef754d305fa5159e428f6ff4f904a1b79b30eefa8b9ed15a4556b30024e1d9a0ffacf123c4495804dc5f4a6f5d5ae133fbe5c9bced3c567e59bcb66e07158778057cc34f96c4d8a80649c0e2e9f40ea7c004ee1646accff6a2cff1047f6db4ab31e332c9d616a6a589324e2dbcbc2291835f38b7d9f18b856a11c728f47383416a0d3078f114b6bc9f1e431678ab546b8e7c9c2db9b86970703d8ff617c5fa15c8d3c51fc8d36fe50fab569e1979dbd1b72f2c551359ccdba8644b20950a4b4276a93e16386ffccd0aaa4c92580ac5c9f3a977e8312177680f3643406cbbae78b543fdb46ffddc69b1df835eac92b3e254443193365ae9d8437b20a1c70c42b88a7863b12bc34f380eaf1c20e914c273d2ca725d1ff9fb6fe5bce0ef434ef70e9800fdb404bbd53fc41b84b82516b414dbf98e338cf0d4bf167eeace7dd5aef4caf26815b4080083d9973d76459a3941dbd40d846c553238e164f1d6df262fdc009c905726704e171dbc27ba16aacb40fda3f1ae88da7023cf4bf9481555250d805ea254307780bf9aedffb14421a0b37a887215b87aa3e06a7d366f8f9ed79941f7a856bddf66659741959aa03e67b7ed1a03def0ad69498ad34d247dafb1872df9f7b0883af67803995fc7e00e6b228fb62e7daaa847cd0e42fdc9495dc7238378e70a551b35a64d6daa6942ed652cb55429d8b3a19461027f89d874b23fd90adb56ffea6c94f76a4e4e7e6c60ac265daad60feb0822fc1d887e3995dd8b7933f9fed6b73b9ed3d6612816feeab8e245c2e39736dc1a586425deeb38df9c070a4ce7079b1183fd621064de715707cf2ccf987ce48f9fe3c76b8f6780851328c729045d3971f384c84169eadb80ddcb0cef871bf5f7da837dd0cc4c9be04bbaedeec7c5e7e0ef4c8319bb56a2f68920f34a1b9f9096e5ea7c515bf6d6cb99a6303dd808da9112aa2a3b6020638e46a7ae300def037dc60935885604f864d9999b1fd3e9f59742f27bc8f0f9e0904144d666a1c1b213b05089cac2543b634fc53fb02f1f925154d6eb415966749dc955a02f96a0c2ce9ba5d3cd63c23f3cf33df07a73f2bc1396a40c690d93425083f6f837206a49a7384d5ba57ed378a7b312cf8bc11e6fe7d53da66a1ad6345ba77f12abe230082ea39e1a19a194c2ad537e26438753850345dc27e7748b8dfcc1f04b3be02d5274f9d77892c22bdab40f92379080b43023c79e82d38c688c4308f5e33976245734e1d941b930ad39d28f75dc0aa38bd7cb379e9ef288f1635ff527b46c1254b6ccaff5cb7de8293c51eb54135b6fdf97911acf81a9d79191100d657a4dc2346e0cda040f2c024f46936a47343e97346f5194d3c55d426cafb3a5d73d9cbe6cc475cb124e6511164f15adc1a378cae23942c35b4e897c0675dc26ba5da1d5e78a3631bf5421b0d9055c370b4d48865470292432f7796813f096e4e047f45964a0155d1177498d8b4303d7b1e0fff7b8a5402f4bd6bb7d5ed1e3ca32c8fe096bb6b7a4d370943364240b8f3af809b6375b4dd4e10bc482f47237ca08c2501c3b052974584ba1bff93dbdc5cccba22bca89e77c5415b7012e9c76ea6d4d1d906bbc632fd527011d124607cc3cefd2103d6fe618b84a69c03f87f2b4d548bf91ea67f2239bb47dedc1d10f66ff74ab73bd764aca0216204c697044211813abd8445f2784d22b01116826b438c48e7e9b0bb6519192557916edc0245e6736cb5a9d2c39d512b481a9de5ceb7e93c60552a65db3c25e3bf9cbc41cd836a11bcf085b892f3d3fbc9a8052c20f7266f825aab078acd06bfab44224675bf3d54b5b3789d2462269cb4d7e5078da308ff02bee5f0bf317d8ea68436e2b8458ae2892b1a9cc55a0b906a90fb8c221a8f9f2f80d9bcd0b8e8024da0aa801ed512f5a9eba78f5f6f3b8be6f86c2217565ba834652d85e9bcd70b159450249c1b4ce03ec1c7561c234c809948a89d64f99a9f90e2c00438190c64f41d7417ded86eee8d212286c038422d1ebfe92dceb60eb18c01326edadce4b7338f96bbe92ffb23b54c8c63260123294e85c272d8fd668a8a450087816c607b5a779adbb2faa1c0e04a2f230983ad34b861640b04f9a3a71da47225853d864153d831d3e4203330fd85a1962fdb98dcc2412f816082c49fc7b9eaffc93eebee9943c1162df74fca4ca6a18cd42a0ef880cf388b", 0x1000}, {&(0x7f0000006080)="813e28f96db6729f7b70dba1e142ea16e1cbe88a2c4c715564dfb8e8273c9560c26e374eafc9fb0ef3282af8584f8ebf6abd8d", 0x33}, {&(0x7f00000060c0)="ecae2a1d5b30ff438f8ae67d0e33a922a29eb22168377591655bdbeecaaf2fdb", 0x20}], 0x3, 0x0, 0x0, 0x20004040}}], 0x4, 0x8005)

03:47:57 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xf18, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1946.122480] No source specified
[ 1946.132750] No source specified
[ 1946.136537] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
03:47:58 executing program 2:
membarrier(0x2, 0x0)

03:47:58 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)

03:47:58 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x1020, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:47:58 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x43000, &(0x7f0000000100)={'trans=tcp,', {'port', 0x3d, 0x4e22}, 0x2c, {[{@nodevmap}, {@version_9p2000}], [{@euid_gt={'euid>', r0}}, {@measure}]}})
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
r2 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
add_key$user(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x3}, &(0x7f0000000200)="2ab9b6a62fe93ad6a2ffc8663dca59f307bf8a9764f6d18496deb0657b64e746559cb3a1eecf9009ea1667a05f571d53deb3a7f06bf5939accb9ddbd824606d636314a2b5ed5a38d391782e497a1587b7e60e8e413a5985ebc4a5d3c2dac90d4226e23efd93c51c3fcbf3c4dde36a2a9917dd0ea416066b762a510ec56b079eceb507a61f719f1ac9b9dd2a389565d9b9ca628581015721d184ad2ef36d7854c9a8d8a41991d3063b447b1d13c87e928afada0a2310a487d80da37fc8ac3e408c8", 0xc1, 0xfffffffffffffffb)
faccessat(0xffffffffffffffff, 0x0, 0x0)
add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x3}, 0x0, 0x0, r2)

03:47:58 executing program 4:
r0 = syz_mount_image$nfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x7, 0x7, &(0x7f0000001340)=[{&(0x7f0000000080)="59aa8e8982a7fc8070bcda182abf1626d1ec0e5d8dab7e60116c7869fc5d16619f948a1163bd21d86477b3d2a1e5870f10d72c382a8f263613a5c1f1a6ca0c2a5878a0bce7c6aa29e26e5492d4603332bfe06ab6186852528226f138ff9ad184a7c9c714a0d6312c650112ef7293e2ae22bec293b403b5bffa2a4df01a11a600c36993ebc5f3e0d7127c1ec9f9c084c8f134777573caeb3dcba16f95ff51ad17b0ba54edb61d8824f9f3d8edab025b3170ae4826ef63a9189652e186377b5509bf09ac9931185fc745fa68c25c60bc5969521327e4ee968578f9c4472830", 0xde}, {&(0x7f0000000180)="4c5452b7a781723f5821558a28b26519b2c714a7fcff4d89c9edee5958fa2372dea1c443430f42a8610f5e792ccfc26c", 0x30, 0x9}, {&(0x7f00000001c0)="2337c410b639bfda1a75f34e0817a39ee7f07f48251661becfa4d48154162dab73489db629c7d1adf5585c453a10ee10928b0b8c385652f0761bb69674b4b865b5f4fe19f960f6163875473d2f91c84d81", 0x51, 0x8000}, {&(0x7f0000000240)="1bd318d609a5de15bfe4238498394e5f6e39117ba76e9867b995c8502575cb3f0f2a704708a4dafe66186d91aabb215f9fd34944e6de32ac0e802645e46ed5910487f591a930217082b07eeb45053f7c648a28c4df4197c8f64db7fe4176f8079d6792b7da2fb2dad1d4a4f1d625b577f3d555b954fdd2c68d6aae9a6396d3104ba480241b8355fb7f0526126af6241940812bab34d1aa3a630c88b7c5c4b73b", 0xa0, 0x1}, {&(0x7f0000000300)="0dbf8e36562da2c240e8e2caa5d07b8eca0a7f22f0c9cce07a155e3924a00bcf82ddce1005dfc4b8b46bc82f4d9238538e56f10519b0b48fa224d8330a477968bb696437c7e0d498729c27524ecce224cc1acf0507be84c2b7d659a9a7fbc5aa986d6bb99eeefa757b787f4acba8aa8a6625d0bc4fbdc3c9759682ded26c4d38a492110e690d0c3c7669f299c4d9dd050e3026f9d847c32374b122f93a7ce6790330b64aed5a844507bd6a8807811bc4041ea56f417ffa09f43b5fb475b5fa533ec8b9b74bea076ad8dfafe3b081d4ef37a3c2081b6749f0a1b4bf76c44e534e7fde3e2502881ab35c3545975812c785b12cefb36e38595ace31d7d40d326b4cff4323163451f7dd16030c99f952f7f2f86729e04a7e129158c561db8eedf8ab6e9564ae8cf6f91834cdcc06ba96df64f1d867f7c26af97780c812c52e9a1b02417daf49003c22923067681b434df0db781ae39007894ca6b0dd2adf2ea0f01ae8ddd109c5e2d8f9b506de704c45e3b52ae092811a5cbd9f49fccd9578771cf3281c4f978efdb21c25bad193cde3ffd94331ca6860598328f20cdea7512a8fd103272a87f0ef7f396bb1e0b3c288fef144284493e2a4b52560dad64092ac5f3183e94229087ace5a782e4cda5ce34d620dd39009dcc0b64779034ff7eb555cd2564f1054b3d788a99075fe035da380005c00048409715dabb8e42ad7418833370861abdbf97478d5be585a9cb44fc934424dfb2158ab49fe7a7d96c4742805d1c3cc0c1bb76f3489842d1a1a308bc0bf39d843ff1222ca0a64d94df1223decdbe3f6fe7a61b98e12b701f4bef9004455664d05660fc4f45e59d0f8f7b6d589fe9a065139beaa4c8c8e93a7d0afa92eba2468ffc1d392c3530f143f021158156593f8f19860de15720a112c1a27b1cbaa491a226947428c5541feeedcda464bbb43a868914835f1f6c41a5f2d73344e5cecd32d314575b1360fc45a88ae8732975fafe1e382dd19309edf25a1e93c37c65753a591e6cc4443f0fa0d1f47a91bf2f41ee2fa17e9fd2cb16b9d13d0c95b6a037c49e99b77fafc5ab26f3980431c8430124bf2df8eb76469226d31585c4c3856add1ec5af37d6d101e0dd051aea308fcfc04460c601622dd2a60464648183c7486d427820160d53e44a4df6984d93f9d77fd46872cd6263faa71a603e9c39d07d3aa6db2bb145d448fd502f0654d449989643ab806a10a626569f149adc88165c4e79bb8d03ba452ef6f35bea7559c5089168cb8ccaaf721dc1afa99f0bc073efaf0b4025955953b1dd65bb443b30c27f86422a66ad4bdbca919312aca22c3d52639701b94dba2d3eff98dcd644e3739bddcf3141e6f673ced34a7cd923d5d78f131fb40407c632d6b759e19052f5fe2a6eb348e99e86afdc28eda0246835f23be8742539a12ef398f12ef3d609a5e922d0439d81bb065ae3b6631c17f3561ad75a62e9794b4173f3f63ffdeb88ed02198d6d967294df59b5df869b49f11b0db8d06e107c2a78f252c214c9ca21a6e8c85da87fe0baaf04b3c480183ea843640a1fc07b7e5d88f0a6a81b22f3621ccffb3aea3e12b90d3b59f2b8951ba99909295aabce601051c88f829dd194f7f8b4e71df9f0bec5ac0d26c0a9fc17e678e75948828ae82d70fd06fcd3c3885cb9ffe3d74526e916c0d972fdbd05cf99919592d5f73e79ac92e8db4a0cf07b4c8bcca2760f71a67216a357bc0a837fb1f739f397faf85d7727e7b7cf045ffe3f7d055698991da55b286755a859d4fe4af7879051033761bee2968ec9e68214e02c6078c50cf784591d70998bc86238cbc8732bf5f4aaf8a52bf2908c315b8f41694118f59280bb0c552f764e14c3b157ee624c72abda5ab6c3defa97c3f12d09105cfbd871dca04ee58fbc340f215f70d1eebd56f76fff90805a3ba75c845a06eb5498c94db966e4a41b2779cd90f7c6e7779d09f09965f98a1f1c26f7d38f5c2968c96dbb61cfd23e346e93f6f26318bf412229962a06cc29804774c74249bbe040673da105585a916b94115d025fc22d372a8aa270e83eeb19c6c31cc36a93e32a2bd68177a89a42b93f7a6ea7dcf352e81b2c318c8550c735aa5b17f508c986ffcb6c5377c30cf935a96778936bbea35cb461e8ceb2feaeda34cb63ae103f0d771dd27b69e4ad8abd3821dc8334312d8ec40fc6c6454e765c6032689eb72c4f5440eb374681ef18fad5eaf91a7f5518e86428a99688714f3be6d03fa516b75618d0ffbb8568e166a007d837f86952fb4c45600dab7ddf427e80db27e52b0569f4cef0f4791af5fb64009eb36477a011c2befba2b704a86898015777a919d4c901050aa0732e35434ffe92b231c49a59e239278e378c48c49106835db1241a01779edaa986d4b5c0dd44c78cf5ea8d2ffa6027a92f52d14b3813bf3440646c82287214b8c539f56a350c8f68387d039d1c74d7a4f1980a52c23bdd5bf39fc5a839f6151ce052216dee0654572fdb71a0d0485df74b9533f9f0227d2af0f025be87240998d1e583d821d7f1d12347a1c4904d1510f50677866607352247cfc00ddff4d3716d486be1de087ac5d850ae5642ec4be384bda9c6c0c9da4af749fc5a7f710d464ee1b0d8a4d430b53de01e4ee669d4271d445b87e569ee6a4ce895c37411526791f49b4fec0a594d60a0e37885fab3abed1e46e88bf041fa32a5d0e13ab8418c5dc359c7eee6262b3900f8371573a0d50b39e2144dd7c293ef3ad4f755caaaf43e7671c870d505a4bd21f5f8bede863a991765100c74a15bd6fcd5d1b8b3ade10013f6fc62b1d1402c175be41f3272ae2ebec414766bf452f794a67c667a304964c3d63eb16622cfbf1c5f06da639c3f23bc7ba1a562cd9690ebcbc2080de9634f9626af9e117f7f8ab32d6ce901d67a7100d09d9ee4f4b54bb73adbf076de9cc98f5920c5d065ecff4b22b818fc266ff6ce0f919c29106fcea1d7ae21af3fb3a691b6ef7028327db6b5ed591ed169cbf94d909b1d6047eec56ced855cc8e53e0bcadf18b0174671ae8e16148773d818bcd07ae7b01e62f7f48cf037c971220a2dcc3731be76f95c6997beb9455351d814df0295aebf15cb41e0671118052f364dec90921c261fcb0d4236213cc5d856720dc8f0595bfcfacfb28bfab7bfd30f558f02c920ab2805c3871e9880b46664f5a87c9f0dca298a6a00e06ce919d2e5cc64020403191e362781ee98a58e0867d5ad98774534b3d3f3c91dd6a5a51d1313d97d58f67cefb3711e0bb6323fb718b620d16eb34d55cfe3f73545defdcaabb4666b159a2e5d3d324f544740c82bc024c3d22b6c933c698cb4e36cbe2e0916b2282bfd97e070404b4052b7e67f968b48ea8bb701ed53336ddc64747d187a3bb17d15b2630f316b3667318dd271d9da448351351ff5399e417e8be6096af5455118c248e03ad44b48a2e333240554b6c7d792f80b98c1e0a665f22e3a52a9a0b9c5b7a779ef6453ab503f4d7aec3c4c7aa974860c0a905ca39305aa328f2d6a5b0d5da4faa2a96daba33b11e57b6bb02dac779eb962956abba4784940c240c4285f706b7523e5528b6247f5d089fede1fbe884febc5ad0d710c794453508236ee5776194c4ae97105e9b1dca53befa63a78e989cd97c8c6b046ffc479d010b72cbd1d4420849d81e74feb5478419bf96a787ae1719e8144c1d8bbcac1811180940b0293819f62eb85dbcbcdd04a6d2cc33dc9d1506587112c07125ab5dfd2e6117f9a29c8816cede68b394d765382eb4c820ab4a757c47d2261332204a10e9359adb4271585d238d97426a4d23fcafc1360aa5e7200aaa2fd204104e253b90b487ec703203e06789693bf010fa41e92fe5a50c517b1de29b098e59c16502a481749b2249d428c3eeab9a79d2e1aa7da3ad5e50dc36d9a9dfa9beb04831775998c54de3615a2cf0f027a6dcdaca2aa55933ae52f1a9aef2742f2735ffb0fc04ccaa040a465fb90aa4fb72db60a3bb6f434a747df754945a93391d4799c784b35353d420a24f5ad9c5dcedf8078d045066fa95c1b0e4a1f0792c7acc47e4b27586d6c8c8dfa8fd4a8d6b0616158c9f8e73e3c7247d8457356a4a3a27162ed6d71064086c05e4018f83f27cd449a6ce89906f2ee4d772e5150d52bc1083b410f4741a797a4d2f494f6cc86b883fa207133673bc910ba41ef6eedcce0d4d2eb567d144f5e424ef240e5f34fd8378488ef01f5d425c8f083616444fb082c1979efc010140cc3c4491d0490e216b80de03a6ecb788ec219d6e0ddad66afb0f8136ff8f30d1ed53897b8e330dddf0f09d7de3d612f5cd9ded7937564f4a8a8104653641b4ad25f0e8eee9a87723fee4c374c3ae63f365cbef658343d5551603537960201825c42721ea6e15c6ea3c9e4f83868e1bcdbfb7cca606940c6082052b9a46d65d004d14ef3acaa69dabd8d5e6d294706e5bc6853979d45a55ff4c4b1db00e73eb445be92b1b67940667057bd529397e9ffda54682716c94f2efc3724bb24055624470ed204a03890b0804959c73a69bfcc990943644956cf88417a051bb1153e79cf5ab02d2d754ab98ab12f300829aaee10bea7c6037cfd15aa9e07677ef0818ffdfe5a5d6157ff8e488e8fac652c522ac8a42b88c64f75c4141b690c83840c8f9f9457fc0fba41d41b71f0b30f73699d5b80d5d34aa61381e2c162c2e316ac38227d17d5402a0913f5b84c2ed941be7c0ffa10ecb8af236d0e564e667f63749853d39f3b3532fdd4e27f8aed01d0d7e6901fa01cac917d476326d15a81c4cdbff2e1ae4bc962e3ae83b4c2fd1f37984aff2f6c2e1aff9ced3aa88d1ea9e3f7578a2263e441dcfcd305fef078df358e8683bb07d86aea1b24d01cd00897c8d52c09ff4a15c364981ebf651769c183aea24f4558e10c32f04d84fe94812f97d63c4a8399180d100730e99a440df2ef41a0b1a7a02383d218fd3afdae8cb11e7a21ae7efec0ce32a4ca6a350af00085f36fdd651cabae4683c09673cf8ee3b6d3e9dfaba8b07f92c63e481e4bea3ffabfd5a059e6376afd8732b8ee5d473023b2b7efaa7326c94de5ebc9675a41d4d8fac1f123008949952501401f322bfef955bb3fd4432de149914a250c3678c54adc036a7daa8018e2a99d95ea92ead5f4ddf6cbd8b758ffed6f5c567d0eaf87f2e41a99c1c941b13e678c4693fb16513a727aaa0dae5ac8a261dcdb76dfd95990232da44928bc188f225e434b36968ad0c7dac905c9aeb9b758ceeeb51508617985b12776c9ba7f042aa03f022ebbd72763b3838e48f58b761dadcae36bbdc8368d82a49e2b266db2700bf5ab6544e531a3876f445956acc4489944f84032249b0e44761696159a0d5191018ee03ef566aa3a6eaf79bce44f070409e04b09f8a3736ce3130fe2074f1b07b85d29fcff6e648f30507713bca5b711e3d82e6560eb01d376976086a3b6638089d0dec9426658e8b05b8061d149236d9fdfbb975841142e6f6b5d096d670da5659e18ca0cd1ca6b97b269ba4a6ac6b51f869da25e4f923987a1ac01ff037f521db94fe1c6342b1697b1a7196bba525d4492c2d4581fa68264baea6709ec0f702319dd5f3cde2876f143845dff166414ddce28487752c767ea79127640370ecbf5c01fa6dd3f397892d5c2931d52a2be55020f4df36f6262d2ffbc53f518535856480215a1bf8e17a508726d035a95760af614448a73c83742672cc440b7f918a624f0d80af9c70843c02c597a222c110618f8a1b2a408e98fb79075ffe48c8c029e6", 0x1000, 0xfffffffffffffa61}, {&(0x7f0000001300)="e700491fc5b2cec411f2626d0840ae5c5a2e20f9264df73db1cb04275682eb9587", 0x21, 0xff}, {&(0x7f0000001b40)="65ddd072ea85509b9e15f5eaf4e2c2ae3da081bdc9c339555b3a17858c4ccb76ab58df9c4a7c19d7fa37ccdddc6010781d40ad8754fe4ff38b9680b14cab1062c49983af0ae90cb927c76bec1cdbdcae656a7e8dba09b26348c6992a2aa08d182f4abd39d4098a3f9ff60a90e4d45598330a1d21253bf835538f47fa7a9c159d34a6c1773c184eef9424018607875ea0c70814a750656e52edf36215ba5c4ed3250ddb49aec35b8d8b1318c9f15524e813d0c15d67ba976d7ddcb3d624180aafe8f0d8aab5da4c25b1334d4cfd926579c77c8bd1bfc1d82577f6e5c39913f41845c1ba288cf721a75a00741406e9fc88e6a803720cf3e5ee7ea5fc4897a822f92d6d88af22c1ae9724ca5c3c635f97034d5c799eb7dbf6903aa3c694742c1891e06e9fa232bb73b4db2ed9e77b7294be7cb3c91a67a5ee38157c1d23eb8d7e47e2944817c3ba365891988315d7b13a9c687ca0a1c39c20e5b62281e0702e1ec3a41b3b15642be308bc295239f74647479455e561df8075dc3709d02f74ddf8ee134eca3d125d301a10e78e645ebd4e7e184e175833e13e2338c051470701f085ec76ae8446105d70848bc956e29de4bee75e53bb3b1504a8696e979f3f1dcba38fa4f72560d7a656ca7ed620a917b094dc44190a80e0053175d1272d83f3b893a8c242ca2344f75e8af71740de92f46f69cde88a5e354e8156bc44bcbb426c70af5874477e8b847051cdb37cf83418a6362f331f524482bff9b4557866a4ed30ffc664d89d00a4b6ba20b971b06228f799a21f70c319bbbcd4a1e0a8ac8d65f72c84f37876c1d40e313bca15619d59826e381734ac4ac613b1dda577093414a07938ef8b271338bffbac0d75c333dd5c6426d905d89d813f43d4aedf85c3bdf39f73f22fdef9586f1304e7ad908456162ec0d51e3b6251bbb19199da0f6e1f12189cfd2142409b65eaa4ac6e23e4b055ef6a03698ef974a5371db5f3f670b61308a49727c4c654a49f73fe7b7495b6ffadacc61d61590cf9e6127951bcbeb4e43a9ebc5522cecf995677582eb4e194809bbd6a92309296e451ec0dd29d2c651a7c4516974ebac3da946f863512e02a7f4170b6dc0116f9014c04a3d89402e301960ed9e8f99e6a34f24700520acc1db5ac8b98239a75251bada0e35384a57b6eb954cbac67e5c116bc48b5e691a8154ba02ff6006b5cb052b42d8461be839686f0f6e73af55be2ebdd0e1909d7a13861fcf2d7a6661da47262c24081a2dcc5bdca03c80bc04b525c6d1dbc2a521a813aa6688e59d5cc316dec3127d23b0ecb38ab77d898d972bae25434a7708c4a0b878eb93dc1be622551886b851d9d41a754712b806895720131ce8956ad3a3eb74a69ee0677a83aa28cad70a372596d83c94d77e9d87a91741de17576d70e0a3dcd3251f7f03760f2085aa8be5f30a46781f64a42b0a38e031b6f1a42f06f82eb4d78cf0052ac53622c482c0ec653dd83ba24399617b4a86dc48023254def4496c045af1859c9ffd0e0061a758446c35fc577ef56bc6891d4af13c5e1c2e57914e43ba1de2ae2b66617d301057028fd19c5a41477758cf0cc012067a97c96d729ccb623163a7f781bdc9f338780adc4d2382861cb74a60ad45f921b33f1e4cad45e60ea738b247c0827fe4ec568b8b712aebe99e1041baadb63a9b747897094913a70c2ab85e3a0856cbffaacb1a5a1ea84c07d4464d4f62121fd95e148517a9d0c7a4a31580617b145057d69dc70f83156be5c1ee47000a9b590951d34f6af83b28a2296253acc4d25af7a5086452d1d566930733930d2c5dcac0716e144e0fa57ebfab3d0a917333a38250e39602596f3f210f7c51800f701a046a7835b0add3167ea56f770c1a153d6fa74e10ca428d15f02053a28999826585e492966db44fa82e282874eff75269c20987eef4b93912a52382de4a591fb8759361850537d5b355bf1798b85f21905c33f3e7e79d8bfda8f0c10d8e9ac0e24a085914ccb7a7fc3c08565eacb268200766fb89760388db22b96db70e693c56fb3345711ce03b2ddb59a4c60cbfc8f912d19050c061b813158fca1e1c68b637bd9038352de02e7779723ab81796884e33e178425163868104355f2a358741f62c2a8bbf6f232d7bf4cb6f3b1a26d96e6b8675843c2e82e2963bb7097f5aea15a56ebddd050b5ab0fa6f1329c56234d483224b423eb356b826b624942ab4802c48fd248771770ffe1f8879fffba8ca57243b901f1dfd42aa951c2d189e4de82c94cd182ec49725b2356f23c9b1aa1f3cf16bd79cecd5c3a45c4922515521ae541df110701da980c612aa4e48046d2d92896208af6d40da194cc72a521f84a723c2a102f83153a1e6ff3e9d50fa9cab2289924cc55ac90f26e1a7cedf6be7b3947e1395431ac45742e91557992d7fe66c675245d552b93a7c7552b263c2dcd1cf73ba9afdc35d3d1a448927b19fca32b960259b14825162a48420bcab656d9fb9f1730fb4ef974985284ce7a6eac7f726d272b607209a0f171a050d19d8c06164d2e41d8edd4fd59f1d5e89e101d616d9b0707907ebad57528540ac628be7721e32a7b762ec1f8b0b6b3c46861f3f04e7f2d6c4340a96e2e5cffddf8a0a86f1d3a8f78b0b174915e4d4076fd9dd60a8efc19d217b009a0db8b9690220f60f74efae5f8015ac8244735f9943c3d498c530a4f18712d97cd8a1c59efbce477487220cf197c94d306758beac4e266c34c206db10c1cd4abe79920742d116ea8d0221071c38ba79aa613d4f0a1cbec6ce4185adf6028a0c53d6fc666be391e23d385c0fd8e75b0d286c903b8ceb6ac2e46d3e036792829b5f5ae60b0586b65c60ac7cb1c94a67cc2a4daebcea8f596dcd8d9720fcfc75c878627c3e95f3f600171ef26a27f3c2e76bb7ea70bedb19d9a1c974467334dde08562eb1ed76c9659c80dc479f8b5a6f81a24d0c4c008c3f91425b60faaea08c662908f30ba568c1d513521127e9633672812d7a12f38e9b0d3f56d5a2e8bb7399a3bbc108b00ef24b7765e4e8f6a36865b5af827dc92c7933ae40811f9a1ced9034a7b39742d7e8864b51e2dd9790899d97af83a3f8ee76711dbbb6dad10a5b69fdafc64ebc4dc74546156d3e34f96646070af013b1c92c109b9f39ceeb915803d4ecd86716b71d075126f76be7610238d29f996b4a3f80f1fdfb1be0878449be731a95755defaff6a183fef166fc3e63d364a14a8668152f783361f0e8ea520cb413f567bc9fb4111620baab640173a1fcb5b91962f1175e6837654a00d468c11e82d3d2322ade6ab713d2ee161083b1d9fb76446990c608c716dfa050d47f85aceb901816b6e3198ce27291f6fd9a01fe7b8cc28514144047817a3c885b6cd763f2cdcbe3911ba1248d84167ad59070f29590aaa7c02b54b9136cec78755e3ddbdd048d43f1ebf155916bfc95c8dde641ea5a7700a3cbd8d5cb7e4f21d739f7ccf3af619c9897e68e574a2e8a827fedc74bef3c4c5923d2d3432f4055e403062293a18036c029245f968532d0465a7d4b0ae56ca35300a95a5c750fdd14f8d0c3eef889282fb7c9631ecb345d1c575033ff055a58c4b3fb160e350a0e3aa825fcf4d9cf5bf510e55289a5247c8f84f92089039633a80c992970ff1bd304c7b110c31c78528115eae32835f3c0b0a6ee8a213aa288de58253d984a4c163fc5785f3aaccfafce57d1cf93327346cc96246097b9380ead93bbf2fef1425952852128c265ec02e61685306e24fa79b6d227560afebb7d812c373968f4b86458dee69fa48307740c5dac3101b2f746e8f6008be82a041983822d4cb58b199d222f06ee34f600dfc179de2be6f367b2574abb254605a3ef37a6d63d63fa33e9fe1b23a889539f4b3ea59b37b72b26e3bd4ab8b6a4106aacaff3d865e0b61f4ebed68f24ffa227448cd94bfb3d390ca066b28f804792f1779fa0d48419f89c3fb98555fff94ec2a71f09f911844d69047581af30ec078a988805ac858c5891b6d59359e5f8f01a4d50b05dbf21dce77cd63d9951aa2e66b7d37212e5fe09bc770a6f1a092096989238d4faa83b89b14954a399dc00843237c5fecf0431841b5d98d94b3755ff75d8c2bfaadcada95544ccf381d6e1dbc7dd19447ebd96b824cee177f0a929dd30e55bebe44b0c560bc8e70ab8e115e9ec983b1425c210a103cbc66da2eb1b0041bbfd9c0f10bf47811737232e827af77c14f402c05fa6237bc31e2faeadf312e9340bd8ca64c27a74087a6e0eb83934fb6076935faea3a4a49b41fb2696bb31545c98a04869d0dd4ce82ba4177a7e77a2cb0f64ae17798c5be4da5e7f822fa82e8a0e862f2ccf48831ebfa64da0ee369a1ccbf1dc3c40c4a24e077ba342d16d3d4bc1ad65420bbe29d71152de63ca65946d4efa0aba3530b9fc75a60087493356966e9dd631b03367d9cf5aa21a0f7aee5d4534eb09dd4698ebf27aa08db5d0e02748aa5159aa5500aae192f9d53bec321ee45ce91adcc87d5a0b7e0444f2592e48f30328a7f28979d575d00211e4cc650f3e81297c96586d4b8e606af38de599bbef0ce4b9f583e8d062ebce3aa4530eee4fb98f0e0202a0d49c584cf1e766f9622a79332f83a09c31954685b9acae8f6a61431233597adfcde7600db33b41a907be22c460619beb8c9141860ec0c04bd7dfc5edfef5ea7a6e1832934c707f576444ed90950ae13eb32e9583c688d3986630e5c392260232813ae24fd7f38e81d9c16629946766a76099c03248533c1aec3f9a1246f92a0ce7aea076dd05f2a9204799f547f441d11faf0426471a3aabf5374322f0294d73205e24599c68d1210e663e456f57474b0d6da2aa8d944068692df430ddb23b0cd53e3a77f1c5553a82ce421c0af7c3455397a4cfaf73591102bb06e926b1af0183448fda22a77d5e9ee43929640647a2c2ee273c6b78c01d5eb9bf10153d11e081a9ae2224391a2cd1adf9953cb857466dc81e2f2eccae4413a7a937c9e7a86f7ea985f0af96dd93eb56458f1e8a6443c6d89f42239c28d9e41be3e5d5026567b2fa342ca10f027b4874eed6ac457701b19146b40d44ed934b67054d37b886a55de2dc4376d87207a33ffb4a860d9b0bacf0489b890befeff86d2115cd390b02e95bbf56ee79a798b28d8803e2234513388cc61af555a8bdb885f6b06fd34f26ab7d2e8756f048c5b97c666ff138ad6b32c7abc448d303edecff437b8633f995528910e57bfad28b2a1693373b9cdb121d281c9e41565ac2887dd9fc513bb0bfbafa972c19e3caf07f9f91379a5a1888d0dde7aaea9c95daa3d2cf4207ab9e33943c8eb4f23b59e765090b18ba6b3ebbc213a3835d106c39102e9614710535b151ebcd622288fbf73716cf512953617de44fab96d47bfcecd16c7fc22577f7b0d1264293cf0935e3c9f0009cdb59ea35ca9dc86ed1f51ef0cb0103fdd8afe54b9e0ade379c743e4fbec59b34d1d855b73aa36896ef2467dc69e7512fa300ec68f20cfefcd7cbb4f6ad1b328277682497942ae2ce17aec57f77787a87f9cd9eb32b6a1f138b74ac0d01a6168cbb501202554101f4102988aff59f3ff995f36a2fa5151683b8d655dcaf5329d8e2eddb5a2f13bb5838b814bfcbc428d93066a8c3c1bd9efaa334007a0a227221f1930cd06fbf20df46548ec027c2c18161e7cd38e6f4368312bbbea341e2173f994ff6aba037e61c4933a442155a39e8cbf67714fafd8a9549b24aee07524aa00b354a8949f6bb7cd67b99fdb33e00f602d954e4c1742acd3e52", 0x1000, 0x6}], 0x4, &(0x7f0000001400)=ANY=[@ANYBLOB="2c2c646f6e745f6d6561737572652c736d61636b6673726f6f745e5d7dec24242c00"])
fcntl$getflags(r0, 0xb)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fcntl$getflags(r1, 0x401)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000001440)={{0x1, 0x1, 0x18}, './file0/file0\x00'})

03:47:58 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)

03:47:58 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = openat$cgroup_freezer_state(0xffffffffffffffff, &(0x7f00000000c0), 0x2, 0x0)
fsconfig$FSCONFIG_SET_FD(r0, 0x5, &(0x7f0000000080)='[\x00', 0x0, r1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
close(r0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000100)='\x00', &(0x7f0000000140)=':(*#--.*.,}&^-{\x00', 0x0)

[ 1946.330210] No source specified
[ 1946.339204] No source specified
[ 1946.340903] loop4: detected capacity change from 0 to 16378
[ 1946.356677] nfs: Unknown parameter 'dont_measure'
[ 1946.383390] loop4: detected capacity change from 0 to 16378
[ 1946.390878] nfs: Unknown parameter 'dont_measure'
03:47:58 executing program 2:
membarrier(0x2, 0x0)

03:47:58 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)

[ 1946.429474] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
03:48:07 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x2}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:48:07 executing program 5:
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
r1 = fsopen(&(0x7f0000000080)='rootfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000180)=[0xffffffffffffffff, 0xffffffffffffffff, r1, r1, 0xffffffffffffffff, r2], 0x6)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmsg$inet(r4, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCDEL6RD(r4, 0x89fa, &(0x7f0000000140)={'sit0\x00', &(0x7f00000001c0)={'sit0\x00', 0x0, 0x29, 0x7, 0x6, 0x0, 0x11, @ipv4={'\x00', '\xff\xff', @remote}, @private0, 0x7, 0x720, 0x9, 0x3ff}})

03:48:07 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffff9c, 0xc0506617, &(0x7f0000000000)={@id={0x2, 0x0, @d}, 0x10, 0x0, '\x00', @d})

03:48:07 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x180f, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:07 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r1 = getuid()
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r1)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0), &(0x7f0000008600)=0xc)

03:48:07 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
accept(0xffffffffffffffff, &(0x7f0000000000)=@can, &(0x7f0000000080)=0x80)

03:48:07 executing program 2:
membarrier(0x2, 0x0)

03:48:07 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r3, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r1, r2, r3, 0x1)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x0}, 0x0, 0x0, r2)
r5 = request_key(&(0x7f0000000140)='cifs.spnego\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)='syz', 0xfffffffffffffffe)
r6 = request_key(&(0x7f0000000200)='logon\x00', &(0x7f0000000240)={'syz', 0x3}, &(0x7f0000000280)='syz', 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r4, r5, r6, 0x0)

03:48:07 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

[ 1955.873136] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[ 1955.876277] No source specified
[ 1955.887050] No source specified
03:48:07 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x400)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:48:07 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

03:48:07 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:48:07 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xc, 0xffffffffffffffff, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)

03:48:07 executing program 6:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', 0x0, 0x0)
inotify_init1(0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE(r0, 0x5000940e, 0x0)
read(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0xca, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000100)="5a87dd8221b92b7325d64b7a5fb8840364aedf58a1be1cdea0262a197623b0a0a1ca1a9b29", 0x25, 0x4}], 0x10, &(0x7f0000000200)={[{@sbsector={'sbsector', 0x3d, 0xfffffffffffffff9}}, {@iocharset={'iocharset', 0x3d, 'utf8'}}, {@utf8}, {@hide}, {@nojoliet}, {@uid={'uid', 0x3d, 0xee01}}, {@utf8}, {@nojoliet}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}, {@block={'block', 0x3d, 0x600}}], [{@permit_directio}, {@defcontext={'defcontext', 0x3d, 'user_u'}}, {@pcr={'pcr', 0x3d, 0x8}}, {@smackfshat={'smackfshat', 0x3d, '\x80)-$].\x00'}}, {@subj_role={'subj_role', 0x3d, 'hugetlbfs\x00'}}, {@euid_eq={'euid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x36, 0x33, 0x33, 0x63, 0x30, 0x61, 0x66, 0x30], 0x2d, [0x62, 0x30, 0x33, 0x38], 0x2d, [0x38, 0x34, 0x31, 0x37], 0x2d, [0x30, 0x38, 0x32, 0x65], 0x2d, [0x37, 0x32, 0x64, 0x38, 0x33, 0x61, 0x5e, 0x65]}}}, {@subj_user={'subj_user', 0x3d, 'hugetlbfs\x00'}}, {@euid_lt={'euid<', 0xee01}}, {@euid_eq={'euid', 0x3d, 0xffffffffffffffff}}]})
getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000440)={{{@in, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6=@empty}}, &(0x7f0000000540)=0xe8)
r3 = getuid()
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
setuid(r3)
getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f00000085c0)={0x0, <r6=>0x0, <r7=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r4, 0xee00, r7)
r8 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r9 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r9, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r10=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r8, 0xee00, r10)
fsetxattr$system_posix_acl(r0, &(0x7f0000000380)='system.posix_acl_default\x00', &(0x7f0000000600)={{}, {0x1, 0x3}, [{0x2, 0x1}, {0x2, 0x5, 0xee00}, {0x2, 0x4, r2}, {0x2, 0x3, r3}, {0x2, 0x1, r6}, {0x2, 0x4}], {0x4, 0x3}, [{0x8, 0xb, r7}, {}], {0x10, 0x4}, {0x20, 0x5}}, 0x64, 0x2)
ioctl$FIOCLEX(r1, 0x5451)

03:48:07 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:07 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffff9c, 0x0, 0x21)

[ 1956.050128] SELinux: security_context_str_to_sid (user_u) failed with errno=-22
[ 1956.094031] No source specified
[ 1956.095860] No source specified
[ 1957.487498] Bluetooth: hci2: command 0x0406 tx timeout
03:48:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

03:48:17 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 1)
rmdir(&(0x7f0000000380)='./file0\x00')

03:48:17 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, <r0=>0x0})
getpgrp(r0)
fdatasync(0xffffffffffffffff)

03:48:17 executing program 5:
r0 = fsopen(&(0x7f0000000080)='ext2\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f0000000040), 0x4, 0xc02)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='\x00', &(0x7f0000000100)='&)/\x00', 0x0)

03:48:17 executing program 7:
membarrier(0x2, 0x0)

03:48:17 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x3}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:48:17 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(0xffffffffffffffff, 0x0, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000a40)='./binderfs2/binder0\x00', 0x2, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000a80), 0x800, 0x0)
r5 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r5, 0x0, 0x0)
r6 = syz_io_uring_setup(0x326e, &(0x7f0000000ac0)={0x0, 0x2637, 0x4, 0x3, 0xa1}, &(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000000740), &(0x7f0000000700))
r7 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r7, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r7, 0x0, 0x0)
r8 = openat$random(0xffffffffffffff9c, &(0x7f0000000bc0), 0x400, 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000d00)={&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000640)=[{&(0x7f0000000080)="930a", 0x2}, {&(0x7f0000000100)="36e062a9d5fd30b9b5988e7f1af1c7550c758a665392d7a5494860279baf5f975fc355f9d2961a85fd542ccf72086580d92b3178fd1693e610c559a878ec56a7ffb70c626f0a46afbadd92", 0x4b}, {&(0x7f0000000180)="772a1304b1ce3dc8f51be0b97ab105c2ef34727bd14c9cd9c9b5955c1a5f70009ff6098615504d3dd8fdb28be9303927cc2655d78803dfa68d10b5793d5e53a048c6909d9849482920aa0ee6820b6d44241880fead55721708549057ffe644aae2ef2a00000000000000", 0x6a}, {&(0x7f0000000200)="e15b0388280d40160588620260477a1ed42b49e6cde269ee4dc819feaf1bd08a233af9a571c77cf73440dc085c58d64867254fdb88a4d108175a099472955c9e04515556218f9caedf920bf41e12b15d453bc90725454831fc81bc40cf", 0x5d}, {&(0x7f0000000280)="2cf6535e7af1b9fa0565aab7a98b1a472357fb07fe037934d722b408749ab70d84b93a0de4d77fed32aebd37d1b0d282d41f1fc315fa71b3ceca7d333fc2f39b0d423827ed7b2b470cedcf4d8572284ea1f25e7d50cde1584aadb9bebc71c2930b26eaf396cc7da3579ad5f0ca43a92d03a7fa3f671eb315a6dffc4ee15108214f11aca1a2c397032126abf723ae0a694aec2998f531e978e26cd5fa8c284d98dc0526c9c7e8bf9128b5e4bb", 0xac}, {&(0x7f0000000340)="5556d4489b2e5b115aabffd67337a929a131d3184e62fc39579fe827a05504d0780d3d17efb3ad9894058e16bfa69a61192977378ef1b5807df5db3c36a74b301b886dfb530a36080d4f9767a9e0488841ae85da08eb8832d3ed8b48a92e002e8803f97b6818d538c2a4c30a8e61e5fdd3dfcebc8a43e5dd00a3353df5bb6efd07395342c9df8b710f680359b21cb0b3668dec6a6af9f65d1a89ccfb37e8d75072b6ff098d346305929a9ec47597cdd350ea5151f6dd1323da2be1c73fbc109d9105148c6accc2fef5a16d2dbc018f9c51a5effea23f1f2b", 0xd8}, {&(0x7f0000000440)="25ab09bfe314d5ba88d6b4a6746641e91cc7d7dc28bb6f0ddb5d0b71023614bb358a8fe843ad09dca51dd24dfe0fdf668ee26e0983088e7da06ef105e4153a528ce729b1e687f4d21bdede00950c6571a156277a4e18a12ee825d535b806d929a796be54f0d43032cbc7e5f09bc528d8ca673b70a812768bf623604a4c0d96b299c7f15a675d6df76ba7ea54767f9c0789f8c4ff8a52c2fd9eed2f95cd6d0380cc67e7382e65f92fa9442f14edf45aac", 0xb0}, {&(0x7f0000000500)="170c02588ea964587b3a50a274f877c4ce0ef8a156f390b04227599c450dca4b23837d69095d847eed5e0bf745566e00b115f6a8e65950f95648fbfde0e93cd9731d224a402171414baf30a35ea4fe6dd3127171c4b3139cb0d3f9e002e4646dfc5af1570de17651e0ee80541137a139002bcaaecd8a2c2becc94de3ce7af1fc517b4fd3f3cf3cea4ff155", 0x8b}, {&(0x7f00000005c0)="5825183687b089bd088da51b8af436a16d3831d23599a073bda27603b6321068c50531e49904cbc6de56bfae9a73ae2333bf0bedcdda57fb93b0a482c47a0c94480114c5ffe6be27247f72a5f80d6d26d1701afb9830", 0x56}], 0x9, &(0x7f0000000c00)=ANY=[@ANYBLOB="00010000100100"/16, @ANYRES32, @ANYBLOB="0000000028000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r2, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB="0000000034000100000000000100000001000000", @ANYRES32=r3, @ANYRES32=r4, @ANYRES32=r5, @ANYRES32, @ANYRES32, @ANYRES32=r6, @ANYRES32=r7, @ANYRES32=r8, @ANYRES32, @ANYRES64=r7, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32=r0, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00'], 0xd0, 0x4c080}, 0x20000010)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:48:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2010, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

[ 1965.787112] No source specified
[ 1965.793012] No source specified
03:48:17 executing program 7:
membarrier(0x2, 0x0)

03:48:17 executing program 4:
sendmsg$DEVLINK_CMD_TRAP_GROUP_GET(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x0, 0x8, 0x70bd27, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x4000}, 0x20000040)
memfd_create(&(0x7f0000000000)='x}\xcb\x00', 0x1)
r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000180), 0xffffffffffffffff)
[ 1965.923726] FAULT_INJECTION: forcing a failure.
[ 1965.923726] name failslab, interval 1, probability 0, space 0, times 0
[ 1965.925498] CPU: 0 UID: 0 PID: 15510 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1965.925529] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1965.925542] Call Trace:
[ 1965.925549]  <TASK>
[ 1965.925558]  dump_stack_lvl+0xfa/0x120
[ 1965.925593]  should_fail_ex+0x4d7/0x5e0
[ 1965.925620]  ? getname_flags.part.0+0x48/0x540
[ 1965.925655]  should_failslab+0xc2/0x120
[ 1965.925677]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1965.925709]  ? find_held_lock+0x2b/0x80
[ 1965.925744]  ? ksys_write+0x187/0x240
[ 1965.925783]  getname_flags.part.0+0x48/0x540
[ 1965.925813]  getname_flags+0x95/0xe0
[ 1965.925847]  do_sys_openat2+0x9f/0x1b0
[ 1965.925874]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1965.925912]  __x64_sys_creat+0xcc/0x120
[ 1965.925941]  ? __pfx___x64_sys_creat+0x10/0x10
[ 1965.925968]  ? __pfx_ksys_write+0x10/0x10
[ 1965.926008]  ? do_syscall_64+0x85/0x360
[ 1965.926040]  do_syscall_64+0xbf/0x360
[ 1965.926071]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1965.926094] RIP: 0033:0x7f2ff44d3b19
[ 1965.926112] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1965.926134] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 1965.926156] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 1965.926183] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 1965.926197] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 1965.926210] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1965.926224] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 1965.926253]  </TASK>
sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000001d40)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2003000}, 0xc, &(0x7f0000001d00)={&(0x7f00000001c0)={0x1b0c, r0, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x2}, @WGDEVICE_A_PEERS={0xbdc, 0x8, 0x0, 0x1, [{0x30, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @empty}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}]}, {0x1a8, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x140, 0x9, 0x0, 0x1, [{0x13c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7815}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "96e1016855b6bab9e1e0fc91d6c01b776dcb086b69bd0d866035375e7ab609df"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "58fb286bae2e2e5b4398bc98f282d7caa9deafa6194fef9fa3dfc3ea471fe08d"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "0c5e4d2b0e752840b635d35a9f18fc4727d532900c2d33042523864adfd6086a"}]}, {0x90, 0x0, 0x0, 0x1, [@WGPEER_A_PRESHARED_KEY={0x24, 0x2, "51df5c14553bfc3785e6cf174da0328c1597380a9103f22468e4b7d11875234b"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "02271a8d5cf7fcb34e3a039b536a9f8c6abe5ef3be58cb77c6b49dc206c19f04"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "5837ea2e02d7fc428156c770a8de90a45b43e173220ad9b2cb42c29d7efa1935"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xf2d}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}]}, {0x74, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x1, @remote}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "58a951a35da1d9f1fcef2f1b5a45bf790a9f45f9d785d3ec7fe0f0d67b37669a"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}, {0x24c, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x6}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "19749e72b572038a6719082d89b609676d4387c64e59fe377bb93015d488009c"}, @WGPEER_A_ALLOWEDIPS={0x1bc, 0x9, 0x0, 0x1, [{0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xa}}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "2ba0f624c5cac78a12268d77ef292c3d69241c42c0d94b8719ce7c76ea44ba4b"}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x8, @private1={0xfc, 0x1, '\x00', 0x1}, 0x9}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @rand_addr=0x64010101}}]}, {0x78, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x400, @dev={0xfe, 0x80, '\x00', 0x14}, 0x6}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0xffffffff, @mcast2, 0x4}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}]}, {0x308, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e22, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}, 0xe3}}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x802000, @private1={0xfc, 0x1, '\x00', 0x1}, 0x97cc}}, @WGPEER_A_ALLOWEDIPS={0x23c, 0x9, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}]}, {0x70, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x1}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xc}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x43}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x21}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}, {0x34, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "fe9110d029e0bfec1b2a6993ce17ccc241e25e798aa5bfad5a4515c255a268bd"}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @private=0xa010102}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "253d55ef10697088266e475b321777cf302cb81079d0caa90100513e76388cff"}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "3ebb70fd79644d974fcacac09ea6110e181ac4cd761698c5c0dfe66d921aa322"}]}, {0x2e4, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "9aff07b7e4a721d7af75a4d162abfa44fe38a1a3af2151385111c567b7c3d8e7"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e24, @remote}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0x280, 0x9, 0x0, 0x1, [{0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010101}, {0x5, 0x3, 0x3}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x2}}]}, {0xb8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3c}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}]}, {0xe8, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x23}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x2}, @WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}]}, @WGDEVICE_A_PEERS={0xe8c, 0x8, 0x0, 0x1, [{0x33c, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @loopback}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e21, @loopback}}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "6d244854efa1a0d48ac738b07d18d7bfa3cab8e19f797a34ef2053cb1083a322"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_ALLOWEDIPS={0x294, 0x9, 0x0, 0x1, [{0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x1b}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x28}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x64, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x2}}]}]}]}, {0x18, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x25}}}]}, {0x94, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e22, @broadcast}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0xf}}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "bdbe16a21c2f7ff57d2f6e981f4e25d0add3a5d4c29fb7073d35b67e47fd5d86"}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}]}, {0x60, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x3, @loopback, 0x8fbe}}, @WGPEER_A_FLAGS={0x8, 0x3, 0x7}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "aa12499ad3a4e7b7421c77ff80e16db74ec5a6614bb9b33c972716cb214414b4"}, @WGPEER_A_FLAGS={0x8, 0x3, 0x5}]}, {0x244, 0x0, 0x0, 0x1, [@WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x6}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "cfad7e3d6dc275d78bac88ce6f9b0c566057d302efcd4af476ea5de5e50155aa"}, @WGPEER_A_ALLOWEDIPS={0xe0, 0x9, 0x0, 0x1, [{0x34, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xe}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x3}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xd}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010102}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e24, 0x1850117d, @private2={0xfc, 0x2, '\x00', 0x1}, 0x5}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @rand_addr=0x64010101}}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ALLOWEDIPS={0xf0, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010102}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x15}}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_FLAGS={0x8, 0x3, 0x1}]}, {0x58, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x2, @empty, 0xfffffff9}}, @WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}]}, {0x654, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x5}, @WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x3, @mcast2, 0x4}}, @WGPEER_A_ALLOWEDIPS={0x59c, 0x9, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0xa}}, {0x5}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x30}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x80}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3c}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}]}, {0x94, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, '\x00', 0x39}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5}}]}, {0x118, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private0={0xfc, 0x0, '\x00', 0x1}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2}, {0x5}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x32}}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2d}}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}}, {0x5, 0x3, 0x1}}]}, {0x7c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @private0}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x2b}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x64010100}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x8}, @WGPEER_A_FLAGS={0x8, 0x3, 0x4}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @neg}, @WGPEER_A_PUBLIC_KEY={0x24}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @c_g}]}, {0x150, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8, 0x9, 0x0, 0x1, [{0x4}]}, @WGPEER_A_FLAGS={0x8, 0x3, 0x3}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "d05a9325f541d36be4920ef1d419517fbb403e88598063f0d964dcddf7566771"}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_ALLOWEDIPS={0xec, 0x9, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr=' \x01\x00'}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @private2={0xfc, 0x2, '\x00', 0x1}}, {0x5}}]}]}, @WGPEER_A_PROTOCOL_VERSION={0x8}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e24}, @WGDEVICE_A_FLAGS={0x8}, @WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg1\x00'}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x3}]}, 0x1b0c}, 0x1, 0x0, 0x0, 0x4000084}, 0x4000000)
fdatasync(0xffffffffffffffff)

[ 1965.974810] No source specified
03:48:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xedc0, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:17 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
fstat(0xffffffffffffffff, &(0x7f0000001440))
setfsuid(r0)
r1 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001400)={&(0x7f0000000000)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000080)=[{&(0x7f0000000100)="124b37c9abc2621ca5e9a63b48410a387a6d3b5100710fab86b20db6b444389f9fda5699a1dd99408f151c1f35329d88365f3fd8210bdf910a06ab16e23f9cf60a38a4ece0de080316e96b17f08a7792e0691f9e955efbd5d009f07d0b21e47ec1df5900c9bade5489fcae3238f94b1a97b5181319f3c9cf035c1592ce75138788c9a2cbf22c7c94a9b90e197c59187424c273fe75a425775ba5783e6b0dcb459782212db39dc050621a3c61a7f118e23fb39b83422c62246eeed4b94e2727972ab83df8db071ee9a4428ad367944d0301a8cfc3584cb954c04b7c5603dbbed9d1b15903c463871bcf1876bd6037a9d72370cd2f48913aca0408d6c47547", 0xfe}, {&(0x7f0000000200)="a9fd44974599ab721476e93b1d88382eba42dfeb04f51087d6994663f52b51d55c0da48d1e3271ac92faae01513e85a3b4226ff0405647ed4249d8de68b68efab5b41bc87b03ad8cb3246e2fa22cc9d56cd1060913ab444389a0a5ba64caeaa7cf2a812563ff584b0eadc1c90ceceba214fbcf6c3aa8a2c349017a92f0aee42cfe7b954a9c136265278502a551ba596689549d9011eea365aa52534db2ed071a983299ec222c8b86d2c21c822a0c6a7264d28c7257e360ecd5dd6565d9e07fdb54079f64a727ff4f56c91c2642c3e9179a75fcf006a8714c5f8c4ea58dc0a2631bf84ff78ef4f17248a0a29f69500755b30317ddd4", 0xf5}, {&(0x7f0000000300)="eeca6a6c0921ae593578a1437446feb539056ce416178c7270e8306a76c2054b428840b010b75d8311091ea47e6ab4e269c46a1f808fa368eb7b5a422a2f3f1631c7059b436ef8a71467c22fe8006180691de2de7308a21f1e6be82cdd1dd12c886a727b67a13f150d357dc96b2f502ee9c5e8e6c59d4457e3202bf2340e850a59c4610602ac8bc5f8ae9dad057b38b8e06837ac2f79e4436bd79ca0292e1d68113d67424148c4910b76347c9915048cd0c143dec445cd713936c7f7e8f8fc947650cd3d67a9ce4acb659c4751ac6c5c9b07165fb0f37834f46721922e762a5b65e8989239ca4cb2b96668296d9a512a5b7808a8bd02e565d6196df41d054f97eb870baf6bafe78a76e0b7b49e2440d1cd4f725c84ec6161f4b9bbcea699b5ec8af254940bae4145af69c43788606648d616efd4fd14b90552d5626a5ed32bff5ec0c745dd596154c2ef40bdc946ff588dee283c451b91687443b0536ab20569562d92297fe2fd4c1c63032dc58990e6a372a59003a0cff957ed2081be7bb727c83028dd121673a06588ae4a25a6bb170507c5b245875040e8689fde044d687a01b8479f63be749af7879f18a3d7bad18c7f6d0a6e0b1e3163127f4827dd588e2c767ba7a8afed9c9cba5c2af740430a423819da29524be3459bd1d6f0f370b65d159a060d952076af8ab1bda590dc51e1678eea4c9231d50656f77a171000fb7caec6bb95c51c7d9770069021a98b2259070935bbd6214c5d03530f98fe1116af33b44c3d04c7b569931d62f5a5e80cb6a7199658f4c5dcbbac5acadff9adc6d424bb7d95a077d4fea1cdf05e4f4574a001603196e5ae1458d9cd149b80d6ed23f85b325ef375c7e11686259a69683e6ec312a9400b556e344dcd79f0cad4d26ee422b6486023e10376929fec735e21ec3250a86cb67f5e1bbfcad87a65bdecdf0aa309213e2f64a8aa9887df65ced297e397baa805dd9206e0b37d367504423bfffbd5abad212c67e0dbea77780c4253145d4045ec06d0bdc8ad90387c4b9dcfa33f1b87b5174491e348d75128ac501e95c2c980f1d88b4e4c2bdbebc3f9ee8f48a9cf3311243c4b3bd2908f1c9dd1bdbf8c8b00633755b35f68ee881d3e0172274570df8a20edb1f94aa5bb055aad1ec5926540b538bc1d8b254cd920014df44f395260a4a77e4223d5c7653124083fddcd797f7a064eee6b96eaf5aee631fbabb0cbe17e7025f50f8e6b39dc52a43d9655e01ebf5569809de42dbe4f56f231c3581e57825004d7f88456da5712aae95db820cb016675b665e1f0721872bde2b4782d02ce0a414e5b7d931e79be4ada0846e825b3a7a3a758fe033ae4ce25ff2a0d169da551faf5090e7806c65ca8b4e18ffe757ba7781987629a662fa0d4727cf26f57b88d6b586b12d337f49451a5945684a3d7f500ac31c24d25baa2ad0965342688f48cd012ed65ceb3a694866dfc5318da5243884fca83fa6ee8abc9473867343aed00d31010895f2fcc28803a8c026fc32a6d668883d03b992cbbb8c2b8cca0fb602ce846cf48cbdcb572e3b5833986e5927aaed5399eedd8652da0b60598623f9bf79ebef4fbb79480d0403805e16ba202cbcd28491f26694af301d7f2e292e4e675bffd9effdad3a65b0c9a4a59b1131d5e0bb131c36450871de7cfa4da4dc042d6641783554040b88d12be42e50e13b1e2631b1b701914f567e143353aa5dc9a7b89ba2e7d986ca2233de811d34d22f2148647c283fe43da99ca8cd698d85f985caaefab274f0dc4518c06c2255f26d717a82b22448d38f4e0745b489e78c3d33b9daa45b9a1b2f38c3a91a120dc2c668692b1c66a9c44b7e8d08668d1fec6fb7eaa682bb5fb727a2afedea479ac2140bebd9cbea0c2db7b69f72479a88924db6eff49d15b2163457cd94d85824c92d4eb7a3571aa348ed6a3012b5e526c980acfc6eaa8ca2e0a7636ea5f439099c676f1abfd27e384d4d28243687e76c0f6c2f07cc773eeda2cc4f711c7695822471da2924a22ead9fad5f3505bd39dba56ba9ca12f87f92895748f5dc49c1e59c8c791c5d0ad6e4aef27e989be6e0ec78d84d6d872a987a9f66799a477981658653103fc269e5b3ce8c2955400412f2bd073f7eb7fcc195d555685822845f663d9c60d130fd19c9a68808233407ef0272d30186604a8b66207f73fbb7ca231c32b6a76e2f6a848f48681188b649eb7bd827e607c9bbf3f7062a1609db21667477a6d749832cbc51b2b124e9c7bd114d165aeac1729af91d8b670cc0e8c7afe4c601adb1b310c1e80db06f2863f82ac0a411ea4fe679b405eda225c11fe7f772cbedb921e916ea23816b5407e23c677cb87c64a02bb87861250fd52bdcf6aed39eb6328780097ae8707e77cbac9940953827306e86193eec78f6cb8a9d3955a834cd16871dbcd75d28dc21446625cff5df5bf6550b9cc6402cbc068228ea0dab0c95852ff2192d0f1f3e96970975a2bfa3edaf1009a25782ee244cf2f9f5af342482e7fa91d433169e4733d55270393b7a6b02a24976512dd53f5934076268d04d81093348174c1cb586fd882f1b6470d5da6f330107441b497a9be019d38ebdab09605a83f1ebd824bfc6bec734aeec6dfd7176444591bd3e07c9f555fa0303aa87d56d73a6d3ccacc97e427572bf3c11f9bb88660eaadd174684083275f5fd870c8b056c4d1378416c3f3e37ad07d3d283d85fb49466915b240b41e229d73990b4583e6c05c49628ebaf5763678f312145963724a5bb912cc84c1ca404be19b276eee3c590cc77c9d336ee4072602f28d1b975219a5fb7f48c4ad7489f3f6c5d3e76a63779c5039d44e03d0a10561d073b9d51972106dfdb5ebfa30daef7c7217e16d3b2385ff7303d6952b033c1549fde4d0ae30166bc6dd74d002f2455d5b7f3775fbd206b001043d7f52af85ed1a88afe806dd091db732f113501b070eac3f61a319cf6cb02a772cfebf43cd63bb4da7828475587c13d9d17e94316aadc78dedeb2735e0f3845462b0dfd44fc75e6ac1e35b80f0cf43c10b5360ca89ee1e2b967eae2ea9de34528cf4a521df1de156d1444b1504429a257660a5f9e217f8aa9cd5b8c70f62952801dd2ff0366ed947b85dac95523400d25ac882f134c4542cf075947e68dc9518bf0a014cec5622b9cc6d55d7996aa19ffa456d637f53c1ce1f3a28c0bcdd12358842d03b01be7d8c1de926eafdafa037270bd33b8e3e4c349b32d5b0219774e532a5c3c5e442ffe61dc9cece114c8ee0bb7f69c05dc0611a6656ab7ca5e8f989f2ba335ef2a3521ae5872fc736097bc16c5f0df28935b772daae0998aefa11a09b62abaa46014d8730623d3f489a926e465c9e193610aceacc509fc7a6c161861726a697c4225478b712828c47bd477ae7a326066153a06efef565d041bc27b29a8e441611964cc51fc78f22705d75de108e91dd0db9cd785b7a836ad3878e969162d4efe7a9f7cfc2011911e2e24211c7573cd0217117569e909719d11c0097b68220ade4f5e3f0e576d57e2c3950fd58433261abc4c6eb692232270f1e806592ddbf3de1bc7bfe541a836f2ad19052e9a7656dae9acac30f04a98233603d5a2c9d414b2ea053a6970e7c316a3364f8a6fce60fa67f6a6ed45a23db968deac14ea0878fc3504d7db2b86f51782531bd3666432655b876398548fecc176fdecac53d0013535aa87147f4211905abb0fd9acc3c9a27b9192ef46c85c23ebb9e6903715fda2e800d90bb7b81b6336d9fd5571919ecf41fa28beeb2e4893c49c284f93952abf37cdc4f5705d36eedf8ee19c6eaa94c25bed6ae683896fbd29ad5a2dccfd15e41c90775fae0efdbe6e6605f1526933f9daf36e4bae936fa056736a5c2a72b8c987fdcd839f91088e915de0cea164ca99c0321796e93a57f5d608cdcf1fe65127e8d1b982fb537366aa944f7c537d7a255d96618d40ce293d1c0fa913019979cdc87e18320bc99fcb634329823af8e760f83cd431b2b8de50dff4b2403a849d265c93936db2a31bd46382de506bc0306e2841e6db8db792c2e8b5ab90007a145e5d2449423ab32fc7bb8a605d598788f52a08e44a41da542b17a90e3a35e9120dd269f37f8c33b970fcd9b5ae86c32bd9a909b73e666f8279e2cf691908a780b8f473987121d7a1a92b80b2fe4072cdce1abefb6fd609e8169ff998a7c7195f04e72460710a677df9565081bfe7ae9086fedb4d4c699a8959d476d7786bbbd5862f127eef63d767eb84ce11e49e8ad8de038eedace9fca514411c8799b2f2d5e40e9c84041fdb615ddd33f9c6b83dc72cb4b057612b3200abdf83fd6599926be4b4da92919ed1ec47614d2c1e96de9b80df4de8013b8d56b19b7cbe91a445c736cf373b2baf1aaba1f5dfca4673509f5972cb4a3590d5140dbc79dbfc2c6fae4c25d8373883b4aa4fdbfde4460667550dfb0965398cd2d665cb913d3a317e4a730a5462553204f0f76167237e0896e38a0479474911b9fd125f98eeafa70fbf60ee80e4d2c56b8714dd0ea2df7d4b1cdc30581bfcf11e9918a7182d06ce51a80368a1c36aa1e7aa42d1afc3457b90cbca968a13a739669b69a34cf0c8d5e5518887c7e6f4f4750db023c1dc491a0a7b277047d15a1dac6b3c87ad1da589c94a109bd8746e0a10eb84a332b8f63447b521d17973179d8f889b0b2751b6c3ce21d3cd3c10057018f06f11e5854fcedd9c46d8131631350e8232cadba946814fa8138e9cd187a2441bf80f7c4b60066eef9768e6de2465f70081bab3aeea3cc478782b2c5e4599043bce920be62f699684fbe2975577f6acf1c64f7510e5df80252d8c133b71031c9e49a8f513782318ef32afde96151e0065c0ec23a75e0295bd401da7e709ec3d9e50952de95a6fd76de7a2d55c629a682e7fca789eb35991997a0079aa56a020d654931765869e4746c20c4cec0544f612c1ebefd9f93e8dae9e3489f9afeae2d7883368eb878c01cf0a824f065d6486fef08f9cdad4f09ab36fab18b8f331bf5596bd3a9b5e28478764cf87385a67e2277b7e4bea701f834cac5631ea8d8f1b78eefb9ce74965644510bf0a7879aff972c4e5e96de10ba463bb6956f28a189cea0700dcb037d16a2dbba27c49bb7447585d049705fe62ec52ee23fceaedffc754ddb5a48a5717f3f13d38829d797799b00b429f618fc1d58b39d67538f459d2f453037b93a7c47b01046b6414670e69ce29b66796b7bdfa5fbe79eb0a452fc9b25ba0b67a2abe91ef301b57dd77df003b4aca611a15ca0e2393bfea0dd02734b80a6daece951aae9f847375b327297696a1e5d0519704e8ba51266ea22e1a35fd74291f6dd2801207a3178bd31b69d7f52711221882874b62bd8b7721dbc8eb9bcbff226c58100d66e3c7c705ba11cac80caeea4169bfc04af00692f1ea421225092b41915600db5de32679e913e41a752c3bec55bd2ec6ecdce895ff7cfeada9a686b23277eb76dbd3f33ab1003683d961a42e823a012b7ab98426da53cc5fcc0b9fbd8d4a46280e2467a704886d88625ff5076b5e2539c7ce7958880d926808d1f0c7ef305d5e1c635cecb66df2dc15bf2ebcb224f76c9e9fa13cebb6ab1a51dd9601d7ad269d91b895480f603c304b6d1f5f90a6ff371a1a5c699d768c0acedd56a09083bc5f0a063b1552047d18fb078f7e94ae154fdc2ba7aee6b643b7c03fa6f94884bff42b6a3fcc83c02e7006d997d07d60784d52255afe85cf48f8289a550a8c8869f5231582e7d9bc33e75b66448de5c5e9a97", 0x1000}, {&(0x7f0000001300)="21db5dae81f6b141470efa10692473cf29846e054d410e8f53acfe3af79827d2029c3f6cb92b8851763e1cefdc17f1beef363f3ed9e393361972302aed676fcac2de2bf8c1a86ac4f8caa7188804a40cc714235f3db3a578a3d9cdd92c4646642249393d6775dfcdc40d0b27a5a86c8e1c227f7152ceebb5eb8ead4b10975ba5f66cf0adcd3168beee4838f1518311bfae86ffe03776664abf03a89898bc5a580260f37910df10199b6b89ae074529ce9e315003c16117cc82052593798d08b6409abd7617c0e73231659192654378fbc15e51001d17", 0xd6}], 0x4, 0x0, 0x0, 0x1}, 0x4000080)
keyctl$join(0x1, 0x0)
faccessat(0xffffffffffffffff, 0x0, 0x0)
dup(0xffffffffffffffff)
keyctl$read(0xb, r1, &(0x7f00000014c0)=""/159, 0x9f)

03:48:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:17 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x0, &(0x7f0000001b00))
r0 = msgget(0x1, 0x100)
msgsnd(r0, &(0x7f0000000080)={0x3, "0085e27e2345b635fb143681fc0987de1bd6a58d7ef04075b1288790b3177d39359e36c3f13a3a57b830fc8d5c71b9d0deae90e606f7b6338908f89268a6d52fb7c7515685776db9364ea3282ed9247ecaf9df9359c8d39724a4f03107b94c0ec91f1c6d695daebc29a676bab9462098291f1d1c715d74c8060ea359c0244caee40691db232fd778c64ec87b8586ae2fb7776f0b486c98a82b9ae0ccdc0afa6b845512d36bb8e5c04a0baf9ebffe88a221e54cc411e094e1"}, 0xc0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>r1}, './file0\x00'})
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f0000000180)=']/+}\x00', &(0x7f00000001c0)="3a300ab9e150fe50729a5139ca7d7f3452d419fbfc3cb88d08ddd862b3a22103fdf40f650c1c5a10c4aa1fa2b8596a0e856a36d60fd64f7f00f4589d02f2d8bfa9", 0x41)

[ 1965.983436] No source specified
03:48:17 executing program 7:
membarrier(0x2, 0x0)

03:48:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:27 executing program 5:
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000140), 0x18040)
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000180)={0x2, 0x1, 0x401, 0x0, 0x9})
r1 = semget$private(0x0, 0x4, 0x20)
semctl$SETALL(0x0, 0x0, 0x11, &(0x7f0000000100)=[0x80, 0x7, 0x6])
semtimedop(r1, &(0x7f0000000040)=[{0x3, 0x22b}, {0x4, 0x3, 0x800}, {0x4, 0x1, 0x1000}], 0x3, &(0x7f00000000c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r2 = fsopen(&(0x7f0000000080)='selinuxfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r2, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:48:27 executing program 4:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fdatasync(0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x1, &(0x7f0000000000))

03:48:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x80000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:27 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
chdir(&(0x7f0000000940)='./file0\x00')
r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r2, 0x0, 0x20, 0x0, &(0x7f0000001180))
recvfrom(r2, &(0x7f0000002480)=""/161, 0xa1, 0x20, 0x0, 0x0)
setfsuid(r0)
r3 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
recvfrom(r2, &(0x7f00000026c0)=""/4096, 0x1000, 0x40000060, &(0x7f0000000980)=@alg={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha512\x00'}, 0x80)
faccessat(0xffffffffffffffff, 0x0, 0x0)
r4 = add_key$fscrypt_provisioning(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000100)=ANY=[@ANYBLOB="02000000000000006161616161616161616161616161616161616161616161616161451a094fcb07b5fad42d44e874616161616161310431313131313131313131313131d8f53131"], 0x48, r3)
r5 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r3)
r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mount$9p_rdma(&(0x7f0000000240), &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0), 0x2000000, &(0x7f0000000300)={'trans=rdma,', {'port', 0x3d, 0x4e20}, 0x2c, {[{@timeout={'timeout', 0x3d, 0x2}}, {@timeout={'timeout', 0x3d, 0x3}}, {@common=@dfltgid={'dfltgid', 0x3d, r1}}, {@common=@access_uid={'access', 0x3d, r0}}, {@sq={'sq', 0x3d, 0x7}}], [{@fowner_eq={'fowner', 0x3d, r0}}]}})
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r7=>0x0}, 0x1100)
recvmmsg$unix(r6, &(0x7f0000002240)=[{{&(0x7f0000000400)=@abs, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000480)=""/130, 0x82}], 0x1, &(0x7f0000000580)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f00000005c0), 0x6e, &(0x7f0000000740)=[{&(0x7f0000000640)=""/239, 0xef}], 0x1, &(0x7f0000000780)=[@cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x100}}, {{&(0x7f0000000880), 0x6e, &(0x7f0000000d40)=[{&(0x7f0000000900)=""/15, 0xf}, {&(0x7f0000002540)=""/171, 0xab}, {&(0x7f0000000a00)=""/188, 0xbc}, {&(0x7f0000000ac0)=""/134, 0x86}, {&(0x7f0000000b80)=""/245, 0xf5}, {&(0x7f0000000c80)=""/177, 0xb1}], 0x6, &(0x7f0000000dc0)=[@cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000000ec0)=@abs, 0x6e, &(0x7f0000001480)=[{&(0x7f0000000f40)=""/13, 0xd}, {&(0x7f0000000f80)=""/174, 0xae}, {&(0x7f0000001040)=""/10, 0xa}, {&(0x7f0000001080)=""/152, 0x98}, {&(0x7f0000001140)=""/77, 0x4d}, {&(0x7f00000011c0)=""/193, 0xc1}, {&(0x7f00000012c0)=""/250, 0xfa}, {&(0x7f00000013c0)=""/152, 0x98}], 0x8, &(0x7f0000001500)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c, 0x1, 0x2, {0x0, <r8=>0x0}}}], 0xb8}}, {{&(0x7f00000015c0), 0x6e, &(0x7f0000001880)=[{&(0x7f0000001640)=""/82, 0x52}, {&(0x7f00000016c0)=""/212, 0xd4}, {&(0x7f00000017c0)=""/62, 0x3e}, {&(0x7f0000001800)=""/103, 0x67}], 0x4, &(0x7f00000018c0)=[@cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x90}}, {{&(0x7f0000001980), 0x6e, &(0x7f0000001a80)=[{&(0x7f0000001a00)=""/97, 0x61}], 0x1, &(0x7f00000036c0)=ANY=[@ANYBLOB="2c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="0000000014000000000000000100000001000000", @ANYRESDEC=r1, @ANYBLOB="0000000030000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32=r3, @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="1c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000001000000", @ANYRES32, @ANYRES32, @ANYRES32, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000001c0000000000000001de1c0002000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00'], 0x118}}, {{&(0x7f0000001c00)=@abs, 0x6e, &(0x7f0000001e80)=[{&(0x7f0000001c80)=""/11, 0xb}, {&(0x7f0000001cc0)=""/248, 0xf8}, {&(0x7f0000001dc0)=""/103, 0x67}, {&(0x7f0000001e40)=""/46, 0x2e}], 0x4, &(0x7f0000001ec0)=[@rights={{0x34, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xd8}}, {{&(0x7f0000001fc0)=@abs, 0x6e, &(0x7f0000002100)=[{&(0x7f0000002040)=""/148, 0x94}], 0x1, &(0x7f0000002140)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x100}}], 0x8, 0x2, &(0x7f0000002440)={0x77359400})
setresuid(r7, r8, r0)
keyctl$search(0xa, r4, &(0x7f0000000080)='ceph\x00', &(0x7f0000000180)={'syz', 0x3}, r5)

03:48:27 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:48:27 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 2)
rmdir(&(0x7f0000000380)='./file0\x00')

03:48:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:48:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xffffffffffffff01, &(0x7f0000000140)=0x1)
io_setup(0xffff, &(0x7f0000000080))
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xbd1f, 0x932, &(0x7f0000000180)=0x1)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)='rw\x00', &(0x7f0000000100)='rw\x00', 0x0)

[ 1975.612487] No source specified
[ 1975.619915] No source specified
03:48:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0) (fail_nth: 1)

03:48:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

03:48:27 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0) (fail_nth: 1)

03:48:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f00000000c0)='befs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='rw\x00', &(0x7f0000000100)='r\x87\x00\x12\x02\x96\x83B\xdb\xc2$\x8f}\x13\xd86L\x9c\xe7\x1c;\xc2t\x1f0\xa8\x1d%\xbdu\x9d\x80\n\x02 v\xdahB\t_=&$\x8dd\xdfW\x8e\xa8K\xd0\xa7\x89Q\x90X\x84\xe5`\xce\x9eA\xf8\x9eSI\x8b\xcb\xac5\\Ko3\xa5T\x87\xf0G\r\x80H\x855\a\xf5\x9a\xe8\xd5%\x01E\xc4\r\xdb@\xc4\xf5\xd6\xf9n\xe1\xebTWz\x14.[\x9f#\xc1\f\xf1B9)\x18-\xfd\x9c9k\x8e\x92\x01\xec\xc6\xc9<b\xc0\x8cU\x00\xe1\xaaH\x9d\xd4\xf2\xb2&)\x85\xc0X\x9c\xe5z4\xdeJ\xfe\xc4\x1e\x0e\xd0\xf2\xae\x04.\x97\xd6+\x8b\x83\x1b\xb4\xe0\xca\xa2\xd9\xd1\r\x83\aL\x1e\xeek\a\xf7\x02\xe9\xc84\xe0\x83\x93\xd4\xb6K|\xc9M\x86\x83(<\xbc\xf4.\xec\xd5<8\xb3M\xf5\xb4Ow.~E\x1a6 h\x8f\xd2\xcde\b\xdb\x8a\'!\x12\xa8\x16\x0e\x9b\x83\x10\xb4\xc2\xa0\x94\xda\x83\xbe-\xbe\x1d\x99\xe4cb\xc8\xc9\x12\xa2\xb7\x02B\x10\xc3\x11\xb9\\\xe1\xc1\xb9\xba\xcf\x89\x9c\x19\xcb\xc2\f\xe5.4,\xb7\x95\x16\x1d%c\xfcg\xc7b\xa1f\xf06\xfb\xaf\xaf45\xcc\x8e3\x1c\f?\x11\x02G\x88;\xdf', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:48:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xe0ffff, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1975.707771] FAULT_INJECTION: forcing a failure.
[ 1975.707771] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1975.709611] CPU: 1 UID: 0 PID: 15564 Comm: syz-executor.2 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1975.709648] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1975.709661] Call Trace:
[ 1975.709669]  <TASK>
[ 1975.709678]  dump_stack_lvl+0xfa/0x120
[ 1975.709713]  should_fail_ex+0x4d7/0x5e0
[ 1975.709741]  _copy_to_user+0x32/0xd0
[ 1975.709775]  simple_read_from_buffer+0xe0/0x180
[ 1975.709808]  proc_fail_nth_read+0x189/0x270
[ 1975.709846]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1975.709882]  ? security_file_permission+0x22/0x90
[ 1975.709909]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1975.709944]  vfs_read+0x1eb/0xbe0
[ 1975.709985]  ? __pfx_vfs_read+0x10/0x10
[ 1975.710021]  ? lock_release+0xc8/0x290
[ 1975.710051]  ? __fget_files+0x20d/0x3b0
[ 1975.710095]  ksys_read+0x121/0x240
[ 1975.710129]  ? __pfx_ksys_read+0x10/0x10
[ 1975.710161]  ? syscall_user_dispatch+0x78/0x140
[ 1975.710194]  do_syscall_64+0xbf/0x360
[ 1975.710226]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1975.710250] RIP: 0033:0x7f2999ff169c
[ 1975.710267] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1975.710309] RSP: 002b:00007f29975b4170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1975.710331] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f2999ff169c
[ 1975.710347] RDX: 000000000000000f RSI: 00007f29975b41e0 RDI: 0000000000000003
[ 1975.710361] RBP: 00007f29975b41d0 R08: 0000000000000000 R09: 0000000000000000
[ 1975.710374] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1975.710388] R13: 00007ffc6d2f552f R14: 00007f29975b4300 R15: 0000000000022000
[ 1975.710420]  </TASK>
03:48:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

03:48:27 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 3)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1975.792790] FAULT_INJECTION: forcing a failure.
[ 1975.792790] name failslab, interval 1, probability 0, space 0, times 0
[ 1975.794889] CPU: 1 UID: 0 PID: 15572 Comm: syz-executor.4 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1975.794921] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1975.794935] Call Trace:
[ 1975.794943]  <TASK>
[ 1975.794951]  dump_stack_lvl+0xfa/0x120
[ 1975.794987]  should_fail_ex+0x4d7/0x5e0
[ 1975.795015]  should_failslab+0xc2/0x120
[ 1975.795038]  __kmalloc_cache_noprof+0x73/0x470
[ 1975.795069]  ? find_held_lock+0x2b/0x80
[ 1975.795104]  ? key_user_lookup+0x16b/0x560
[ 1975.795137]  ? key_user_lookup+0x196/0x560
[ 1975.795174]  ? key_user_lookup+0x196/0x560
[ 1975.795204]  ? _raw_spin_unlock+0x1e/0x40
[ 1975.795242]  key_user_lookup+0x196/0x560
[ 1975.795275]  ? __pfx_key_user_lookup+0x10/0x10
[ 1975.795311]  ? security_capable+0x2f/0x90
[ 1975.795350]  keyctl_chown_key+0x32b/0xc00
[ 1975.795377]  ? __pfx_ksys_write+0x10/0x10
[ 1975.795419]  __do_sys_keyctl+0xaa/0x5b0
[ 1975.795448]  do_syscall_64+0xbf/0x360
[ 1975.795479]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1975.795504] RIP: 0033:0x7fbf78141b19
[ 1975.795521] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1975.795544] RSP: 002b:00007fbf756b7188 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa
[ 1975.795567] RAX: ffffffffffffffda RBX: 00007fbf78254f60 RCX: 00007fbf78141b19
[ 1975.795583] RDX: 000000000000ee00 RSI: 00000000001595c5 RDI: 0000000000000004
[ 1975.795598] RBP: 00007fbf756b71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1975.795612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1975.795626] R13: 00007ffcfd21cfaf R14: 00007fbf756b7300 R15: 0000000000022000
[ 1975.795665]  </TASK>
[ 1975.838066] No source specified
03:48:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, 0x0)
membarrier(0x2, 0x0)

[ 1975.845820] No source specified
03:48:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:48:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000080)='efivarfs\x00', 0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:48:37 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x5}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:48:37 executing program 3:
ioctl$SG_GET_NUM_WAITING(0xffffffffffffffff, 0x227d, &(0x7f0000000000))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x6000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:48:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x1000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:37 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0) (fail_nth: 2)

03:48:37 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 4)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 1985.213995] No source specified
03:48:37 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0) (fail_nth: 3)

[ 1985.229353] No source specified
03:48:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x78b7, 0xf2c2, &(0x7f0000000000)=0x1)
membarrier(0x2, 0x0)

[ 1985.271052] FAULT_INJECTION: forcing a failure.
[ 1985.271052] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1985.272288] CPU: 0 UID: 0 PID: 15613 Comm: syz-executor.4 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1985.272305] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1985.272312] Call Trace:
[ 1985.272317]  <TASK>
[ 1985.272322]  dump_stack_lvl+0xfa/0x120
[ 1985.272345]  should_fail_ex+0x4d7/0x5e0
[ 1985.272362]  _copy_to_user+0x32/0xd0
[ 1985.272382]  simple_read_from_buffer+0xe0/0x180
[ 1985.272400]  proc_fail_nth_read+0x189/0x270
[ 1985.272420]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1985.272438]  ? security_file_permission+0x22/0x90
[ 1985.272453]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1985.272471]  vfs_read+0x1eb/0xbe0
[ 1985.272492]  ? __pfx_vfs_read+0x10/0x10
[ 1985.272510]  ? lock_release+0xc8/0x290
[ 1985.272526]  ? __fget_files+0x20d/0x3b0
[ 1985.272549]  ksys_read+0x121/0x240
[ 1985.272566]  ? __pfx_ksys_read+0x10/0x10
[ 1985.272588]  do_syscall_64+0xbf/0x360
[ 1985.272605]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1985.272619] RIP: 0033:0x7fbf780f469c
[ 1985.272633] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1985.272645] RSP: 002b:00007fbf756b7170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1985.272657] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbf780f469c
[ 1985.272665] RDX: 000000000000000f RSI: 00007fbf756b71e0 RDI: 0000000000000004
[ 1985.272673] RBP: 00007fbf756b71d0 R08: 0000000000000000 R09: 0000000000000000
[ 1985.272680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1985.272687] R13: 00007ffcfd21cfaf R14: 00007fbf756b7300 R15: 0000000000022000
[ 1985.272703]  </TASK>
[ 1985.293137] FAULT_INJECTION: forcing a failure.
[ 1985.293137] name failslab, interval 1, probability 0, space 0, times 0
[ 1985.294048] CPU: 0 UID: 0 PID: 15614 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1985.294063] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1985.294070] Call Trace:
[ 1985.294074]  <TASK>
[ 1985.294078]  dump_stack_lvl+0xfa/0x120
[ 1985.294093]  should_fail_ex+0x4d7/0x5e0
[ 1985.294106]  ? alloc_empty_file+0x58/0x1e0
[ 1985.294118]  should_failslab+0xc2/0x120
03:48:37 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000008)

[ 1985.294131]  kmem_cache_alloc_noprof+0x5f/0x470
[ 1985.294148]  ? __is_insn_slot_addr+0x140/0x290
[ 1985.294168]  alloc_empty_file+0x58/0x1e0
[ 1985.294182]  path_openat+0xe0/0x2880
[ 1985.294205]  ? __lock_acquire+0x694/0x1b70
[ 1985.294217]  ? __pfx_path_openat+0x10/0x10
[ 1985.294239]  do_filp_open+0x1e8/0x450
[ 1985.294257]  ? __pfx_do_filp_open+0x10/0x10
[ 1985.294280]  ? find_held_lock+0x2b/0x80
[ 1985.294297]  ? alloc_fd+0x2c1/0x560
[ 1985.294312]  ? lock_release+0xc8/0x290
[ 1985.294326]  ? _raw_spin_unlock+0x1e/0x40
[ 1985.294346]  ? alloc_fd+0x2c1/0x560
[ 1985.294366]  do_sys_openat2+0x104/0x1b0
[ 1985.294393]  ? __pfx_do_sys_openat2+0x10/0x10
[ 1985.294419]  __x64_sys_creat+0xcc/0x120
[ 1985.294437]  ? __pfx___x64_sys_creat+0x10/0x10
[ 1985.294455]  ? __pfx_ksys_write+0x10/0x10
[ 1985.294477]  ? do_syscall_64+0x85/0x360
[ 1985.294493]  do_syscall_64+0xbf/0x360
[ 1985.294508]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1985.294519] RIP: 0033:0x7f2ff44d3b19
[ 1985.294528] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 1985.294539] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 1985.294550] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 1985.294558] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 1985.294565] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 1985.294572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1985.294578] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 1985.294594]  </TASK>
03:48:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:37 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x2000)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
r1 = fsmount(0xffffffffffffffff, 0x1, 0x70)
faccessat(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
read(r2, &(0x7f0000000000), 0x0)
r3 = openat$full(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r1, 0xc0189379, &(0x7f0000000140)={{0x1, 0x1, 0x18, r3}, './file0\x00'})

[ 1985.432919] No source specified
[ 1985.437153] No source specified
[ 1990.255436] Bluetooth: hci0: command 0x0406 tx timeout
03:48:47 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:48:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fchown(r3, r0, r1)
setfsuid(r0)
write$tcp_congestion(r2, 0x0, 0x0)
linkat(r2, &(0x7f00000000c0)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x400)
r4 = perf_event_open$cgroup(&(0x7f0000000180)={0x2, 0x80, 0xf9, 0x0, 0x8, 0x4b, 0x0, 0x101, 0x0, 0x9, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x4, @perf_bp={&(0x7f0000000140), 0xc}, 0x12c00, 0x1, 0xff, 0x5, 0x40000000c7, 0x1, 0x40, 0x0, 0x1, 0x0, 0x5}, r2, 0x7, 0xffffffffffffffff, 0x2)
preadv2(r4, &(0x7f0000000240)=[{&(0x7f0000000200)=""/61, 0x3d}], 0x1, 0x0, 0x692, 0x1)
fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(0xffffffffffffffff, 0x0, 0x0)
r5 = openat$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000080), 0x2, 0x0)
fsconfig$FSCONFIG_SET_FD(0xffffffffffffffff, 0x5, &(0x7f0000000000)='\x00', 0x0, r5)
r6 = add_key$keyring(&(0x7f0000000040), 0x0, 0x0, 0x0, 0xfffffffffffffff8)
newfstatat(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000340), 0x0)
keyctl$search(0xa, r6, &(0x7f0000000280)='ceph\x00', &(0x7f00000002c0)={'syz', 0x0}, r6)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:48:47 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x6}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:48:47 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 5)
rmdir(&(0x7f0000000380)='./file0\x00')

03:48:47 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:48:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xeffffeffffffffff, 0x400000000000002, &(0x7f0000000080))
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000100)=0x20, 0x4)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x480, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x4, @empty, 0x9}, 0x1c)
membarrier(0x2, 0x0)

03:48:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x3000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:48:47 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='ocfs2\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = pidfd_getfd(0xffffffffffffffff, r0, 0x0)
fsmount(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000180)='hfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
ioctl$BTRFS_IOC_QUOTA_CTL(r2, 0xc0109428, &(0x7f0000000080)={0x1, 0x6})
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
ioctl$CDROM_LOCKDOOR(0xffffffffffffffff, 0x5329, 0x1)
ioctl$LOOP_SET_FD(0xffffffffffffffff, 0x4c00, r3)

03:48:47 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0) (fail_nth: 1)

[ 1995.925678] No source specified
[ 1995.935101] No source specified
03:48:47 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:48:47 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000000)=<r1=>0x0)
setfsuid(r1)

03:48:47 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x4000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 1996.040131] FAULT_INJECTION: forcing a failure.
[ 1996.040131] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1996.041855] CPU: 1 UID: 0 PID: 15657 Comm: syz-executor.7 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 1996.041884] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 1996.041897] Call Trace:
[ 1996.041904]  <TASK>
[ 1996.041912]  dump_stack_lvl+0xfa/0x120
[ 1996.041945]  should_fail_ex+0x4d7/0x5e0
[ 1996.041972]  _copy_to_user+0x32/0xd0
[ 1996.042004]  simple_read_from_buffer+0xe0/0x180
[ 1996.042034]  proc_fail_nth_read+0x189/0x270
[ 1996.042067]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1996.042099]  ? security_file_permission+0x22/0x90
[ 1996.042124]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 1996.042155]  vfs_read+0x1eb/0xbe0
[ 1996.042191]  ? __pfx_vfs_read+0x10/0x10
[ 1996.042223]  ? lock_release+0xc8/0x290
[ 1996.042249]  ? __fget_files+0x20d/0x3b0
[ 1996.042288]  ksys_read+0x121/0x240
[ 1996.042318]  ? __pfx_ksys_read+0x10/0x10
[ 1996.042347]  ? syscall_user_dispatch+0x78/0x140
[ 1996.042376]  do_syscall_64+0xbf/0x360
[ 1996.042404]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1996.042425] RIP: 0033:0x7f6f2c8c869c
[ 1996.042441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 1996.042461] RSP: 002b:00007f6f29e8b170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 1996.042480] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f6f2c8c869c
[ 1996.042509] RDX: 000000000000000f RSI: 00007f6f29e8b1e0 RDI: 0000000000000003
[ 1996.042522] RBP: 00007f6f29e8b1d0 R08: 0000000000000000 R09: 0000000000000000
[ 1996.042534] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1996.042546] R13: 00007ffdb190099f R14: 00007f6f29e8b300 R15: 0000000000022000
[ 1996.042574]  </TASK>
03:48:48 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x2, r0, 0xee00, 0x0)

03:48:48 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:48:48 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
migrate_pages(0x0, 0x1, &(0x7f00000000c0)=0x40, &(0x7f0000000080)=0xfffffffffffffffd)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0xa, &(0x7f0000000000))
membarrier(0x1, 0x0)
membarrier(0x0, 0x0)

[ 1996.263916] No source specified
[ 1996.394561] No source specified
03:49:03 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
getpid()
r0 = fsopen(&(0x7f0000000040)='nfs\x00', 0x0)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000080)=<r1=>0x0)
pidfd_open(r1, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x7d, &(0x7f00000000c0)=0x1)

03:49:03 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x7}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:49:03 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 6)
rmdir(&(0x7f0000000380)='./file0\x00')

03:49:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffb, 0x80000000, &(0x7f0000000040))
r0 = msgget$private(0x0, 0x0)
msgrcv(r0, &(0x7f00000010c0)={0x0, ""/4098}, 0x100a, 0x3, 0x7000)
membarrier(0x2, 0x0)

03:49:03 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x3, r0, 0xee00, 0x0)

03:49:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x5000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:03 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
membarrier(0x2, 0x0)
socket$nl_xfrm(0x10, 0x3, 0x6)

03:49:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r0)
setfsuid(r1)
setxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@random={'user.', '#\xe5,]\x80'}, &(0x7f0000000080)='syz', 0xffffffffffffff25, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
fchown(0xffffffffffffffff, r1, r4)

[ 2011.295888] No source specified
[ 2011.301596] No source specified
03:49:03 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)
membarrier(0x10, 0x0)
membarrier(0x40, 0x0)
membarrier(0x10, 0x0)

[ 2011.361091] FAULT_INJECTION: forcing a failure.
[ 2011.361091] name failslab, interval 1, probability 0, space 0, times 0
[ 2011.363102] CPU: 0 UID: 0 PID: 15706 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2011.363135] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2011.363149] Call Trace:
[ 2011.363156]  <TASK>
[ 2011.363165]  dump_stack_lvl+0xfa/0x120
[ 2011.363201]  should_fail_ex+0x4d7/0x5e0
[ 2011.363229]  ? security_file_alloc+0x35/0x130
[ 2011.363253]  should_failslab+0xc2/0x120
[ 2011.363276]  kmem_cache_alloc_noprof+0x5f/0x470
[ 2011.363309]  ? __create_object+0x59/0x80
[ 2011.363342]  security_file_alloc+0x35/0x130
[ 2011.363367]  init_file+0x95/0x4c0
[ 2011.363392]  alloc_empty_file+0x76/0x1e0
[ 2011.363419]  path_openat+0xe0/0x2880
[ 2011.363464]  ? __lock_acquire+0x694/0x1b70
[ 2011.363490]  ? __pfx_path_openat+0x10/0x10
[ 2011.363534]  do_filp_open+0x1e8/0x450
[ 2011.363569]  ? __pfx_do_filp_open+0x10/0x10
[ 2011.363616]  ? find_held_lock+0x2b/0x80
[ 2011.363658]  ? alloc_fd+0x2c1/0x560
[ 2011.363690]  ? lock_release+0xc8/0x290
[ 2011.363717]  ? _raw_spin_unlock+0x1e/0x40
[ 2011.363756]  ? alloc_fd+0x2c1/0x560
[ 2011.363796]  do_sys_openat2+0x104/0x1b0
[ 2011.363823]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2011.363862]  __x64_sys_creat+0xcc/0x120
[ 2011.363890]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2011.363918]  ? __pfx_ksys_write+0x10/0x10
[ 2011.363959]  ? do_syscall_64+0x85/0x360
[ 2011.363990]  do_syscall_64+0xbf/0x360
[ 2011.364021]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2011.364045] RIP: 0033:0x7f2ff44d3b19
[ 2011.364063] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2011.364085] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2011.364108] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2011.364123] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2011.364137] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2011.364151] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2011.364165] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2011.364195]  </TASK>
03:49:03 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x5, r0, 0xee00, 0x0)

03:49:03 executing program 2:
sendmsg$NL80211_CMD_PROBE_MESH_LINK(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000), 0xc, &(0x7f0000000240)={&(0x7f0000000040)={0x1dc, 0x0, 0x20, 0x70bd28, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_FRAME={0x15d, 0x33, @mgmt_frame=@beacon={@with_ht={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_b, @random="cdab754d59dd", {0x8, 0x2}}, @ver_80211n={0x0, 0x38f4, 0x1, 0x1, 0x0, 0x1, 0x1}}, 0xfb, @default, 0x1010, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x3, [{0x2, 0x1}, {0x1b, 0x1}, {}]}, @val={0x3, 0x1, 0x1}, @val={0x4, 0x6, {0x40, 0x3b, 0x3ff, 0x5}}, @void, @void, @val={0x25, 0x3, {0x0, 0x34, 0x5}}, @void, @val={0x3c, 0x4, {0x0, 0x8, 0x70, 0x9}}, @val={0x2d, 0x1a, {0x1000, 0x0, 0x7, 0x0, {0x100, 0x4, 0x0, 0x80, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x400, 0x1, 0x1f}}, @val={0x72, 0x6}, @val={0x71, 0x7, {0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, 0x5, 0x40}}, @void, [{0xdd, 0xdf, "6c61fab8e8580610f37367cd7e59596fd252f5e0fd3719cd8412b6209b4e90c60e34d85a128e725e4a43503f21d2ee247210967d8d5df5b877b33d03a5589c9f657253a252a9b80c660469b363617d5bb24d2ba7ddb2e9d23a587a318dce4460d041f3ee3499ba71521e6fb2a30a2065c6c6f96a727b7d7d292630a07062140896526905fb823c37a6b5a5c0b08aa1ad9310cd2b9012a3f61d4b59fb958a437dfe656d393899cc1ee89d9eecdca91e3146e6459f12ee1d45afee010f95dc3c57de7b40b6ecbf18ec7d36066517afbc79f4b78053d147b708078ea802cd62c5"}]}}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x7f}, @device_b}}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_FRAME={0x34, 0x33, @mgmt_frame=@deauth={@with_ht={{{0x0, 0x0, 0xc, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {0x7}, @device_a, @device_b, @initial, {0x6, 0x2}}, @ver_80211n={0x0, 0x6, 0x0, 0x1, 0x0, 0x1}}, 0x14, @val={0x8c, 0x10, {0xc29, "46da4d8a1678", @short="265a8c50e8085681"}}}}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@pspoll={{}, @random=0x4, @random="79d990d3986e"}}]}, 0x1dc}, 0x1, 0x0, 0x0, 0x24008000}, 0x4000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:49:03 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x6000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:03 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
fchmodat(r1, &(0x7f0000000000)='./file0\x00', 0x100)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

[ 2011.506584] No source specified
[ 2011.514253] No source specified
03:49:03 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0xffff, &(0x7f0000000000)=0x1)

03:49:03 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
membarrier(0x2, 0x0)

03:49:12 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x8}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:49:12 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x0, &(0x7f0000001b00))
memfd_create(&(0x7f0000000100)='0%\xe4\xbe-CC\x9eX\x82u\f\x8e\xd6\x8ao\xbfY\x01\x80\x8dW\xe0\xdaq\xb4\xbf\xd9\x87\x8c!\xb0|\bf\"\x17\xe4\xc4_\xbc\x8a2\xf9-N\xa9c\xb2\xc8\xa9;\xaa\x85zQ<\xa4\xc5\x11Fxw\xc3\xb1\x1eI\xbb\xa0\x02,m\x12&\xa3u2#B}\n~G*\x17\xcc\x82\x04f\x9c2\x01\x04\xe1\xd8yK\xf9\x8fr\xe8\xa33\xee\xcbEC\xbc9\xd1\xf2\a\xb0\x9d\xd6g\xe0\xbeB\xe2\x84\x89\xf7\x84QN;{\xa3Y<\xfd\xb3\xc4m&v0G\x9dB\xd3\xb8N\x97\x1c\xf3\xa8\x00\t\xd6>xbH7\x1ey <\xac\x00'/173, 0x1)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000200), 0x105000, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
dup2(r1, r2)
write$tcp_congestion(r0, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0xc0b80, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r0, 0x40182103, &(0x7f0000000080)={0x0, 0x0, r3, 0xffffffdc, 0x80000})
r4 = fsopen(&(0x7f00000001c0)='cpuset\x00', 0x1)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000240)='bV\x84\x00', &(0x7f0000000280)='\'\x00', 0x0)
r5 = fsmount(r0, 0x0, 0x2)
mq_getsetattr(r5, &(0x7f00000002c0)={0x4, 0x4, 0x5, 0xff}, &(0x7f0000000300))
fsconfig$FSCONFIG_SET_FLAG(r4, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:49:12 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xcb9, 0xfffffffffffffffd, &(0x7f0000000040))
membarrier(0x2, 0x0)
msgget(0x0, 0x11)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000001, 0x2, &(0x7f0000000000))

03:49:12 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r0, 0x0, 0x20, 0x0, &(0x7f0000001180))
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x1d, &(0x7f0000000000)=0x7fff, 0x4)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
pread64(r1, &(0x7f0000000040)=""/4096, 0x1000, 0x5308)

03:49:12 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 7)
rmdir(&(0x7f0000000380)='./file0\x00')

03:49:12 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
execve(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)=[&(0x7f0000000040)='{`#\x00', &(0x7f0000000080)='keyring\x00', &(0x7f0000000100)='$\x00'], &(0x7f0000000300)=[&(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)='keyring\x00', &(0x7f0000000200)='keyring\x00', &(0x7f0000000240)='keyring\x00', &(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)='*\x00'])
clock_gettime(0x0, &(0x7f0000000440)={<r1=>0x0, <r2=>0x0})
utimes(&(0x7f0000000400)='./file0\x00', &(0x7f0000000480)={{0x77359400}, {r1, r2/1000+60000}})
lsetxattr$security_evm(&(0x7f0000000540)='./file0\x00', &(0x7f0000000580), &(0x7f00000005c0)=@md5={0x1, "99b8c6dee8a5881e590cb25551b28904"}, 0x11, 0x2)
setfsuid(r0)
r3 = add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
fstat(0xffffffffffffffff, &(0x7f00000004c0))
add_key$user(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x2}, &(0x7f00000003c0)="f4e85763952b6bf84d73a30b7782546e53671146319ea96e57f4583b2da1968474342aba43573efea3195c368611b6962d8241bc23a2ebf3", 0x38, r3)
r4 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000600), 0x80000, 0x0)
ioctl$BTRFS_IOC_INO_PATHS(r4, 0xc0389423, &(0x7f0000000680)={0x1ff, 0x8, [0x800, 0x68d, 0x3], &(0x7f0000000640)=[0x0]})

03:49:12 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x7000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:12 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x6, r0, 0xee00, 0x0)

03:49:12 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4000000000bb, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:49:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7d, 0x7, &(0x7f0000000000))
membarrier(0x2, 0x0)
membarrier(0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x100000001, 0x6, &(0x7f0000000480)=[{&(0x7f00000000c0)="6260104a7ee9ce80087ed3e9a486af4ed6820ee55297ad78507fd76b777b835032ce3f9432b0378e091855b87f81ff7582bc14ae9bb2724b88f2390a33a4d7591b94e1efcbc8d05f491e1a4fd2cd90e59fd7b998b2642dab1e0883a93c367fa6a3dfa410f116cbfc20f3a5d25656f31d2483bdcdf0a9c740958fc8702a6b4c3159340ba5ce63f0bc7f0f7e10b6d2c188f36b88aab300a3fc470d22609abfcf0335547d35f57d599005c5df9dc9c80e9dabd329694a9448863f5290e0195de179a8260925fdf538e993c44bbed3c7f5e724126110333126792a886d68826dce8db168d0a39e1ad7a3c3ec0233cb2c095fe0fedea5198ab4", 0xf7, 0x100000001}, {&(0x7f00000001c0)="37f0d762674899d6f9f3a5db399a552bbde55b0eeff432949b6737de9a731682a060dc115eb1204643a3567dc70b4c0581c2bf6935f80dda789007007ce050710e6dbf8b11e9dc631735b53a89ddfc84dfc9bf65", 0x54, 0xfffffffeffffffff}, {&(0x7f0000000240)="a9d3ad8c121e8b58bbb28aa805c3c4b8ac28cb11e0f720", 0x17, 0x80000000}, {&(0x7f0000000280)="9a0a55654b351a1d996a5173cc7efab9c2b6eb87a8fc23c0325b5f783e97f10674263d5042e2f2b6962ff0000f72d7d3e64df77f6092d26dd842b5bec7f52db439114c6a00d3b94af3252761ff73b4e64a48cba62602c06cf3cb525ad79bb7490e002b8edc6bbb585b456f1476622400d3f889f8632026a5fb5d4c3cb01b0857ce30ec672870409ac4b426e8307def492b7f33029a08fcb42489453a7fd63c2c7b2772fa94de7818759892bd4e7d8025671a33624dfc074fe9dd4cd91c43b5865a89756035a2478d34d545ba18", 0xcd, 0x5}, {&(0x7f0000000380)="ab7e04005e1df17ca006ac3dd55ee4f0143e4efc1ff6a5", 0x17, 0xa5}, {&(0x7f00000003c0)="7265b539d10b3161147c3e4709dff60aa613a8587ffd64d41684ca21421cc66a13e7e88d68225d8a7eff22d212de4acc7773c5f41f7c7979c8106481eb13fdf7e8f5471f61b53874a94ba85779892d9c9052a99d69f9365b901e4b21d15e950a37f07d808a88b4f0d129df0017a47dd74bf465b12872dbd06b8d6d78d1016cb3398f6b5e55a35392741121f404084d072d589e7f3500222bd979e316f47a0315d0720588210407b6c84adad1c2d3a53c2898fd359eb84e90f8529d", 0xbb, 0x10000}], 0x2000028, &(0x7f0000000540)={[{@block}, {@check_relaxed}, {@map_normal}, {@gid={'gid', 0x3d, 0xffffffffffffffff}}, {@iocharset={'iocharset', 0x3d, 'macgreek'}}, {@nocompress}, {@iocharset={'iocharset', 0x3d, 'macinuit'}}], [{@func={'func', 0x3d, 'PATH_CHECK'}}, {@uid_eq={'uid', 0x3d, 0xee00}}]})

03:49:13 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)
utime(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x4, 0x527})

[ 2021.123984] loop7: detected capacity change from 0 to 264192
03:49:13 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1000000000000000, 0xffffffffffffffff, &(0x7f0000000000))
membarrier(0x2, 0x0)

03:49:13 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 8)
rmdir(&(0x7f0000000380)='./file0\x00')

03:49:13 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x2)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000001, 0x0, &(0x7f0000000000))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7ff800000, 0xcc, &(0x7f0000000080)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3f, 0x6, &(0x7f00000000c0))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ac, 0x40000009, &(0x7f0000000040))
membarrier(0x2, 0x0)

03:49:13 executing program 3:
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
symlinkat(&(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00')
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x3f7, 0x300, 0x70bd2d, 0x25dfdbff, {0x7, 0x7, './file0', './file0'}, ["", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x200000c5)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:49:13 executing program 2:
io_destroy(0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
membarrier(0x2, 0x0)

[ 2021.434990] FAULT_INJECTION: forcing a failure.
[ 2021.434990] name failslab, interval 1, probability 0, space 0, times 0
[ 2021.435995] CPU: 0 UID: 0 PID: 15779 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2021.436012] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2021.436019] Call Trace:
[ 2021.436027]  <TASK>
[ 2021.436032]  dump_stack_lvl+0xfa/0x120
[ 2021.436055]  should_fail_ex+0x4d7/0x5e0
[ 2021.436071]  should_failslab+0xc2/0x120
[ 2021.436084]  kmem_cache_alloc_lru_noprof+0x73/0x460
[ 2021.436104]  ? finish_task_switch.isra.0+0x206/0x840
[ 2021.436126]  ? __d_alloc+0x31/0xa10
[ 2021.436146]  ? trace_sched_exit_tp+0xc9/0x110
[ 2021.436161]  __d_alloc+0x31/0xa10
[ 2021.436183]  d_alloc_parallel+0x112/0x1330
[ 2021.436199]  ? lock_acquire+0x15e/0x2f0
[ 2021.436212]  ? __d_lookup+0x73/0x490
[ 2021.436226]  ? find_held_lock+0x2b/0x80
[ 2021.436243]  ? __d_lookup+0x255/0x490
[ 2021.436256]  ? __pfx_d_alloc_parallel+0x10/0x10
[ 2021.436270]  ? lock_is_held_type+0x9e/0x120
[ 2021.436287]  ? __d_lookup+0x25f/0x490
[ 2021.436304]  lookup_open.isra.0+0x64f/0x1530
[ 2021.436321]  ? __pfx_rwsem_down_write_slowpath+0x10/0x10
[ 2021.436340]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2021.436365]  ? __pfx_down_write+0x10/0x10
[ 2021.436379]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2021.436396]  path_openat+0xc26/0x2880
[ 2021.436419]  ? __lock_acquire+0x694/0x1b70
[ 2021.436431]  ? __pfx_path_openat+0x10/0x10
[ 2021.436453]  do_filp_open+0x1e8/0x450
[ 2021.436471]  ? __pfx_do_filp_open+0x10/0x10
[ 2021.436495]  ? find_held_lock+0x2b/0x80
[ 2021.436512]  ? alloc_fd+0x2c1/0x560
[ 2021.436528]  ? lock_release+0xc8/0x290
[ 2021.436543]  ? alloc_fd+0x2c1/0x560
[ 2021.436564]  do_sys_openat2+0x104/0x1b0
[ 2021.436579]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2021.436599]  __x64_sys_creat+0xcc/0x120
[ 2021.436614]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2021.436628]  ? __pfx_ksys_write+0x10/0x10
[ 2021.436649]  ? do_syscall_64+0x85/0x360
[ 2021.436666]  do_syscall_64+0xbf/0x360
[ 2021.436681]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2021.436695] RIP: 0033:0x7f2ff44d3b19
[ 2021.436704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2021.436716] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2021.436728] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2021.436736] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2021.436743] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2021.436751] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 2021.436758] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2021.436774]  </TASK>
[ 2021.888067] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2021.888838] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 2021.895046] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2021.895575] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 2021.902369] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 2021.902932] Bluetooth: hci6: Opcode 0x0406 failed: -4
[ 2021.907009] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 2021.907537] Bluetooth: hci7: Opcode 0x0406 failed: -4
[ 2021.909222] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2021.912803] Bluetooth: hci4: Opcode 0x0406 failed: -4
[ 2021.916270] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2021.917942] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 2021.924102] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 2021.925423] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 2021.926605] Bluetooth: hci6: Opcode 0x0c1a failed: -4
[ 2021.927441] Bluetooth: hci7: Opcode 0x0c1a failed: -4
[ 2021.928518] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[ 2021.929749] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 2023.421884] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 2023.427900] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 2023.430135] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 2023.438095] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 2023.440939] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 2023.555282] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[ 2023.559099] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[ 2023.560950] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[ 2023.567497] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[ 2023.572578] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[ 2023.980955] Bluetooth: hci2: command 0x0406 tx timeout
[ 2023.980984] Bluetooth: hci4: command 0x0406 tx timeout
[ 2023.981725] Bluetooth: hci7: command 0x0406 tx timeout
[ 2023.981756] Bluetooth: hci6: command 0x0406 tx timeout
[ 2023.981782] Bluetooth: hci5: command 0x0406 tx timeout
[ 2023.981807] Bluetooth: hci3: command 0x0406 tx timeout
[ 2025.453721] Bluetooth: hci0: command tx timeout
[ 2025.644752] Bluetooth: hci1: command tx timeout
[ 2026.028793] Bluetooth: hci3: command 0x0406 tx timeout
[ 2026.028828] Bluetooth: hci5: command 0x0406 tx timeout
[ 2026.029310] Bluetooth: hci6: command 0x0406 tx timeout
[ 2026.030508] Bluetooth: hci7: command 0x0406 tx timeout
[ 2026.030834] Bluetooth: hci2: command 0x0406 tx timeout
[ 2026.031752] Bluetooth: hci4: command 0x0406 tx timeout
[ 2027.501923] Bluetooth: hci0: command tx timeout
[ 2027.693691] Bluetooth: hci1: command tx timeout
[ 2029.549683] Bluetooth: hci0: command tx timeout
[ 2029.743667] Bluetooth: hci1: command tx timeout
[ 2031.597687] Bluetooth: hci0: command tx timeout
[ 2031.788690] Bluetooth: hci1: command tx timeout
[ 2033.320062] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2033.320686] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2033.340233] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2033.340974] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2033.379759] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2033.380391] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2033.387455] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 2033.388182] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 2033.601228] No source specified
[ 2033.602092] No source specified
03:49:35 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 9)
rmdir(&(0x7f0000000380)='./file0\x00')

03:49:35 executing program 3:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(r0, 0x8040942d, &(0x7f0000000000))
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
add_key$keyring(&(0x7f00000000c0), 0x0, 0x0, 0x0, 0xfffffffffffffffe)
faccessat(0xffffffffffffffff, 0x0, 0x0)

03:49:35 executing program 7:
r0 = clone3(&(0x7f00000001c0)={0xc0021800, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1f}, &(0x7f00000000c0)=""/63, 0x3f, &(0x7f0000000280)=""/113, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0], 0x4}, 0x58)
sched_setattr(r0, &(0x7f0000000240)={0x38, 0x6, 0x20, 0x401, 0x7, 0x3, 0x1, 0x6f, 0x2fc3, 0xfe000000}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:49:35 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xb}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:49:35 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x8000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:35 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x7, r0, 0xee00, 0x0)

03:49:35 executing program 2:
membarrier(0x2, 0x0)

03:49:35 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(r1, 0x40046721, &(0x7f0000000080)={r2})

[ 2043.502554] No source specified
[ 2043.514410] No source specified
03:49:35 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(0xffffffffffffffff, 0xc018937c, &(0x7f0000000000)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff, {0x1}}, './file0\x00'})
mknodat$null(r0, &(0x7f0000000040)='./file0\x00', 0x2, 0x103)

03:49:35 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x3, r0, 0xee00, 0x0)

03:49:35 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x8, r0, 0xee00, 0x0)

03:49:35 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:49:35 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9, &(0x7f0000000000))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0xfffffffffffffffe, &(0x7f0000000040)=0x1)
membarrier(0x40, 0x0)

03:49:35 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x9000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:35 executing program 3:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x3, r0, 0xee00, 0x0)

03:49:35 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfdcf, &(0x7f0000000000))
membarrier(0x2, 0x0)
membarrier(0x2, 0x0)

03:49:46 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8001, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:49:46 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:49:46 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 10)
rmdir(&(0x7f0000000380)='./file0\x00')

03:49:46 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xa000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:46 executing program 3:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xeffffeffffffffff, 0x400000000000002, &(0x7f0000000080))
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000100)=0x20, 0x4)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000), 0x480, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e24, 0x4, @empty, 0x9}, 0x1c)
membarrier(0x2, 0x0)

03:49:46 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x1, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x5, 0x45, 0x7fffffff, 0x8, 0x7d, 0x0, 0x6, 0x7f, 0x7}, 0x0)
syz_open_procfs(r0, &(0x7f0000000000)='autogroup\x00')

03:49:46 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x1, &(0x7f0000000100)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x0, &(0x7f00000000c0)=0x1)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
ioctl$EXT4_IOC_ALLOC_DA_BLKS(r1, 0x660c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8000, 0x3, &(0x7f0000000080)=0x1)

03:49:46 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x9, r0, 0xee00, 0x0)

[ 2054.518593] No source specified
[ 2054.523110] No source specified
03:49:46 executing program 2:
bind$inet(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x4e24, @private=0xa010100}, 0x10)
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x81, 0xffffffff, &(0x7f0000000000)=0x10)
r0 = msgget(0x1, 0x4)
msgsnd(r0, &(0x7f0000000080)={0x0, "1901bb7c23026b23a10af5becdb817980dfd642aecf0b165b800008d26912c15fe38db1c9ea6577635f573404c132501082fbfd4516be11d897ca0bf1b16173da59aba9c44e0b7446fbadb0b054944178be21f40c62c956222dba6db1d930d55c11106af573b9e2ca4e5cacee96de65caf318d53b595158f3233460b54f0b03de79aea2f2e6637712eb12aeee6550f701649f44b41622e93bbfb96205ba660e72868f20f2034462553100886ec76da"}, 0xb7, 0x800)

03:49:46 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xb000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:46 executing program 3:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./mnt\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="1000000040000000030000002b00000005000000010000000000000000000000002000000020000010000000000000009f09c75f0000ffff53ef", 0x3a, 0x400}, {&(0x7f0000010100)="000000000000000000000000000000000000000000000000000000005178aedb03", 0x21, 0x7e0}, {0x0, 0x0, 0x8c60}], 0x0, &(0x7f0000010f60))
syz_io_uring_submit(0x0, 0x0, &(0x7f0000000040)=@IORING_OP_NOP={0x0, 0xa}, 0x7)
syz_mount_image$vfat(&(0x7f0000000480), &(0x7f00000004c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000003c40)={[{@fat=@fmask}, {@utf8}]})
r0 = accept4$unix(0xffffffffffffffff, &(0x7f0000000080)=@abs, &(0x7f0000000140)=0x6e, 0x80800)
connect(r0, &(0x7f0000000180)=@nfc_llcp={0x27, 0x1, 0x0, 0x6, 0x5, 0xf8, "117a8458a6178806b82d1eb4faa48fb96e784b5afc4554f3d7ea5e54feff531433a44c144d5eb3ffbfa7110acf833af2419e1e1402e4ea923863005651da6f", 0x3}, 0x80)

[ 2054.616071] No source specified
03:49:46 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xa, r0, 0xee00, 0x0)

03:49:46 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x20, 0x0)

[ 2054.655466] No source specified
03:49:46 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xb, r0, 0xee00, 0x0)

03:49:46 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x10000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:46 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x4, 0x0)
r0 = getpgid(0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffffffffff01, 0xde, &(0x7f00000001c0))
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x1, 0x8, 0x81, 0x7, 0x36, 0x2, 0x7}, 0x0)
sched_setattr(r0, &(0x7f0000000100)={0x38, 0x0, 0x20, 0x4, 0x4a9f, 0x1, 0x6, 0x7, 0x0, 0xa0000}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x8, &(0x7f0000000040)=0x1)
sched_setattr(r0, &(0x7f0000000080)={0x38, 0x3, 0x1, 0x8, 0xffd, 0x9, 0x5, 0x4f, 0x1f, 0x9}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffff, 0x40, &(0x7f0000000200)=0x1)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
syz_open_procfs(r0, &(0x7f0000000000)='fd/3\x00')

[ 2054.790736] FAULT_INJECTION: forcing a failure.
[ 2054.790736] name failslab, interval 1, probability 0, space 0, times 0
[ 2054.792708] CPU: 1 UID: 0 PID: 16773 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2054.792739] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2054.792753] Call Trace:
[ 2054.792760]  <TASK>
[ 2054.792768]  dump_stack_lvl+0xfa/0x120
[ 2054.792802]  should_fail_ex+0x4d7/0x5e0
[ 2054.792829]  should_failslab+0xc2/0x120
[ 2054.792850]  kmem_cache_alloc_lru_noprof+0x73/0x460
[ 2054.792881]  ? look_up_lock_class+0x56/0x150
[ 2054.792907]  ? ext4_alloc_inode+0x28/0x600
[ 2054.792927]  ? __pfx_ext4_getblk+0x10/0x10
[ 2054.792958]  ? __pfx_ext4_alloc_inode+0x10/0x10
[ 2054.792979]  ext4_alloc_inode+0x28/0x600
[ 2054.792999]  ? __pfx_ext4_alloc_inode+0x10/0x10
[ 2054.793018]  alloc_inode+0x67/0x250
[ 2054.793042]  new_inode+0x1e/0x160
[ 2054.793066]  __ext4_new_inode+0x35a/0x4b90
[ 2054.793109]  ? find_held_lock+0x2b/0x80
[ 2054.793142]  ? __dquot_initialize+0x29d/0xcf0
[ 2054.793164]  ? lock_release+0xc8/0x290
[ 2054.793187]  ? __pfx___ext4_new_inode+0x10/0x10
[ 2054.793222]  ? _raw_spin_unlock+0x1e/0x40
[ 2054.793258]  ? __pfx___dquot_initialize+0x10/0x10
[ 2054.793287]  ? d_splice_alias_ops+0x14b/0x830
[ 2054.793318]  ext4_create+0x2e2/0x4e0
[ 2054.793348]  ? __pfx_ext4_create+0x10/0x10
[ 2054.793373]  ? security_inode_permission+0x72/0xe0
[ 2054.793414]  ? __pfx_ext4_create+0x10/0x10
[ 2054.793438]  lookup_open.isra.0+0x10f8/0x1530
[ 2054.793474]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2054.793519]  ? __pfx_down_write+0x10/0x10
[ 2054.793545]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2054.793575]  path_openat+0xc26/0x2880
[ 2054.793617]  ? __lock_acquire+0x694/0x1b70
[ 2054.793647]  ? __pfx_path_openat+0x10/0x10
[ 2054.793689]  do_filp_open+0x1e8/0x450
[ 2054.793722]  ? __pfx_do_filp_open+0x10/0x10
[ 2054.793766]  ? find_held_lock+0x2b/0x80
[ 2054.793797]  ? alloc_fd+0x2c1/0x560
[ 2054.793825]  ? lock_release+0xc8/0x290
[ 2054.793853]  ? alloc_fd+0x2c1/0x560
[ 2054.793891]  do_sys_openat2+0x104/0x1b0
[ 2054.793917]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2054.793955]  __x64_sys_creat+0xcc/0x120
[ 2054.793982]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2054.794007]  ? __pfx_ksys_write+0x10/0x10
[ 2054.794045]  ? do_syscall_64+0x85/0x360
[ 2054.794075]  do_syscall_64+0xbf/0x360
[ 2054.794104]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2054.794127] RIP: 0033:0x7f2ff44d3b19
[ 2054.794144] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2054.794165] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2054.794186] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2054.794201] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2054.794214] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2054.794227] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2054.794240] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2054.794269]  </TASK>
[ 2054.873535] No source specified
[ 2054.901888] No source specified
[ 2054.906555] No source specified
03:49:57 executing program 7:
r0 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:49:57 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x2c}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:49:57 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xc, r0, 0xee00, 0x0)

03:49:57 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x180f0000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x20, 0xfffffdffffffffff, &(0x7f0000000040))
membarrier(0x2, 0x0)

03:49:57 executing program 3:
syz_open_dev$tty20(0xc, 0x4, 0x1)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
ioctl$KDENABIO(r0, 0x4b36)
syz_mount_image$vfat(0x0, 0x0, 0x0, 0x500, &(0x7f0000001500)=[{0x0}], 0x0, 0x0)

03:49:57 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_START_SYNC(r0, 0x80089418, &(0x7f0000000080)=<r1=>0x0)
ioctl$BTRFS_IOC_SUBVOL_CREATE_V2(0xffffffffffffffff, 0x50009418, &(0x7f0000000180)={{r0}, r1, 0x0, @inherit={0x88, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000800000000000000030000000000000001000000ffe90000000000000000000006000000000000004000000000000000010001feffffff0006000000000000000100010000000000810000000000000000000000010000007f0000000000000001800000000000002b00000000000000b0cd0000000000000600000000000000"]}, @name="de08204f281dc7ba99be43b282db79ef1f9984791be4e3a38e86d78ad965660164f92f52c93559210285f971de8483c68ea8fe5c7221261c09172f2540c87c7f40ded1c7e2fe9623805f5970c93f36913ad0550e4158749cc7818feefd729c04b5d8bf198a39482258989f54319fb510af5eb88b0dd11c3d0dcbf4672c6c25856125ab681a1e0f8d318627b5f99130d93522cbc6ab157ef7288549ff876cb4a263d3c3f730557b4ab6cfa62d81a6f52995aa6b96a83b10853f5b40d9811dc62dfecc1b68e1fa72a0b4d2521bf92f849e4814b2c61d000fbd1c151f7466cd2aeeb81cf8178750a320505c2f7eedde7f95c1668de51e5fc4dbb66c377aced0a9ab43a578b3546fb715782d7184fd848486417c06573fc4debf90d9abb23f5f80695cf49aa1a82a36d3ebcca21450702a4b21af647e7757dfdd78762c8bf69caab3a05acf3205982421142c58aab123bcd7dfc10b749cdc1903bb350a0d6d85c4927f64178b3c77ad546409e311ded5f21b7dad67b245fc2012952dd503f92ca939eb1a409160129cbdd9399d4f4f2899a734f1cdc499e20e4fd2106054e3904eceeba6f9e2e698a04abe0845fd97fa0670a934b3aba727bb32608606250b7a2d82013c6f4809eb2e437e6777bb76cc74727f0100ea15b495b5436d3a64c5f70673bf2c1aec89f85733288eb240f9612aa23ac32fefbfc9f196d887399e0545f161604aa40e908b51cc03026eaab77c0c42f285d25c44824bb4459fc8bc8bcfc85c54d2af034a9f6ce35940d0c9b63d0fec335ad2d68fc77f23ccc22ecf6d22b9a373182e6339565c1b1e851670c17b86d063d1ec5f7d0d992c1cfed29d2ff8709ae0ff1134926497b2c2fee88de8e675e32b04dd336f201b3bdb3c94bc7745d65615adff31e89e1e23988e9fb3887df238e2ea76b2b2862fa5d4085ede18cca8d98606b9b0c230068eaf2b8129931a22889e41b43b3a5a3467cb4ef7436f34ffbc48684e3de4f04913cb00db38c5c18bdde0b9c87c1926293c0f73cea3279b51d5972b6a1b092442c63c6a2334f6f5d03c968bf2c60208ef80b8728e39adad038d76fdbb60453a13a8667fb5ba45fa6f860bcce14c49a010902744dbefc77da90a0f0eedb357b622008698bbc1eb106d11700699cc035a5c88f978b43797e12cc8082c725a2732e8cf7ffb401badedb77b0901fe4cc3fd32128755ffe5416a26ca75dc8440cf352212598d83cf22b37fb117e75751f87123288c6eb127ed6950d2d8c6a5865ea5f306087e50e42da290f706792c7788c77b969ac41a955033319393b21c7c4bd6a743d12cb31001d4a3879b927a568ddb34c2c4ba39eeaf58aca2ecb6ccf1b3e7af9971af60d51862507d6aaf1b933a0502df41a003d4646ffa76f7214a288eb6e30275acc21eccc14386c765ef03fe177414d79cbf06c544c3bbe28f6dd85ea252ae88fd702534b41dacc229a96287006d732e6da5c134727c70c37a14ea3877e38ef79f0052bb3cef290b0ff80368ec6b666dc1fd80b9f2842d3d8bf322c45a8d8517acb9ad98c284678c381c322418c9c057b99946619f4e18c5ad0f8ed714c93514f500b6624dac184f4838c8c21be968b2214a0f9fea10d383c6eaa2f064547d685d386865fd56832dab9c354eddc8c0c8374dbe06e645041034dd65cee5e2991cb135db10d70494647f119989e502c342a4cae309726f8487acc60dba248ef6c0ac4721d5253cd7a6caea3b12ce238bd6056cd81aefb8652b6ae1033158289b6de0548c5257a7dd616ed4fdafbe5bb70bd48adaea759aca8c8116b23304a5234058c65320e8cc62fc97cba733930a1efd7f40e05a3371651511678e52d114387409a56a82bf4f5d2a8cf62e1062b3f202c54328ee0d128754752b0127aab2a8d090f5f376892e1ab83051f52ab4da45f8a6e5665a9c50fa644798626c38c02f400d73de40d0255ae4a6fa582ee7a5f17af0e4c7340b58bc273dfc8f7ee51b6f006de2351f0cfb81da1c92edfc4ded4ef51d95cf4a92c55fb0a006c36736ad48bb0952fbacbd614e050e81a06300f86aef1c96774637a17a70e8bfe1ceacf75b51c574ec978823866bdffdbe7ede4d1b6572d4348b25f7159d4c5148e005d42b0927ea997aabe7bede57e169caadefc35f8776a4bf83ea3a8f7deb20d456012de4bfe58caf8efc355d07d7a38d67c769de794775abcc8ab919c8897e8fe22d7ccd5d545942aab1db1530a4a19455b156d877de09d97d36467e75b485e4f364299ec4e310e93193daed437929189cbf8a448f97bb373a4511aa2508b0987c62634368cb1a1a784913240ea92062d9acef9ce5cea850bd41e9d4f89132d011769c907a42a004243463cb1f40647cea4b8830fdee9c28a339390ccd3e574889d304faaeca2e92cef95198cdd22adc31f70502544fb39afbd627fc149c58b52d360c5fefd2f8c4f250f0c2a9b182fcb814aa7d9bd413d7a75ba74c5581ed23d35bb6799ddb3a31e2a925c03a819f26a9c59d6257e6f080bfb0f8f3bbbcb04fad460b749562867bc3184fb9a1177405d71a44d1aea2eefe1e1284e2241492c81c5e8816259b1c9be8a4318403039b4cb26d048239366f49fa0fdc45f633d6fabcf01e372c043160805a98b5537264433fab70fe299fce8584fc1f5b03f5ac2ebec0ffe30ae3b8a3049d42a975cd3c44a39a5fe28449264d8bde5e248b9cfcf2771220f9425050689f1b6c75cb27a29484047862d4a230ad17ab89d9f721680f2f921c1926f0642656bef1695dc2690b23cfcbaae01525cae2c85e99312f3e639d61371275339084c055bacef66dcb405a1eb1fd44b707041dae772ebe382f671728141860d1f41fd22835c3df427e3b102151d30e6d25ccf74159c5c7fee9d5d4f281a7b55292aee20eb506745c20b1471736270b0ca8be1c3d88377882e620fd326b09459b397722a47d63dfe293711538c3faea5a274293fd427dd54ce4a121de772b6dd3b01b31b9ee332760fe84ea8050a6add0c3b44bbae915a07347ba456d902fe4b54e5c81b9592633a68314f5289e782b808f852ebeb60b32f45c1e712068bd37dd8bd0ff67f38fc92d3051a3cdeb98d74b29ce9fe69ae22a510c96f9aea33d46e48c6241f198cc52203904ceb9d7acb0e1279f6b686817710e5be56e86123476fa2f9d14f5ed6c425192180f8dfd1de11e844ec6a929b35f283edcb7f7af2b40e4bc2b39817a966f22b51ab3a0581106fcf998590b350202378b070e151c009d3c00f3c549da2797f2db1accdaf4d6f769ec8d84090acaa3cc114de7547726fa04d19b0e0d0032e8fb7e9e34a7b007de5972e1d2c9f1d2e5cd0667cccbb161d6258b09ebb8be7cfe74728e67bf41ce115d536fcb29acaaf0d7afaccbf6f4e509344b87cc9a748b2d15781ed5893e3fd1d3b46c6e069c7d3bc66ea0727d3ec314471b77295f42ba0fcd410f8c75a3a1f3a72786e0dbaceac2a028ed41c205179c08acaa28379ced548e944c4169adccdc1569105f614c9bc2ff4ef8c5ce9ce28f68852c3cae11dee4ae52fe80cd69967d9c48bb7c731a79093f440a2a2f863f6d3186236a321ff5da01bdc3e12f5a83ce7192d3d6c25a71b7d732e4adcfb97e016b2250564a7493c56b42aed7d9c0fc15c307e2bc23e20b56d555797b04ec6a0987eeace33ed800386e0d6c6b9851bbdd0208ee4a863bbe6b186296c649c010d8d379450a088dd115630816891d9ec0cffbf1824b457d857be84a4680e867f720a40c357e802f20061088f6c3011efff1b2f368c555d2ed0d13367651409384da0b4ad611eb697b60ce3784d83678291d3b89af746cdc1806f36f63ee03a11075a3c2583fce0fd34ac124126d9168b3e860bdf864124c3d619c49dab9d29991822b71ebcab9878042461343206346c7621eedb3eaf2b943d241cdc31fe88ba074096d47226f02e3a63990e8d816c75d8b9600250a04144946e797b671846da1675ad4d4c46f8ead92f1dc009d857b6a60290a8eb8bf62e6a12151b134e90e37f645611cd8a990255ce9ee64067921cd888dd6b4560df13729764bc4631ac492a0992d416fc51daae1203316361f5ac60cd16bd2513f0a8f08a06b162ca51e3cfdcfefb7cb256c14785602172074bf5e610d32913f884bd2ed175d704a3a271803c24e0275c587bae88cb26a1d014872dd4ded1c9f02be4e486735044f8a984e4ea944756732e8db8d7881d62230d2b36dc8138d81ec78ffabfa6def08627672e734e78a92d99d7a52d9ba1e64f8126b653697e0f16637c346b1e686c15f275b0f7e9517132dacc81114515939c28a7f489b8f4d23cf5ac483cf27d2aadd2d63663840285ca7f269d8db33d9201f514ab6d06a3335110b51ace0eaa1ce3a670bd3e556463cc99d4695f320d17f9e7f8cd33e01dd8ff2239964a1f319948cb98eff0fb140e77502cc39e7392cf4bd9d9203336c0403ca37d5821304e0e5f09e5c312e21c21dc5d2d0fb4b4e42f0eca133ff05b2acdaae30c3eacdd07e1b0ddfc8e64fb915d017898340fa83c9089cf6051b0cb19888b184f2d34b2279b4dd1120455792f7242cd3d3b2507ebe21ee4a684a402c8fbae4b864c4d7bf02bf8a27f2577afe920eb10c7f1033f130f126616824db9dace064c6ab8e884f0b5ff87ced76af0da8cb5be198927e35bfbd39894596992d0a83f045b2bc81773f5ddbd2ff230af4ce1b32a2a586a8e19564139016c42330a53ba9e4530621b5edacb9b1d47527bc35edbd914e98c0240b051501ca29c1994039f50d708862b73fba0a3ef4954186234d92d6cad2f48acb2f5cea4525ff34bc45fcbf48b3d19dabb1615f05edd70731749277c9c65f14a165615bff863cbdda817fac74f14cfc832bff23987960218b566bd38dacd932d6f83cdb6756bc040f22c24fb3f98cbfe7e3cd2e969f484d205ea55c6513066159990ea41df2b029e3372fbcdc741d67aa64402a483839f7f8b526f930bbc7eee0777ee888ff890b3d1b5984fa966ea43c6b193f652b72dd1272671fae3740f36d0da76a5a3a64ccacab8aa92affc78285495687d8eeda0e953c6cccd32b3e579a6f2f8e40c8379776bb94324da0f397eaf7da85784babaec37ed924372dc03f1ae5be24160b0d07ad9b2480d8ff7f47e56b2c701149bfd8ad6ee5be1f84d9bbf101448a8690248ea9f3a7575a99fac735a85dc0507d6628916337669723e7abbecb03ab15d6580b3c427fe424aab101e2dbcd6c2ee5dc83f9a31ec64268111e7b21ab8bf7d77a3eb17e7904372ea0f2c763b1cbdb7608fdec85258e899a33b8b4a5816032c90c4d51ea967adf7917e7464a376bd64c137347a90a00b728c35f589706732a4deae5d2a6e5e9e4fe8b450aee5647ced8b99fdb55a4dcc4f51a37add9611f5a71dc0b65c4f65af2f95abaa84b1ec7afb1cd5cf0d97f5e5c7b7d86a47394bed1181b6ac879f5d090aaea4016249722e5bac6c9a527c8134381912389115943aa53e8588e274584b2c07dcc9f1361ab9bc618b5d3087dbd1257343e041ef47106aa77c95c9eb4987aa0fc1819ccd444ad9184f3aadc954ddd027b8f2b4839738474ae0b643b478a6cb9d9d457787dd7213c928df9f9d4ce7ce4cebc06f8dd9795ef7e1dbcefb18f4ea41f51d986609f21385d9e8b435443d72cb96b21234df7f0dbabc442e9446d425b38df6a150487"})

03:49:57 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 11)
rmdir(&(0x7f0000000380)='./file0\x00')

[ 2065.664778] No source specified
[ 2065.669978] No source specified
03:49:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x1, 0x0)

03:49:57 executing program 7:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000000000, 0x800000000000, &(0x7f0000000000))
membarrier(0x2, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
membarrier(0x1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x5, &(0x7f0000000040))

03:49:57 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x20000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:49:57 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xd, r0, 0xee00, 0x0)

03:49:57 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsconfig$FSCONFIG_SET_FLAG(0xffffffffffffffff, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 2065.841260] No source specified
[ 2065.848454] No source specified
03:49:57 executing program 3:
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x84842, 0x0)
ioctl$BLKBSZSET(r0, 0x40081271, &(0x7f0000000140)=0x800)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='hugetlbfs\x00', &(0x7f0000000180)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
close_range(r1, r0, 0x0)
openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x4840, 0x0)
openat$sr(0xffffffffffffff9c, 0x0, 0x4840, 0x0)

03:49:57 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = msgget$private(0x0, 0x0)
msgctl$MSG_STAT(r0, 0xb, 0x0)
msgsnd(r0, &(0x7f0000000000)={0x2, "54bfd9524d03b46edd3d0b3e88fec256538e5eca9141073bf968100c301997cb8c9f21e2f0e950b551ce8c5872164335cee1506b1e4a9be829dd91fbfc1b087e7a2d26292012c9a6afc3abdda0cba5a0310440ef83f025ddb5652367b5e08ac96e5fb27f68f660995fd24a53b137156014e7b070b0d5577def7ee79645fa47cdc93f8adbf8042a2db3d8fd1bc041e544308b71745896c7b7631ce63bb4347e923593ad0164c5e7a3a8a1275e180f4986e7927044d95770f32e709f3af30ed15ce47a108ee154383480c5e76269a8ca674ea22aa72bbcc9f75aca5932f35b640b45db8395b57da6e043bc905c59fb421d4e86f39b3b4860cc5da8108abb"}, 0x105, 0x0)
membarrier(0x2, 0x0)

03:49:57 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
io_setup(0x0, &(0x7f0000000000)=<r0=>0x0)
io_pgetevents(r0, 0x10001, 0x5, &(0x7f0000000040)=[{}, {}, {}, {}, {}], &(0x7f0000000100)={0x77359400}, &(0x7f0000000180)={&(0x7f0000000140)={[0x37ab1c11]}, 0x8})

03:49:57 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x20100000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2066.112112] No source specified
03:50:08 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x3a}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:08 executing program 3:
r0 = perf_event_open(&(0x7f0000000340)={0x2, 0x80, 0xf0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000040)='\".-\x00QD)\xc9Td!\xa5\x85\"\xe5\xc3\x02\x87\xd8\xa9H\x82\xb0\xb1A\xe8\x10u\xb5\xa0\xc0\a\xa5\x99\xe6\xea\xa7\xb5\xefMs\x0f\xb4b\xf5z\x05*yb\xbf\xfc\xde\xb9\xa6\n`0\xee\x17\xcc\x17\xdcv\xd3{\x14ch\x12\x1a\xce\xe0w\xdf\xd05\xe5Mf\xe1V\xc4a\x9c\'-a\x965\xcb\x82\x9b')

03:50:08 executing program 2:
ioctl$TUNSETVNETLE(0xffffffffffffffff, 0x400454dc, &(0x7f0000000000))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:50:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x20)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='async\x00', 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x6, &(0x7f0000000180)=0x1)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000080)='async\x00', &(0x7f0000000140)='-[n.{!]:(-%S\\+-)\x00', 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='hugetlbfs\x00', &(0x7f0000000200)='\x00', 0x0)

03:50:08 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xe, r0, 0xee00, 0x0)

03:50:08 executing program 7:
r0 = syz_open_dev$ptys(0xc, 0x3, 0x0)
ioctl$TIOCL_BLANKSCREEN(r0, 0x541c, &(0x7f0000000040))
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x4, 0x4, 0x1})
ioctl$TIOCSPTLCK(r1, 0x40045431, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x8, &(0x7f0000000000)=0x1)
membarrier(0x10, 0x0)

03:50:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x8cffffff, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:08 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 12)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:08 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x40000056, &(0x7f0000000040)=0xfe)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000000, 0x1f, &(0x7f0000000000)=0x1)

03:50:08 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0xf, r0, 0xee00, 0x0)

[ 2076.769939] No source specified
[ 2076.774795] No source specified
03:50:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xc0ed0000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:08 executing program 3:
r0 = syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x80007, 0x15, &(0x7f0000000200)=[{&(0x7f0000010000)="200000000002000019000000900100000f000000000000000000000004000000000002000020000020000000e0f4655fe0f4655f0100ffff53ef010001000000ddf4655f000000000000000001000000000000000b0000000001000018000000c28500002b02000000000000", 0x6c, 0x400}, {&(0x7f0000010100)="000000000000000000000000ab7a0e3e026c4410ac9856e86774ba1101004000", 0x20, 0x4e0}, {&(0x7f0000010200)="0000000000000000000000000000000000000000000000000000000020002000010000000000050040", 0x29, 0x540}, {&(0x7f0000010300)="03000000040000000500000019000f0003000400"/29, 0x1d, 0x800}, {&(0x7f0000010400)="7f000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0100ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x607, 0xc00}, {&(0x7f0000010d00)="ed41000000040000ddf4655fe0f4655fe0f4655f00000000000004002000000000000800050000000af301000400000000000000000000000100000010000000", 0x40, 0x1500}, {&(0x7f0000010e00)="20000000c8946f1dc8946f1d00000000ddf4655f00"/32, 0x20, 0x1580}, {&(0x7f0000010f00)="8081000000300404ddf4655fddf4655fddf4655f00000000000001002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000ddf4655f0000", 0x96, 0x1a00}, {&(0x7f0000011000)="c0410000002c0000ddf4655fddf4655fddf4655f00000000000002002000000000000800000000000af3010004000000", 0x30, 0x1e00}, {&(0x7f0000011200)}, {0x0}, {&(0x7f0000011400)="ffa1000026000000e0f4655fe0f4655fe0f4655f00000000000001000000000000000000010000002f746d702f73797a2d696d61676567656e3230333036313136372f66696c65302f66696c653000000000000000000000000000000000000000000000c7982f7500"/120, 0x78, 0x2100}, {0x0}, {&(0x7f0000011800), 0x0, 0x4000}, {0x0}, {&(0x7f0000011a00)}, {0x0}, {0x0}, {0x0}, {&(0x7f0000012400)="504d4d00504d4dffe0f4655f00000000647679756b6f762d676c6170746f70320000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000006c6f6f7033310075782f746573742f73797a5f6d6f756e745f696d6167655f65", 0x70, 0x10000}, {&(0x7f0000012500)='syzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkallersyzkal', 0x2e8, 0x14000}], 0x0, &(0x7f0000012a00))
clock_gettime(0x0, &(0x7f0000000080)={<r1=>0x0, <r2=>0x0})
utimensat(r0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)={{r1, r2/1000+10000}}, 0x100)

03:50:08 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x40, 0x0)

03:50:08 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1)
membarrier(0x1, 0x0)

03:50:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x80, &(0x7f00000000c0)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
ioctl$AUTOFS_DEV_IOCTL_PROTOVER(0xffffffffffffffff, 0xc0189372, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'})
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="340000002e00f9ffff7f0000000000000c00000001"], 0x34}], 0x1}, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 2076.867543] No source specified
[ 2076.871270] No source specified
03:50:08 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x10, r0, 0xee00, 0x0)

[ 2076.972076] FAULT_INJECTION: forcing a failure.
[ 2076.972076] name failslab, interval 1, probability 0, space 0, times 0
[ 2076.973191] CPU: 1 UID: 0 PID: 16876 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2076.973207] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2076.973215] Call Trace:
[ 2076.973220]  <TASK>
[ 2076.973224]  dump_stack_lvl+0xfa/0x120
[ 2076.973247]  should_fail_ex+0x4d7/0x5e0
[ 2076.973264]  ? security_inode_alloc+0x3e/0x130
[ 2076.973285]  should_failslab+0xc2/0x120
[ 2076.973297]  kmem_cache_alloc_noprof+0x5f/0x470
[ 2076.973317]  ? lockdep_init_map_type+0x4b/0x240
[ 2076.973335]  security_inode_alloc+0x3e/0x130
[ 2076.973355]  inode_init_always_gfp+0xc94/0xff0
[ 2076.973378]  alloc_inode+0x8d/0x250
[ 2076.973392]  new_inode+0x1e/0x160
[ 2076.973405]  __ext4_new_inode+0x35a/0x4b90
[ 2076.973430]  ? find_held_lock+0x2b/0x80
[ 2076.973448]  ? __dquot_initialize+0x29d/0xcf0
[ 2076.973461]  ? lock_release+0xc8/0x290
[ 2076.973474]  ? __pfx___ext4_new_inode+0x10/0x10
[ 2076.973493]  ? _raw_spin_unlock+0x1e/0x40
[ 2076.973514]  ? __pfx___dquot_initialize+0x10/0x10
[ 2076.973530]  ? d_splice_alias_ops+0x14b/0x830
[ 2076.973546]  ext4_create+0x2e2/0x4e0
[ 2076.973564]  ? __pfx_ext4_create+0x10/0x10
[ 2076.973577]  ? security_inode_permission+0x72/0xe0
[ 2076.973599]  ? __pfx_ext4_create+0x10/0x10
[ 2076.973612]  lookup_open.isra.0+0x10f8/0x1530
[ 2076.973637]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2076.973662]  ? __pfx_down_write+0x10/0x10
[ 2076.973676]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2076.973693]  path_openat+0xc26/0x2880
[ 2076.973716]  ? __lock_acquire+0x694/0x1b70
[ 2076.973728]  ? __pfx_path_openat+0x10/0x10
[ 2076.973751]  do_filp_open+0x1e8/0x450
[ 2076.973769]  ? __pfx_do_filp_open+0x10/0x10
[ 2076.973793]  ? find_held_lock+0x2b/0x80
[ 2076.973809]  ? alloc_fd+0x2c1/0x560
[ 2076.973825]  ? lock_release+0xc8/0x290
[ 2076.973840]  ? alloc_fd+0x2c1/0x560
[ 2076.973861]  do_sys_openat2+0x104/0x1b0
[ 2076.973876]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2076.973896]  __x64_sys_creat+0xcc/0x120
[ 2076.973911]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2076.973925]  ? __pfx_ksys_write+0x10/0x10
[ 2076.973946]  ? do_syscall_64+0x85/0x360
[ 2076.973963]  do_syscall_64+0xbf/0x360
[ 2076.973979]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2076.973991] RIP: 0033:0x7f2ff44d3b19
[ 2076.974001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2076.974013] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2076.974025] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2076.974033] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2076.974041] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2076.974048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2076.974056] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2076.974072]  </TASK>
03:50:17 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
splice(r0, &(0x7f0000000080)=0x7, r1, &(0x7f00000000c0)=0x16, 0x3, 0x4)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:50:17 executing program 3:
keyctl$revoke(0x3, 0x0)
request_key(&(0x7f00000000c0)='ceph\x00', &(0x7f00000008c0)={'syz', 0x2}, &(0x7f0000000140)='\xe7\xb0\xd6\x81\x9c\xc4F\xc9>\xad\xd3b}\x06\x00\x00\x00\x00\x00\x00\x00\xbe\xc1\x86\xf7\x8fB#P\xe5\r\xad\xe1\x01h\xb2\xc5\x02\xab2e\xeb\x8f\x01\xe2\xfb\x1aE\xd9\xc9\xf7\xa2\xb0\x8aV\rZ55\xc8\xe1\xe0\xa3\x1f\xe4\xfd\xe5\'$,t\xdaI\xd2\xd2p\x14\x87\x85\x15\x1af\'\xa8\x16', 0xfffffffffffffffc)
r0 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r0, 0x0, 0x0)
keyctl$set_timeout(0xf, r0, 0x2)
request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)='\x00', 0xfffffffffffffffb)

03:50:17 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x60}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:17 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 13)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:17 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x1100)
setfsuid(r0)
syz_mount_image$iso9660(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x383, 0x1, &(0x7f0000000180)=[{&(0x7f00000000c0)="0c013ebed6623f8c799b75575d64c544abfecb3afd17461d38a2beed55e4635784797dd4bbe17d9eae6fd9e31db6ba16539db8ba103880da98fa10da8f82b8c0bdd0d0e8f346b892a321534a83c33e6d850e2df0e525e3016aab30a7a535a715c2600cc39bfd6807ba715c9d9e232270f3f6550c8533dc9d72dc673dbc1f4cb7762b9132536f208ddef37e24", 0x8c, 0x7}], 0x106020, &(0x7f00000001c0)={[{@map_off}, {@utf8}, {@block={'block', 0x3d, 0xe00}}, {}, {@utf8}, {@check_strict}, {@mode={'mode', 0x3d, 0x100}}], [{@subj_type={'subj_type', 0x3d, '^'}}, {@subj_role}, {@appraise}, {@fowner_lt={'fowner<', r0}}, {@fowner_gt={'fowner>', 0xffffffffffffffff}}, {@dont_hash}]})
mount$9p_xen(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x80, &(0x7f0000000340)={'trans=xen,', {[{@cachetag={'cachetag', 0x3d, 'appraise'}}, {@posixacl}, {@debug={'debug', 0x3d, 0x2}}, {@dfltuid={'dfltuid', 0x3d, r0}}]}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x101, &(0x7f0000000000)=0x1)

03:50:17 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x11, r0, 0xee00, 0x0)

03:50:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000000000))
membarrier(0x2, 0x0)
membarrier(0x8, 0x0)
membarrier(0x0, 0x0)

03:50:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xf6ffffff, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2085.685549] No source specified
[ 2085.689545] No source specified
03:50:17 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x6, 0x4, &(0x7f00000003c0)=[{&(0x7f0000000080)="5c196ea8ed7c0678753e47ad5627778189dc9258d7be0249d42deacfe89c6aece966876895f51adf2c7acf6854fdbf9f15e91ecf2b83fce0fd7ddbf95f6f40ed84f5a259fe50d2bdf3219af1a0f85c8e0eda281669d9e420cde6fb8240409bd1157576c265ebc988b62784380aeebd65167671237a5c52d5395e45ee2ec1dd70b9422de34e7e6e875c594deff7b37b3183f4138417f4efc4d2ebe956bb38d5f95c4c23c0bafe4cdc0d3265d10ba36191470ff23bf63d1cce4830862df703f21dcd8517304f9af029c8925f41e321d1c83df34ead4db5689509d84faf57be45ef97c2f95d179861d57bc5f204421a", 0xee, 0x8}, {&(0x7f0000000180)="aa2b51dec5d8ca45ba3fec76f587cebd3563ce04afd51ebde4513f4cf2d5db9e922948f37bac5ca5e693923bb94f78928bd332a9f0e6e8ce4a2bfb528e3d613cc5a6548da2c38a8fe325e90814ff8c3a0b7e56", 0x53, 0x3ff}, {&(0x7f0000000200)="dec098ea2d5893611d29825e06b0188fced2ee0a272e4a6428ef47829967333f48d7dd27bcf81e55ebb13138ef35ff90910967506e33d2fec80c5aca783f201328bd9e196e08ec541a14f8e1ec8c6ae7d71ee715e9d68fc316712ed2344997efbb0d8ca323556e6b2b68b8002553e1b23087b7ba78bf532cc85d62d15e9c4aab35b311979153998527d0f732cdbb5e6152c6c6679977805facfd2313e657b39736523057a17d3579537a14b2f662ebc198a8dbc1693cb5b5d54ce890b8b7dab20481de79a0cec229b8093548339624518a1b43a6f2087535183e516b1b8e4a34d6b1d0a4c5c411f85c30883d3e8b09dc", 0xf0}, {&(0x7f0000000300)="8be1618b8cc86ca298f2a4cee564c40a06dae0624b30ee5e86ae14f1a5ced2a8cb7faad6873af52226aaac0d7002774ef7d8e4ed86519ac6b06dd2429c25992554052ef78e4be8ae6035ea4c4f304fdac26bca0a66c315b582bcefeb2cfb0eee0cb5f13d7b9a4510ed87c0f90aa476be99b16f6e055f0c667d73776cac0c95f06372a6be8a6957245401130d4ef9b272b68b23afce568c", 0x97, 0x400}], 0x4, &(0x7f0000000440)={[{@iocharset={'iocharset', 0x3d, 'iso8859-1'}}, {@sbsector={'sbsector', 0x3d, 0x200}}, {@block={'block', 0x3d, 0xa00}}, {@map_normal}, {}, {@mode={'mode', 0x3d, 0xe8}}], [{@defcontext={'defcontext', 0x3d, 'staff_u'}}, {@uid_eq={'uid', 0x3d, 0xee01}}, {@fsname={'fsname', 0x3d, '#!{^!'}}, {@defcontext={'defcontext', 0x3d, 'root'}}, {@hash}, {@uid_gt={'uid>', 0xffffffffffffffff}}, {@seclabel}, {@audit}]})
membarrier(0x2, 0x0)

03:50:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x10, 0x0)
mlock(&(0x7f0000ffc000/0x3000)=nil, 0x3000)

03:50:17 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x12, r0, 0xee00, 0x0)

03:50:17 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
msgget(0x2, 0x180)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2095, 0x1, &(0x7f0000000180))
r0 = fsopen(&(0x7f0000000040)='ncpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = syz_mount_image$nfs4(&(0x7f00000001c0), &(0x7f0000000200)='./file0\x00', 0x9, 0x1, &(0x7f00000002c0)=[{&(0x7f0000000240)="cdb5f1a4915ff66d4fa61d14d7bfe91e21a0444a5370342a8b9c4d982f27bba06d23f10bfbe14dc287f428d9817509983f603ecf5c164ac4c06265c624e390481100eb8583b6540116ea12e623b05c3fc0bcabea16c7f1a89a6e645c9eac8ce14f40cc364f5d", 0x66, 0x26b}], 0x204a8a0, &(0x7f0000000300)={[{'rw\x00'}, {'$/'}, {'\'..{-^&*-*'}, {'*{/(#:!{&^.--(&Z\x89-^+*}\',-(@^-()!##(}'}, {'rw\x00'}, {'ncpfs\x00'}, {'rw\x00'}, {'^!&#)[:-(/\x8b'}, {'rw\x00'}, {'rw\x00'}], [{@fowner_eq={'fowner', 0x3d, 0xee00}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'ncpfs\x00'}}, {@permit_directio}, {@fsmagic={'fsmagic', 0x3d, 0x2}}, {@uid_lt={'uid<', 0xee00}}, {@context={'context', 0x3d, 'system_u'}}, {@fowner_eq={'fowner', 0x3d, 0xee01}}, {@permit_directio}]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x1f, &(0x7f0000000480))
mknodat$null(r1, &(0x7f0000000440)='./file0\x00', 0x40, 0x103)

03:50:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xf9fdffff, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:17 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

[ 2085.769479] loop7: detected capacity change from 0 to 4
[ 2085.774351] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22
[ 2085.782346] loop7: detected capacity change from 0 to 4
03:50:17 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3d, 0x5, &(0x7f0000000000))
membarrier(0x40, 0x0)
membarrier(0x20, 0x0)

03:50:17 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x13, r0, 0xee00, 0x0)

[ 2085.843809] No source specified
[ 2085.845563] No source specified
03:50:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xffffe000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5231, 0x6, &(0x7f00000000c0)=0x1)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x100000001, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7ebe, 0x100, &(0x7f0000000000))
mknodat$null(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x80, 0x103)
membarrier(0x2, 0x0)

[ 2085.916152] loop5: detected capacity change from 0 to 2
[ 2085.962239] No source specified
[ 2085.975526] No source specified
03:50:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
dup(r0)
r1 = signalfd(r0, &(0x7f0000000000)={[0x2]}, 0x8)
ioctl$CDROMPLAYBLK(r1, 0x5317, &(0x7f0000000080)={0x1})

03:50:27 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x14, r0, 0xee00, 0x0)

03:50:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5107, 0x7, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:50:27 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='rw\x00', 0x0, 0x0)

03:50:27 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 14)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:27 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xfc}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xfffffdf9, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:27 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x15, r0, 0xee00, 0x0)

03:50:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='nomand\x00', 0x0, 0x0)

[ 2095.366069] No source specified
[ 2095.372066] No source specified
03:50:27 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x18, r0, 0xee00, 0x0)

03:50:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfffffffffffffff9, &(0x7f0000001b00))
membarrier(0x40, 0x0)
getpid()

03:50:27 executing program 2:
membarrier(0x2, 0x0)

03:50:27 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

[ 2095.541474] FAULT_INJECTION: forcing a failure.
[ 2095.541474] name failslab, interval 1, probability 0, space 0, times 0
[ 2095.543108] CPU: 0 UID: 0 PID: 16980 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2095.543137] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2095.543149] Call Trace:
[ 2095.543157]  <TASK>
[ 2095.543165]  dump_stack_lvl+0xfa/0x120
[ 2095.543198]  should_fail_ex+0x4d7/0x5e0
[ 2095.543224]  ? jbd2__journal_start+0x193/0x6b0
[ 2095.543248]  should_failslab+0xc2/0x120
[ 2095.543269]  kmem_cache_alloc_noprof+0x5f/0x470
[ 2095.543301]  ? lock_is_held_type+0x9e/0x120
[ 2095.543331]  jbd2__journal_start+0x193/0x6b0
[ 2095.543359]  __ext4_journal_start_sb+0x325/0x5d0
[ 2095.543400]  __ext4_new_inode+0x2c38/0x4b90
[ 2095.543449]  ? __pfx___ext4_new_inode+0x10/0x10
[ 2095.543496]  ? _raw_spin_unlock+0x1e/0x40
[ 2095.543532]  ? __pfx___dquot_initialize+0x10/0x10
[ 2095.543561]  ? d_splice_alias_ops+0x14b/0x830
[ 2095.543594]  ext4_create+0x2e2/0x4e0
[ 2095.543630]  ? __pfx_ext4_create+0x10/0x10
[ 2095.543654]  ? security_inode_permission+0x72/0xe0
[ 2095.543695]  ? __pfx_ext4_create+0x10/0x10
[ 2095.543719]  lookup_open.isra.0+0x10f8/0x1530
[ 2095.543756]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2095.543801]  ? __pfx_down_write+0x10/0x10
[ 2095.543827]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2095.543856]  path_openat+0xc26/0x2880
[ 2095.543898]  ? __lock_acquire+0x694/0x1b70
[ 2095.543922]  ? __pfx_path_openat+0x10/0x10
[ 2095.543964]  do_filp_open+0x1e8/0x450
[ 2095.543997]  ? __pfx_do_filp_open+0x10/0x10
[ 2095.544041]  ? find_held_lock+0x2b/0x80
[ 2095.544072]  ? alloc_fd+0x2c1/0x560
[ 2095.544101]  ? lock_release+0xc8/0x290
[ 2095.544129]  ? alloc_fd+0x2c1/0x560
[ 2095.544168]  do_sys_openat2+0x104/0x1b0
[ 2095.544193]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2095.544231]  __x64_sys_creat+0xcc/0x120
[ 2095.544258]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2095.544284]  ? __pfx_ksys_write+0x10/0x10
[ 2095.544322]  ? do_syscall_64+0x85/0x360
[ 2095.544352]  do_syscall_64+0xbf/0x360
[ 2095.544381]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2095.544403] RIP: 0033:0x7f2ff44d3b19
[ 2095.544420] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2095.544441] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2095.544462] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2095.544477] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2095.544490] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2095.544503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2095.544516] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2095.544545]  </TASK>
[ 2095.580338] EXT4-fs error (device sda) in __ext4_new_inode:1086: Out of memory
03:50:37 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x19, r0, 0xee00, 0x0)

03:50:37 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x1f4}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:37 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 15)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:37 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000001b00))
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000000c0)=<r0=>0x0)
r1 = syz_open_procfs(r0, &(0x7f0000000080)='net/fib_triestat\x00')
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x8, &(0x7f0000000000))
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000200)={{{@in=@local, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r2=>0x0}}, {{@in6=@loopback}, 0x0, @in6}}, &(0x7f0000000300)=0xe8)
syz_mount_image$iso9660(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x1074, 0x0, &(0x7f00000001c0), 0x203000, &(0x7f0000000340)={[{@gid={'gid', 0x3d, 0xee00}}, {@dmode={'dmode', 0x3d, 0x3}}], [{@uid_eq={'uid', 0x3d, r2}}, {@fscontext={'fscontext', 0x3d, 'root'}}, {@subj_role={'subj_role', 0x3d, 'net/fib_triestat\x00'}}]})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x5, 0x6, &(0x7f0000000040))
membarrier(0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xd72, 0x716e, &(0x7f0000000100)=0x1)

03:50:37 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xe0, &(0x7f0000000000))
membarrier(0x2, 0x0)
memfd_create(&(0x7f0000000040)='\x00', 0x1)
membarrier(0x4, 0x0)

03:50:37 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:37 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xffffff8c, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2106.014314] No source specified
[ 2106.021490] No source specified
03:50:38 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:50:38 executing program 3:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:38 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x10, 0x0)

03:50:38 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xfffffff6, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:38 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x1b, r0, 0xee00, 0x0)

[ 2106.190451] No source specified
[ 2106.196555] No source specified
03:50:38 executing program 3:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:38 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000))
membarrier(0x2, 0x0)
membarrier(0x4, 0x0)
membarrier(0x4, 0x0)
membarrier(0x40, 0x0)

03:50:38 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xedc000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2106.367458] No source specified
[ 2106.373443] No source specified
03:50:48 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x1c, r0, 0xee00, 0x0)

03:50:48 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x300}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:48 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 16)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:48 executing program 2:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x3}, 0x1c)
sendmsg$inet(r0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[@ip_tos_u8={{0x11}}], 0x18}, 0x0)
getsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000040)={{{@in6=@local, @in=@loopback}}, {{@in6=@mcast2}, 0x0, @in6=@mcast1}}, &(0x7f0000000140)=0xe8)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x41, 0x8, &(0x7f0000000000)=0xbe)
membarrier(0x2, 0x0)
connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4e24, 0x3, @empty, 0x40}, 0x1c)
membarrier(0x20, 0x0)
membarrier(0x1, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
membarrier(0x1, 0x0)
membarrier(0x20, 0x0)
perf_event_open(&(0x7f00000002c0)={0x0, 0x80, 0x4, 0x80, 0xff, 0xfe, 0x0, 0x2, 0x20, 0x8, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, @perf_config_ext={0x5, 0xdf}, 0x10005, 0x1, 0x5, 0x4, 0x6, 0x401, 0x926, 0x0, 0x80, 0x0, 0x10000}, 0x0, 0x8, r1, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x4, &(0x7f0000000180))
membarrier(0x1, 0x0)

03:50:48 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x20, 0x0)
membarrier(0x2, 0x0)
creat(&(0x7f0000000000)='./file0\x00', 0x81)

03:50:48 executing program 3:
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:48 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x8000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2116.384198] No source specified
[ 2116.388080] No source specified
03:50:48 executing program 3:
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:48 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xe0ffff00000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:48 executing program 2:
ioctl$SNAPSHOT_SET_SWAP_AREA(0xffffffffffffffff, 0x400c330d, &(0x7f0000000000)={0x10000000000003ff, 0x80000001})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
recvmmsg$unix(0xffffffffffffffff, &(0x7f00000019c0)=[{{&(0x7f0000000040), 0x6e, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/73, 0x49}, {&(0x7f0000000140)=""/120, 0x78}, {&(0x7f00000001c0)=""/4096, 0x1000}, {&(0x7f00000011c0)=""/39, 0x27}, {&(0x7f0000001b40)=""/4096, 0x1000}, {&(0x7f0000001200)=""/250, 0xfa}, {&(0x7f0000002b40)=""/4096, 0x1000}], 0x7, &(0x7f0000001380)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x78}}, {{&(0x7f0000001400), 0x6e, &(0x7f00000016c0)=[{&(0x7f0000001480)=""/244, 0xf4}, {&(0x7f0000001580)=""/52, 0x34}, {&(0x7f00000015c0)=""/211, 0xd3}], 0x3, &(0x7f0000001700)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [<r0=>0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x140}}, {{0x0, 0x0, &(0x7f00000018c0)=[{&(0x7f0000001840)=""/100, 0x64}], 0x1, &(0x7f0000001900)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}], 0x3, 0x40010020, 0x0)
ioctl$SNAPSHOT_PLATFORM_SUPPORT(r0, 0x330f, 0x0)
membarrier(0x2, 0x0)

03:50:48 executing program 3:
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:48 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000000000, 0xffffffffffffffff, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x5, &(0x7f0000000000)=0x1)
membarrier(0x4, 0x0)

03:50:48 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x1d, r0, 0xee00, 0x0)

[ 2116.537467] No source specified
[ 2116.558151] No source specified
03:50:48 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x4, 0x0)

[ 2116.578507] FAULT_INJECTION: forcing a failure.
[ 2116.578507] name failslab, interval 1, probability 0, space 0, times 0
[ 2116.580701] CPU: 1 UID: 0 PID: 17059 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2116.580734] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2116.580747] Call Trace:
[ 2116.580755]  <TASK>
[ 2116.580763]  dump_stack_lvl+0xfa/0x120
[ 2116.580799]  should_fail_ex+0x4d7/0x5e0
[ 2116.580827]  ? security_inode_init_security+0x13d/0x390
[ 2116.580859]  should_failslab+0xc2/0x120
[ 2116.580881]  __kmalloc_noprof+0xb4/0x4b0
[ 2116.580912]  ? posix_acl_create.part.0+0x2a0/0x480
[ 2116.580952]  security_inode_init_security+0x13d/0x390
[ 2116.580983]  ? __pfx_ext4_initxattrs+0x10/0x10
[ 2116.581007]  ? __pfx_security_inode_init_security+0x10/0x10
[ 2116.581039]  ? ext4_inode_journal_mode+0x267/0x580
[ 2116.581076]  ? crc32c+0x1ae/0x320
[ 2116.581101]  __ext4_new_inode+0x3378/0x4b90
[ 2116.581151]  ? __pfx___ext4_new_inode+0x10/0x10
[ 2116.581189]  ? __pfx___dquot_initialize+0x10/0x10
[ 2116.581219]  ? d_splice_alias_ops+0x14b/0x830
[ 2116.581251]  ext4_create+0x2e2/0x4e0
[ 2116.581283]  ? __pfx_ext4_create+0x10/0x10
[ 2116.581307]  ? security_inode_permission+0x72/0xe0
[ 2116.581347]  ? __pfx_ext4_create+0x10/0x10
[ 2116.581370]  lookup_open.isra.0+0x10f8/0x1530
[ 2116.581407]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2116.581453]  ? __pfx_down_write+0x10/0x10
03:50:48 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x100000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2116.581480]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2116.581510]  path_openat+0xc26/0x2880
[ 2116.581553]  ? __lock_acquire+0x694/0x1b70
[ 2116.581577]  ? __pfx_path_openat+0x10/0x10
[ 2116.581619]  do_filp_open+0x1e8/0x450
[ 2116.581659]  ? __pfx_do_filp_open+0x10/0x10
[ 2116.581703]  ? find_held_lock+0x2b/0x80
[ 2116.581735]  ? alloc_fd+0x2c1/0x560
[ 2116.581764]  ? lock_release+0xc8/0x290
[ 2116.581792]  ? alloc_fd+0x2c1/0x560
[ 2116.581831]  do_sys_openat2+0x104/0x1b0
[ 2116.581857]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2116.581895]  __x64_sys_creat+0xcc/0x120
[ 2116.581922]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2116.581948]  ? __pfx_ksys_write+0x10/0x10
[ 2116.581986]  ? do_syscall_64+0x85/0x360
[ 2116.582017]  do_syscall_64+0xbf/0x360
[ 2116.582046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2116.582069] RIP: 0033:0x7f2ff44d3b19
[ 2116.582086] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2116.582107] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2116.582128] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2116.582143] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2116.582157] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2116.582170] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2116.582183] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2116.582213]  </TASK>
[ 2116.636562] No source specified
[ 2116.644007] No source specified
03:50:48 executing program 3:
socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bdd64579e14eb5e1e30e2bc75790bb18e39fb723aad8982109903fa237be63760214d9d91b7cfeeaebcad4825035fe8cfb8cc4ddbeb738c0221aec419168cad720855aa248f2"], 0xf8}}, 0x0)

03:50:48 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0xfffffffffffffffc, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:50:59 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 17)
rmdir(&(0x7f0000000380)='./file0\x00')

03:50:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x200000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:59 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x3e8}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:50:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x1e, r0, 0xee00, 0x0)

03:50:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f00000010c0))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f00000014c0)={0x0, ""/256, 0x0, <r1=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000752c0)={0x2, [{0x0, r1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r2=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r3=>0x0}], 0x0, "067c80a7489a06"})
r4 = openat$sr(0xffffffffffffff9c, &(0x7f0000000980), 0x80000, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r4, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0}, 0x10000884)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r4, 0xc400941d, &(0x7f00000010c0))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x81f8943c, &(0x7f00000014c0)={0x0, ""/256, 0x0, <r5=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000752c0)={0x2, [{0x0, r5}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r6=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r7=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r8=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r9=>0x0}], 0x0, "067c80a7489a06"})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000063d00)={0x80000001, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r10=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r11=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {<r12=>0x0}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, <r13=>0x0}], 0x8, "3b324f4e9c3c6f"})
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000064d00)={{<r14=>0x0, 0x4, 0x7, 0x4, 0x3, 0x783c, 0xff, 0x4, 0xffff, 0x4d7, 0x1, 0x7, 0x7ff, 0x3, 0x2}})
r15 = openat$sr(0xffffffffffffff9c, &(0x7f0000000980), 0x80000, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r15, &(0x7f0000000ac0)={&(0x7f00000009c0)={0x10, 0x0, 0x0, 0x100}, 0xc, 0x0}, 0x10000884)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r15, 0xc400941d, &(0x7f00000010c0))
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r15, 0x81f8943c, &(0x7f00000014c0)={0x0, ""/256, 0x0, <r16=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(0xffffffffffffffff, 0xd000943d, &(0x7f00000752c0)={0x2, [{0x0, r16}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r10}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r7}], 0x0, "067c80a7489a06"})
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r0, 0x81f8943c, &(0x7f0000065d00)={0x0, ""/256, 0x0, <r17=>0x0})
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r0, 0xd000943d, &(0x7f0000065f00)={0x1, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r12}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r11}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r8}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r3}, {}, {r6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {r9}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, r1}, {}, {0x0, r5}, {r2, r13}, {}, {r14, r16}, {}, {}, {}, {0x0, r17}], 0x62, "313499f6b4f2c4"})

03:50:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

03:50:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r1 = pidfd_open(r0, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r2=>0x0)
r3 = getpgid(0x0)
getpgid(r3)
sched_setattr(r3, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
kcmp(r2, r3, 0x2, r1, r1)

03:50:59 executing program 7:
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sendmsg$AUDIT_SET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x3e9, 0x1, 0x70bd28, 0x25dfdbff, {0x52, 0x1, 0x0, r0, 0x7, 0x2, 0x800, 0x5, 0x0, 0x20}, [""]}, 0x38}, 0x1, 0x0, 0x0, 0xc000000}, 0x841)
r1 = getpgid(r0)
kcmp(r0, r1, 0x2, 0xffffffffffffffff, 0xffffffffffffffff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r2 = fcntl$getown(0xffffffffffffffff, 0x9)
membarrier(0x1, 0x0)
r3 = getpgid(0x0)
sched_setattr(r3, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
pidfd_open(r3, 0x0)
r4 = getpgid(0x0)
sched_setattr(r4, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x85, 0x7, 0x3, 0x2, 0x4007}, 0x0)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000001c0)=ANY=[@ANYBLOB="01000000402a40849945750d4a8de964b29c02e8b7862cbe1cd3b31611ac02c31ecb30b2861bc4eecc601aaa2afe07a587c4a73b5e430cdbec1f39b317b1b89c23fead3790700bc5466c356181a0dd2b8e23a743522816d705dd107645bf2701a3061b8ab4aead1e3fd7eafe2def100e58f52014ddd3c7add9d0fe4c3729668ebe4627384f527de98d7730321041f049", @ANYRES32=<r6=>0xffffffffffffffff, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00./file0\x00'])
kcmp(r2, r4, 0x4, r5, r6)

[ 2127.469537] No source specified
[ 2127.477141] No source specified
03:50:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
openat(0xffffffffffffffff, &(0x7f0000000040)='./file0\x00', 0x400140, 0xf6)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
perf_event_open(&(0x7f00000001c0)={0x7, 0x80, 0xff, 0x81, 0x0, 0x6e, 0x0, 0x6, 0x42000, 0x4, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x53e2, 0x0, @perf_bp={&(0x7f0000000000), 0x5}, 0x1, 0x8, 0xffffffff, 0x9, 0x8, 0x7, 0x1000, 0x0, 0x2}, 0xffffffffffffffff, 0x2, r1, 0xa)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:50:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xb, 0x1f, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x10, 0x0)

03:50:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

03:50:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x300000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:50:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='syz', &(0x7f0000000040)="79cc9e8bb0e642b4053b85fa3fdead8daeb5364ab1cb72243584a9cc79c99de04519339a768b2bc22089da613c648dc340416ef5d66e5522f5bf9f48616ed52bf9297f40442d6ab8f2bdfba4ad23093404968026bdc6d0536560f5c4d157f0b6e92ab8ca41834341f3", 0x69)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:50:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x1000000000100, &(0x7f0000000000)=0x4)
membarrier(0x2, 0x0)

03:50:59 executing program 4:
fsopen(0x0, 0x1)
r0 = fsopen(&(0x7f0000000140)='ncpfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000000)='syz', &(0x7f0000000040)="5f26de8b4c4f72d34b5acd85d649124257af6926", 0x14)
r1 = accept$unix(0xffffffffffffffff, 0x0, &(0x7f0000000080))
read(r1, &(0x7f0000000180)=""/81, 0x51)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$chown(0x4, r2, 0xee00, 0x0)

[ 2127.730063] No source specified
03:50:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)

03:51:08 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x8, 0x0)
memfd_create(&(0x7f0000000000)='\x00', 0x0)
membarrier(0x1, 0x0)
r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000040), 0x28040, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000100)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=r0, @ANYBLOB="000001000066696c653000000000000096f89c1d68fd0868b6a06b71dbee7486d86c997906775522e9e4dc0c2c98689605"])

03:51:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x400000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:08 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x500}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:08 executing program 2:
recvmmsg$unix(0xffffffffffffffff, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000100)=""/88, 0x58}, {&(0x7f0000000180)=""/135, 0x87}, {&(0x7f0000000240)=""/3, 0x3}, {&(0x7f0000000380)=""/214, 0xd6}, {&(0x7f0000000480)=""/101, 0x65}], 0x5, &(0x7f0000000580)=[@cred={{0x1c}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, <r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x14, 0x1, 0x1, [<r3=>0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb0}}], 0x1, 0x0, 0x0)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000010c0), r1)
sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000001180)={&(0x7f0000001080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000001140)={&(0x7f0000001100)={0x24, r4, 0x200, 0x0, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1f9b05df}]}, 0x24}}, 0x0)
sendmsg$IPVS_CMD_GET_DEST(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r4, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x80}, 0x40000)
getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000700)={<r5=>0x0, @private, @private}, &(0x7f0000000740)=0xc)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000800)={'ip6gre0\x00', &(0x7f0000000780)={'syztnl1\x00', <r6=>0x0, 0x2f, 0x3, 0x2, 0xff, 0x42, @mcast2, @loopback, 0x7, 0x8, 0x6, 0x40}})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000840)={'wg1\x00', <r7=>0x0})
getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000008c0)={{{@in, @in=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, <r8=>0x0}}, {{@in=@empty}, 0x0, @in6=@private1}}, &(0x7f00000009c0)=0xe8)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000b00)={'syztnl1\x00', &(0x7f0000000a80)={'syztnl2\x00', <r9=>0x0, 0x29, 0x1, 0x9, 0x0, 0x0, @mcast2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x7, 0x50, 0x8f2, 0x6}})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000bc0)={'syztnl1\x00', &(0x7f0000000b40)={'ip6tnl0\x00', <r10=>0x0, 0x2f, 0x0, 0x81, 0x4, 0x56, @mcast1, @mcast1, 0x20, 0x10, 0x6, 0x9}})
sendmsg$TEAM_CMD_OPTIONS_GET(r3, &(0x7f0000000c40)={&(0x7f00000006c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000c00)={&(0x7f00000011c0)={0x5b8, 0x0, 0x100, 0x70bd2a, 0x25dfdbfd, {}, [{{0x8, 0x1, r5}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xf0}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}, {{0x8, 0x1, r6}, {0x12c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffff0c66}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}]}}, {{0x8, 0x1, r7}, {0x1f0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8}, {0xf4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}]}}]}, 0x5b8}, 0x1, 0x0, 0x0, 0x1}, 0x20000892)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x5, &(0x7f0000000000)=0x1)
r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r12 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r12, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r11, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_SET_QOS_MAP(r1, &(0x7f0000000640)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)={0x60, r11, 0x1, 0x70bd2b, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x81, 0x6}}}}, [@NL80211_ATTR_QOS_MAP={0x36, 0xc7, {[{0x0, 0x3}, {0x6b, 0x5}, {0x40, 0x6}, {0x0, 0x3}, {0x3, 0x6}, {0x6, 0x3}, {0x8, 0x7}, {0x1, 0x6}, {0x7f, 0x6}, {0x80, 0x6}, {0x7f, 0x5}, {0x1, 0x3}, {0x8, 0x6}, {0xff, 0x4}, {0x0, 0x6}, {0x20, 0x3}, {0x61, 0x2}, {0x1}, {0xff, 0x7}, {0x40, 0x7}, {0x81, 0x4}], "17bb9e133e2985d3"}}]}, 0x60}}, 0x40400b1)

03:51:08 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 18)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:08 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)

03:51:08 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x2, 0x80, 0x7, 0x40, 0xe6, 0x8, 0x0, 0x4, 0x0, 0x8, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0xcc, 0x4, @perf_config_ext={0x4e9d3efb, 0x1}, 0xc20, 0x8, 0x8, 0x9, 0x7f, 0xfffffffd, 0x1000, 0x0, 0xfffff711, 0x0, 0x8}, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x2)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = fspick(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x1)
readahead(r1, 0x4, 0x51e)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:51:08 executing program 5:
readahead(0xffffffffffffffff, 0x101, 0x5)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='nfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x8d50, &(0x7f00000000c0))
r1 = openat$incfs(0xffffffffffffffff, &(0x7f0000000100)='.log\x00', 0x4022, 0x51)
ioctl$AUTOFS_DEV_IOCTL_OPENMOUNT(r1, 0xc0189374, &(0x7f0000000140)={{0x1, 0x1, 0x18, <r2=>r1, {0x25e9}}, './file0\x00'})
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FD(r2, 0x5, &(0x7f0000000180)='\\\x00', 0x0, r3)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
signalfd4(0xffffffffffffffff, &(0x7f0000000080)={[0x1]}, 0x8, 0x0)

03:51:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x0, &(0x7f0000001b00))
fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x80, &(0x7f0000000080))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7d3c, 0x1ff, &(0x7f0000000000)=0x1)

03:51:08 executing program 7:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x2, 0x9, 0x200})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
fcntl$dupfd(r0, 0x406, r0)

[ 2136.938455] No source specified
[ 2136.943134] No source specified
03:51:08 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)

03:51:08 executing program 2:
getsockopt$IPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x41, &(0x7f0000000000)={'raw\x00', 0xe5, "5f660bdf7a156248fe77e823664ee2db7649ca9a522968d6da1e73a097a31422def51e48b554801e894dccccbac348504332caf8592d9439803c8584c31371b8d5197d0287fe85855688466ce7d12cf59df9d0dcad5366e21088fc5c7d73e46241c7c7a508bfdb49f17388de1df815094d13790938478eefc5c73ba96ac78eb30840f56ab496849223b5c95af9bad29f2ff9d43299ef2b1632a701727f285b30a3d295ffc2a0479bd48a94faf5effa5e2e19300b095769322a2965daf3b21d1cda8e61c07a6384a2b2b90f42037feed31e5bb45e19520731c749a69e336073d073c1bcafd0"}, &(0x7f0000000140)=0x109)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:51:08 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = signalfd4(r0, &(0x7f0000000080)={[0x2]}, 0x8, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f00000000c0)=']^]/#++:[[\x00', &(0x7f0000000100)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:08 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x500000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:08 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0)

03:51:08 executing program 7:
mount$9p_tcp(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x2844, &(0x7f00000000c0)={'trans=tcp,', {'port', 0x3d, 0x4e21}, 0x2c, {[{@cachetag={'cachetag', 0x3d, '}(])^/^$[}+#'}}], [{@obj_user}, {@smackfshat={'smackfshat', 0x3d, '+'}}, {@smackfshat}, {@smackfsdef={'smackfsdef', 0x3d, ':{*}!\'%&/'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '}^'}}, {@appraise}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@smackfstransmute={'smackfstransmute', 0x3d, '%^%'}}]}})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:51:08 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH(r0, 0x3, &(0x7f0000000000)='syz', &(0x7f0000000040)='./file0\x00', 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

[ 2137.065828] No source specified
[ 2137.069306] No source specified
03:51:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x600000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2137.168088] No source specified
[ 2137.190343] FAULT_INJECTION: forcing a failure.
[ 2137.190343] name failslab, interval 1, probability 0, space 0, times 0
[ 2137.191683] CPU: 0 UID: 0 PID: 17169 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2137.191703] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2137.191712] Call Trace:
[ 2137.191717]  <TASK>
[ 2137.191723]  dump_stack_lvl+0xfa/0x120
[ 2137.191749]  should_fail_ex+0x4d7/0x5e0
[ 2137.191764]  ? __ext4_new_inode+0x3378/0x4b90
[ 2137.191791]  should_failslab+0xc2/0x120
[ 2137.191805]  __kmalloc_node_track_caller_noprof+0xb8/0x490
[ 2137.191828]  ? sidtab_sid2str_get+0x85/0x6f0
[ 2137.191852]  ? sidtab_sid2str_get+0x17e/0x6f0
[ 2137.191888]  kmemdup_noprof+0x2b/0x60
[ 2137.191914]  sidtab_sid2str_get+0x17e/0x6f0
[ 2137.191939]  sidtab_entry_to_string+0x33/0x110
[ 2137.191962]  security_sid_to_context_core+0x350/0x620
[ 2137.191986]  selinux_inode_init_security+0x433/0x650
[ 2137.192012]  ? __pfx_selinux_inode_init_security+0x10/0x10
[ 2137.192034]  ? __kasan_kmalloc+0x7f/0x90
[ 2137.192048]  ? trace_kmalloc+0x1f/0xb0
[ 2137.192062]  ? posix_acl_create.part.0+0x2a0/0x480
[ 2137.192087]  security_inode_init_security+0x1e6/0x390
[ 2137.192109]  ? __pfx_ext4_initxattrs+0x10/0x10
[ 2137.192124]  ? __pfx_security_inode_init_security+0x10/0x10
[ 2137.192145]  ? ext4_inode_journal_mode+0x267/0x580
[ 2137.192168]  ? crc32c+0x1ae/0x320
[ 2137.192187]  __ext4_new_inode+0x3378/0x4b90
[ 2137.192217]  ? __pfx___ext4_new_inode+0x10/0x10
[ 2137.192242]  ? __pfx___dquot_initialize+0x10/0x10
[ 2137.192262]  ? d_splice_alias_ops+0x14b/0x830
[ 2137.192283]  ext4_create+0x2e2/0x4e0
[ 2137.192304]  ? __pfx_ext4_create+0x10/0x10
[ 2137.192319]  ? security_inode_permission+0x72/0xe0
[ 2137.192345]  ? __pfx_ext4_create+0x10/0x10
[ 2137.192360]  lookup_open.isra.0+0x10f8/0x1530
[ 2137.192383]  ? __pfx_lookup_open.isra.0+0x10/0x10
[ 2137.192412]  ? __pfx_down_write+0x10/0x10
[ 2137.192430]  ? mnt_get_write_access+0x1ea/0x2d0
[ 2137.192450]  path_openat+0xc26/0x2880
[ 2137.192478]  ? __lock_acquire+0x694/0x1b70
[ 2137.192494]  ? __pfx_path_openat+0x10/0x10
[ 2137.192521]  do_filp_open+0x1e8/0x450
[ 2137.192542]  ? __pfx_do_filp_open+0x10/0x10
[ 2137.192570]  ? find_held_lock+0x2b/0x80
[ 2137.192590]  ? alloc_fd+0x2c1/0x560
[ 2137.192610]  ? lock_release+0xc8/0x290
[ 2137.192633]  ? alloc_fd+0x2c1/0x560
[ 2137.192658]  do_sys_openat2+0x104/0x1b0
[ 2137.192675]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2137.192699]  __x64_sys_creat+0xcc/0x120
[ 2137.192717]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2137.192733]  ? __pfx_ksys_write+0x10/0x10
[ 2137.192757]  ? do_syscall_64+0x85/0x360
[ 2137.192777]  do_syscall_64+0xbf/0x360
[ 2137.192796]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2137.192810] RIP: 0033:0x7f2ff44d3b19
[ 2137.192821] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2137.192835] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2137.192849] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2137.192858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2137.192867] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2137.192875] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2137.192884] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2137.192903]  </TASK>
[ 2137.227926] No source specified
[ 2145.900745] Bluetooth: hci0: command 0x0406 tx timeout
[ 2145.901883] Bluetooth: hci1: command 0x0406 tx timeout
03:51:17 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
dup(0xffffffffffffffff)
membarrier(0x2, 0x0)
membarrier(0x10, 0x0)

03:51:17 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x600}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:17 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 19)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:17 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0xf8}}, 0x0)

03:51:17 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = getpgid(0x0)
sched_setattr(r0, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
sched_rr_get_interval(r0, &(0x7f0000000000))
membarrier(0x2, 0x0)
sched_setattr(r0, &(0x7f0000000040)={0x38, 0x2, 0x42, 0x7, 0x5dbf, 0x2, 0x7, 0x9a, 0x9, 0xfff}, 0x0)

03:51:17 executing program 5:
semtimedop(0x0, &(0x7f0000000080)=[{0x1, 0x0, 0x800}, {0x1, 0x1}, {0x2, 0x9fc, 0x1000}, {0x0, 0xff80, 0x1000}, {0x0, 0x7ff, 0x1000}], 0x5, &(0x7f00000000c0)={0x77359400})
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:17 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = fsopen(0x0, 0x1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f0000001300)='.$\x00', &(0x7f0000001340)="0fc8945a64ee1cc645db75c0eabab0aed867c046d4f3efea68435752ad7d8cfdcb2bdd3a8ac2a6da2874a1847c8bca7d0fd45f3f9dadd4d10f3b7b03ee9fec3d088d3c65ecde971dde4816937adfdb8979bde9b0e08b2544c755e68b89d3cb15b6ad1323d51dbd28fa3151a0958fab970303b44eb0569dd036276bc07453c867a7de881380a5f13f98321c184709682e5bf9efc4944ff9256a09e039f9c6a371d73a05965637a7ba1d3a7a7619ff6a8f422f8c2d7b231af3c489d97c57c24a90a0916232c49e38f93f5c5a508d5cc99d34d6ac919c4c1ef1117c5c0969e5f3d258", 0xe1)
read(r0, &(0x7f0000001440)=""/52, 0x34)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000011c0)='&*\x00', 0x0)
keyctl$chown(0x4, r2, 0xee00, 0x0)
add_key$fscrypt_v1(&(0x7f0000001200), &(0x7f0000001240)={'fscrypt:', @desc1}, &(0x7f0000001280)={0x0, "d50a532ce37fe25d25704e844db5fedeb88396c1afcb29f090281b8fc58f474ffa66af80c734404aec307a905c1e8e7daa18780440946299d6f6a35e14c7a606", 0x30}, 0x48, r2)
add_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f00000001c0)="c80b57e25a0a757a02d50bf15cf43472bf8c0f0cca35fc64fe6c1060f328165ee04a257b31048aab3df695e5cc77ea4fea7f182389640f93098c9fbb95d35e9c0b8c453d5b9e591e5e59b0c256b302f5828be578dc6ab8f5f0cf77da2f5b80742faf0b4c558c09b060eaa668b5bbbe5716fc0d1a5545d1ea6d1b479faab0fd259965e01669338f40c13bece929c9803bf2289e79e3cea06472399367a83156453eb7141b7ae17f2b6beb1fa66763ab9c3536107fc7e472be107d2626a66ed2ed098a6e2b2de8872935235c715db68ec068f0c430f139d904339917ed1b6b96c3f17e6dfe7e28b6a3008f02066db09f308f551e7348ac660ab275e05aab6045d13e4737e8dbdf21a31787cef3ee645ae0af9d9fa27cf66cce5189b580b502293b6b10d1bc43c4f7f0791a602b06a8a05ad2e10b67bf6c2b8921d1a700f806c37014dabbe1705319ae90eef99804b3920cf30144f84214793cb7dbd450460b7460f081d8e3b2feffabe1c25de8800ed80cdeda65cf37f57158209d3fe015efae9f3f7453b0f61d401a670054028109c8cfabb4ed9d8da29037db672e7c5bf53ec14d952940ec9cfc034b6b8183472d278d3c2ae5c299def2f8fe88470cdfe8309566f8ddec2b1e627f655b0160d0a2298e8a17d02e66899ebd056d056ca6d76edb6b5d56ef96f5b73f4f4ae791a76164213c45a9713adf7f1cc8c5e4330e58de02d8aca105dd9afa273f427c5d964db8991f06d1ebd44c33dfa870401f3eda18746038fb1c12d91644da690f0ba0fa45a54313c836e16b0837bca375deab51d327c384f32531d2fd29cb70087aa14d852adb42814878751d4e4b263576a147fa5b184be39f02b88e7c12c3cd31457b7d34ecff8da219af62fe18f2225111976cb957035596d4c2a1af4eb6830b57003f991f5898dd1406b149a707bbe9d5e0a6d45bf0f2483ce7c0ef918b29842f5eeac14c320d05aaa591edd3c246b0dfc7a2563d48773a4ea28f52e2a4f1fcc79e40479174123331fd08d09bacfaab10cec7c3f36a2e3a61f6ca5ff9f2562e35271260040ad739bd375a2a78e3b290c3fea6a2d850612352b90aeb08e76c4b96b9f51439e92b68e950590ba5656923cb693ac2248e31fed45c76680204e19ed5cd9b80652569ed55ebde49def1562a7637be3724b012475e970f08c7bfa9e28e4a82637de2f73bd197dcaf9faccbb4dae71fc471132a5c28991834d61a1a24dbfc28a9f8b7ed60956f87e006c74483336fb7e844bdbcd16711a0db19791d29f9b2f23e9b626b1402004bc381f6b77c121a705374da3908302eb44138a19fc09d68ed99d6a0e9345db62378ca65db708fa4bedb422416c003a95073af30abc7beb8d38030a218ae30c0fbaff0218406ec763d7fbbe525095172176fd0efae7cb5d89d7377e008bcddf22da5c7276fb22474e860f62d4ac4d6ba3aa596f967f9beea8ce2cdbe12fa0244b108744ff44c33c74e5c0c16d556874bd0be66a6c539c5f5f7c5daf5bd988872197cd50770887543a906debb1400e20d2b2e94c683fe8bdb58fa7dcd214c26deb4d7cdabf2b73b6d4d5a0f1ee7d5d6ccbf1cf11b09610293813fca43ffffa95b78c0a5173959fef37189e2f3d3003aabb4614915d2e47e7914fafb0df39d3d6f495d7f8e57c97bcddab5c28e879ce7ff2a16348a7059c997454b96f623b27e4e7d00686d17410897c305e4ba3fecedec32353b989721eb0cd8aadbd0c7307065a86965d281bc5f2a712b848639ec70d26f4a66742ddc062b105cd753c2390f02bcbf768cd9845d5badf863692944a39ee1bf30f0ab9e110e3534930332f56968a70d67dca946c16140c92a45f9619c919794ad654cbcea740ee0d01f4a07538f1b6b6b6151d6078db8ea3008301e8e52d2126e2c35a6af88a4ad11b6f5d2373c37a311465646fc327e304bdef0730531c9bcbf3af68971308286443b87d0252fd765815a3ed5cb3d56a5cdfc42d35b1fc47bc586b50f269974d7ae4ce029ec19f59353a03f491c3cb138ab0d5452354d78101c2971e513fd305798b9c95934c4afc9c2ff3f4a40e95bb75ec0524b4b9683531b8292f23e3141bcbdd21ad45c74cc38fd7f1cca90a3f51c6897a12e421041c1e283fc7a6f51680c8def9b3cedbc95f0401ef03ff7767f8437115cf268c443f460164c77ec4af583994d9e86fbc716ac250c603b43d0ea7859aac4369ebadb573e12a367fe95e1716c43f32921984188b6326c393228f3c9c5f5299b796bffeb5b1add06afa40030cb38c40d11bcf89939dedf591a98e89ada5c7acb8c71e1cd9c7840153188144bef5dd8f3b7b73a3e0bb3862a50c08c8f9d19920e1bf5ed3e0b479304cac202309b8a94cb45759c9982350f2a52cfa05393c34cc33717478959d69ecb2474372e06cc597b31e92445bb0fe1ad5361583f767f8e9f25f4e0a0e5cc6141dec22826fa5dc0fca7c457286a54db90e5afba23b091d3548010d5154ed0649a44a59df02a5c35df9e8b6dc150394c774749072b9b158c823c17d2c97ab077bad73cc2157a5ac3da41e5c5ac627757550eaf50d93dd83a8b732dfd5145bc2e4c481b7bc54821da349c47234129bfcf039270c066f8a62f64fb91e2a8fce30f73644385cb1c872f389d352a7677359e3a625c9d649af57d68abf37b2989e57cf06850cd7c9e0d51e334347f49aa45bf017671523f91e8bf75844f4ce8a3586f719f5ea05daee820e59e3760599f5d1d9b9283ad3239cba9221d17870bc6b8dcbfb3f77cb209889683006eba59d0b01c9bfda3a5820cf7405facfba6e480b29852ded5e79c7bfe50b4cffd5961fa24a12c7e3468f5223d301b1c6b3f1caf2063012a5a86696f90bbbf6d76a328b68d1980d6f5de49fd7faf6b2c169c8aeac11f607478a19fe5646fc046ebe195c8b9fbb8a332f321d6cda60f70c439e02ef46995864f6b0dac58ad96003f66fad16186beef3d38e35dea501c45dd0805c4263a3e54fa7c4e5693e21d20908222c6ed2306e9e4c7bcdd787a97fde1298b8cc4ac8a8557e036b2387c782fc2a0a036ea21c0c053c827266243f09d0f8bbd5b4dadbd9758e3be828411e10dc6d7021b0f91a29993276552d88399519d22bc737d63cd3f93b4796bfed9bbde16b0c1e9a512f6579b92570e835422f5e13b57d110c64d2412ee94e0e5eaf817e739b19806dde9126a6485b50d0c6ca9bd3c64a98e296cef81650380b6087690b805c152be4bb6d1cbae1a2dbb54f2d7b5fffdff54583ef50d23e41557fae055515c5899cc6f73c1ccb8181f730494b4268cc6622afbd97bcb58ee7f97ca4dd3c8eda3350a854f4540721b9f7fad2ea6d655b4ca36fbcb638d2d624092caeea8b29e583f119d82885b261763e2161f34f35afcd33ea8fb43acf94216a052bb7dc28d8c02e419ba3ad5301e0fecc4efa62d14e55c643769db3b1810480097e037c151b57c2b503f2d57bfdb64b2e90d72ef6ed4e52a82f5e51f5e44ed821121cf7c149af111b8c529ddf84e6ee86685ae593f3aa766967b462518306560678857742be59c91123cbf7651807c9f5b6f4763cfdc0a07787d47b3c8136dd6f3aba30a16dbc2c729bbef9cb49ecf29d8268d18c3cc7a2e7dfead4e7db7a2c33f5460920ed0ae1cf056e19a9030db55b6a7dbfb35dc0a321e4d48a96933167028d3920d8887eb03567a0ee3c17b2cb0b2e6b912e59cc3990cb0aaccaae2ac5a3f1ba44aff0b42e4b6d2c042d62be1f0fdf605443d891a5e7112fa2afa0b7cd2a35c0b168922b6cef64b2e36cdd010bdafc380b6a2bc806c7aa00aa5e3dd76bc82c42f0d27e546e32226a6141f75fb991ddcbd40c715dbb76aa53aaaa6156f47cf0a9df41234c109306cdaaddb3cbd671a0e03f807a05f9e9c3d1d0a14aa86eb6196474efa7525c82657ce0e4c3e93a9500598e33286334a4eaa95a334d4058e8168351e65eaec9baa11106f191becf1704448c6c68a592694694ea3151f9ca8e4b73c3ed9ac728d25d59a3fa58c3bf7e534369ce9e0e1746a1468d02e7016c64dcd8e15adcde3e81b31b8ad2f1e4123dcd190ce723115147045fb73e641313426439ebfd4385a0f4fdd7b58e6d79d014d17d0a447fe609b22abe0e426ec83dcd05247619cd75589d133dfb2431a7f8167578397dceb4db1a8711786254d67da0b838c6d5ad7c605bbc0e17dc1835d23eb289b84c2f21b42ae86b4d4776008c588c58f5c9806267939f20060c209f8856704fdf8f1e57269047319d3f0f2dc102397d191840a857958d6134e2823964bda07c35b3456da5c310192e71f953f2a8988c6e998aeb2848a7c02547f9987ee9bf458a3f34b146f9190316fb3069dfd133fc15c61b79c11ebbe4747f28407032e93107c79811208086bfab2700beca2803da961828671f4b12a8ab950ab10713595315ef2b7d55b6563e580c19df534ce80dba7aa34f93fcf5fe2af11b56b0a5ab45b628b4f66d80dfd2bf910899add55ada9df74f61a50f10446711402413a83ac4e7d3ea70a74d61add48e65a8aa754fa650b1fc8efa32cb754d90251fd1ac1c49671091e71d2b5668c8b5f6ede9c3e8f739a8f04d6d2156fc98bff595006bc8d0acce6b365988b331dfb6c3fdc9be2721a871aa8b469b532aae7a401af8cd3a34e734d05760019637cf72b9fe019100915eb417b3afd83d716b25d1b2e5c0647c88dff74661c29c527a869eee056f939e96ad7b45445db6b3e0cab706eb70b1738c8fdc056384f09c85cf1796f689975e10af29e49385fd77a47f004b43da71820dbe8b6d1c09e46cdbe8e553991d96bb49648de52806d76d2fe9bad8f65791747a131035a8da91e03f7cfae5e4fc197f2350efddc8caea73dd1864b8080118b4a92bf566a856459d575e12ac88f0712c1fb4b229025a68ec80c67277d6778e5c8d73d35dc5fe9282b3b1a3386235d60846aa9642dc0b031be7362fd6f2bb30f33bb98f0a0f97ef653ef778235215903efa6a43c3c36cc6ae66016ebc044f3660af772685a5ddacdb9d0340cdcba106011a94b140a32c0fae03d7a88c2cb42ab8ed7dd5dbde88437ab8d1366e0b62296a4619426ed9f0e2a26eab26274475bf631db4f4a1e59b9f43f2eff8881914fdda8bcd38339af0e6357f17f88c44a705dd11561ccfa7a3af2bf9adc2f2e3dc66e02b98a9a3b5b3da09a4c571544d585320ea7e15d4de3109ee5860439aaa2a43a74a959cd15464cf165f67cd6b18de2d2146bb72106e4f7a859aedc72ee00bdbbedcd19314a1cafee132521f19bfe253970b3b2217df6888b0f89aa5c5b4ce7548c730c3774acbfccd83df1863de0d7b9c20fba103d3abedb2acffcfcdac5d95deea8b1b34091fdc56767f2b9bcb9cda7812d4daeb11351a9b2ccbaa092153e587229bf610b86142fa6bb2131269d7fa6d21ac7bce7c0984c853fac5824015bb5451edcb32fd3574dc2abe6636c9c442c628a14f9bf79d32c2692298efd57ba757e4c8304b3d48c64dbe42fae1455359e51f6c1498353128a5a829060a1d454854813909bc97e5250a51cb50b8c35858ffc022df0b665206448043b386c3d0e6f9ce65b36a3294f4eab90f773f0b6badc037269af05644f144d576feb3f4b03c4dd060a005965bc72f049b290b09619dd96d583eaf1e8627cada17b5b827569d9cfb99204a1eb6c5b8aab3739c2d5642ff5bd7667c41ecbc3c4a7eb50d5ff78caefd00d969cebe2fcadb11a7d7cec5123f0aefe1c38a5ebd33a4992bb48c4cb8fa2cc4fded457a219b619f338", 0x1000, r2)

03:51:17 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x700000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2146.038020] No source specified
[ 2146.046916] No source specified
03:51:17 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0xf8}}, 0x0)

03:51:18 executing program 2:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r1, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r0, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="00022abd7000ffdbdf252e0000000c00990008000000780000001400f9002c63362f036703ce6ce0b59055b3649e"], 0x34}, 0x1, 0x0, 0x0, 0x885d}, 0x2004000c)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x0, &(0x7f0000000000)=0x1)
socketpair(0x10, 0x2, 0x0, &(0x7f0000000140)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
sendmsg$IPSET_CMD_GET_BYINDEX(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0xf, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0x4}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_INDEX={0x6, 0xb, 0xffffffffffffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x8004}, 0x8040)
ioctl$F2FS_IOC_MOVE_RANGE(r3, 0xc020f509, &(0x7f00000002c0)={<r4=>r3, 0x8725, 0x7f, 0xf5})
getsockopt$IP_SET_OP_GET_BYINDEX(r4, 0x1, 0x53, &(0x7f0000000300), &(0x7f0000000340)=0x28)
membarrier(0x2, 0x0)

03:51:18 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={0x0, 0xf8}}, 0x0)

03:51:18 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="7ec9001400e1ff050017050c00122b039c54000104efec77040500"], 0x19)
membarrier(0x0, 0x0)

03:51:18 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x80000001, 0x5a, &(0x7f0000000080))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:18 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x800000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:18 executing program 4:
perf_event_open(&(0x7f00000001c0)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0x7f}}, 0x0, 0x0, 0xffffffffffffffff, 0x8)
r0 = fsopen(0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_READY(0xffffffffffffffff, 0xc0189376, &(0x7f0000000180)={{0x1, 0x1, 0x18, <r1=>r0, {0x492b}}, './file0\x00'})
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000240)='/dev/nvram\x00', &(0x7f0000000280)='keyring\x00', 0x0)
r2 = getpgid(0xffffffffffffffff)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x2, 0x80, 0x82, 0x6, 0x3, 0x8, 0x0, 0x401, 0x40, 0x4, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x89, 0x0, @perf_config_ext={0x9, 0x6}, 0x5100, 0x8, 0x6, 0x1, 0x3f, 0x1, 0x7, 0x0, 0x6, 0x0, 0xfffffffffffffffc}, r2, 0x4, r3, 0xb)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000000)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r4 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r4, 0x0, 0x0)
fstat(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0})
keyctl$chown(0x4, r4, 0x0, r5)

[ 2146.196870] No source specified
[ 2146.199407] No source specified
03:51:18 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffe, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0xfffffffffffffffe, &(0x7f0000000040))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x400800000aae, 0x0, &(0x7f0000000000)=0x1)
membarrier(0x2, 0x0)

03:51:18 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0], 0xf8}}, 0x0)

03:51:27 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x700}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:27 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 20)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:27 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2a8a, 0x4, &(0x7f0000000040))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7fff, 0x7f, &(0x7f0000000000))

03:51:27 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)
request_key(&(0x7f0000000000)='.dead\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='syz', r0)

03:51:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x900000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:27 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x8, 0x0)

03:51:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4c, 0x3, &(0x7f0000000080))
creat(&(0x7f00000000c0)='./file0\x00', 0x100)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:27 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0], 0xf8}}, 0x0)

03:51:27 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0], 0xf8}}, 0x0)

[ 2155.441218] No source specified
[ 2155.443160] No source specified
03:51:27 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xa00000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:27 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsmount(r1, 0x1, 0xd)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 2155.527782] No source specified
[ 2155.534184] No source specified
[ 2155.620491] FAULT_INJECTION: forcing a failure.
[ 2155.620491] name failslab, interval 1, probability 0, space 0, times 0
[ 2155.621449] CPU: 1 UID: 0 PID: 17274 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2155.621466] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2155.621476] Call Trace:
[ 2155.621480]  <TASK>
[ 2155.621486]  dump_stack_lvl+0xfa/0x120
[ 2155.621510]  should_fail_ex+0x4d7/0x5e0
[ 2155.621527]  ? ext4_inode_attach_jinode+0x118/0x230
[ 2155.621548]  should_failslab+0xc2/0x120
[ 2155.621561]  kmem_cache_alloc_noprof+0x5f/0x470
[ 2155.621585]  ext4_inode_attach_jinode+0x118/0x230
[ 2155.621606]  ext4_file_open+0x31f/0xfe0
[ 2155.621630]  ? inode_has_perm+0x170/0x1c0
[ 2155.621647]  ? __pfx_ext4_file_open+0x10/0x10
[ 2155.621665]  ? selinux_file_open+0x37e/0x4c0
[ 2155.621685]  ? __pfx_selinux_file_open+0x10/0x10
[ 2155.621705]  ? lock_release+0xc8/0x290
[ 2155.621718]  ? path_get+0x61/0x80
[ 2155.621732]  ? mnt_get_write_access+0x51/0x2d0
[ 2155.621749]  do_dentry_open+0x71c/0x1420
[ 2155.621770]  ? __pfx_ext4_file_open+0x10/0x10
[ 2155.621788]  ? inode_permission+0x134/0x610
[ 2155.621803]  vfs_open+0x82/0x3f0
[ 2155.621817]  ? may_open+0x1f3/0x420
[ 2155.621833]  path_openat+0x1c3f/0x2880
[ 2155.621857]  ? __lock_acquire+0x694/0x1b70
[ 2155.621871]  ? __pfx_path_openat+0x10/0x10
[ 2155.621898]  do_filp_open+0x1e8/0x450
[ 2155.621919]  ? __pfx_do_filp_open+0x10/0x10
[ 2155.621945]  ? find_held_lock+0x2b/0x80
[ 2155.621963]  ? alloc_fd+0x2c1/0x560
[ 2155.621980]  ? lock_release+0xc8/0x290
[ 2155.621996]  ? alloc_fd+0x2c1/0x560
[ 2155.622018]  do_sys_openat2+0x104/0x1b0
[ 2155.622033]  ? __pfx_do_sys_openat2+0x10/0x10
[ 2155.622054]  __x64_sys_creat+0xcc/0x120
[ 2155.622070]  ? __pfx___x64_sys_creat+0x10/0x10
[ 2155.622085]  ? __pfx_ksys_write+0x10/0x10
[ 2155.622107]  ? do_syscall_64+0x85/0x360
[ 2155.622126]  do_syscall_64+0xbf/0x360
[ 2155.622143]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2155.622157] RIP: 0033:0x7f2ff44d3b19
[ 2155.622168] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2155.622182] RSP: 002b:00007f2ff1a07188 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[ 2155.622194] RAX: ffffffffffffffda RBX: 00007f2ff45e70e0 RCX: 00007f2ff44d3b19
[ 2155.622203] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000000
[ 2155.622211] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2155.622219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2155.622226] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2155.622243]  </TASK>
03:51:38 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xb00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:38 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 21)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:38 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x8, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x4)

03:51:38 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x800000}, 0x0, 0x1, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000000)='cgroup.threads\x00', 0x2, 0x0)
r2 = getpgid(0xffffffffffffffff)
fcntl$lock(r1, 0x24, &(0x7f0000000040)={0x0, 0x3, 0x80000000, 0x5, r2})
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:51:38 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xb00000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:38 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x1, 0x0)

03:51:38 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000100)=':\xe6\x00', &(0x7f0000000140)='./file0\x00', 0xffffffffffffff9c)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)=':\xe6\x00', &(0x7f00000000c0)='$#\x00', 0x0)

03:51:38 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xf8}}, 0x0)

[ 2166.712011] No source specified
[ 2166.718322] No source specified
03:51:38 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x100000001, 0x1, &(0x7f0000000000)=0x1)
membarrier(0x2, 0x0)

03:51:38 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x800000, 0x0, &(0x7f0000000040)=0xfd)
membarrier(0x2, 0x0)

03:51:38 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x1000000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:38 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x2, 0x0, &(0x7f0000000140)=0xfe)
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x4)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r3 = signalfd(r0, &(0x7f0000000200)={[0x800]}, 0x8)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000240)='hugetlbfs\x00', &(0x7f0000000280)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
openat$null(0xffffffffffffff9c, &(0x7f0000000180), 0xc040, 0x0)
r4 = fsmount(r1, 0x1, 0x4)
read(r4, 0x0, 0xfffffffffffffe49)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000080)='posixacl\x00', 0x0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x8000, 0x130)

03:51:38 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xf8}}, 0x0)

03:51:38 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpgid(0x0)
sched_setattr(r1, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r2 = perf_event_open(&(0x7f0000000240)={0x1, 0x80, 0x1, 0x2, 0x0, 0x90, 0x0, 0xdba0, 0x4000, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, @perf_bp={&(0x7f0000000200), 0x2}, 0x40810, 0x3f, 0x4, 0x8, 0x60000000000, 0x6, 0x54c, 0x0, 0x8, 0x0, 0x7}, r1, 0xe, r0, 0x2)
fsopen(0x0, 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r3, 0xee00, 0x0)
r4 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffff9)
ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f00000002c0)=<r5=>0x0)
kcmp(r1, r5, 0x6, r0, r2)
fsmount(0xffffffffffffffff, 0x1, 0xc)
r6 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r6, 0x0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r4, r4, r6, 0x0)
keyctl$search(0xa, r4, &(0x7f0000000080)='keyring\x00', &(0x7f00000001c0)={'syz', 0x1}, r3)

03:51:38 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffffffffffff, 0x0, &(0x7f0000001b00))
socket$nl_xfrm(0x10, 0x3, 0x6)
membarrier(0x2, 0x0)

03:51:38 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xfffffffffffffffc, 0x20, &(0x7f0000001b00)=0x4)
membarrier(0x2, 0x0)
membarrier(0x1, 0x0)

[ 2166.945456] No source specified
[ 2166.951313] No source specified
03:51:49 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xe00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:49 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0) (fail_nth: 22)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x180f000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:49 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
signalfd(r0, &(0x7f0000000080)={[0x1800000]}, 0x8)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xf8}}, 0x0)

03:51:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=<r0=>0x0)
syz_open_procfs(r0, &(0x7f0000000040)='environ\x00')

03:51:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xa2, 0x4, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x2, 0x0)

03:51:49 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x8910, 0x0, 0x0, 0x8, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000080)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "0ceb2822b2a315d4af78a19190153ace396c021f341be388cdda7a7de3b36d7ac80d266218a24ffa22d84120e3e895be71da7c15028cbcc5455fbfc6e9c694fb", 0x39}, 0x48, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$chown(0x4, r1, 0xee00, 0x0)

[ 2177.807180] No source specified
[ 2177.809821] No source specified
03:51:49 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, &(0x7f0000000080)='hugetlbfs\x00', &(0x7f00000001c0)=')-l}\x00', 0x0)
read(r2, 0x0, 0x0)
r3 = accept$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000))
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
r5 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r5, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r5, 0x0, 0x0)
fsmount(r4, 0x0, 0x8c)
poll(&(0x7f0000000040)=[{r0, 0x8000}, {r2, 0x400}, {r3, 0x120}, {r4, 0x1000}, {r0, 0x1}, {r5, 0x2085}], 0x6, 0x3)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:51:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2000000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

[ 2177.908161] No source specified
[ 2177.912167] No source specified
03:51:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x636b, &(0x7f0000001b00)=0x5)
membarrier(0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x4, 0x4, &(0x7f0000000300)=[{&(0x7f0000000080)="9ab8182d0b0186b69550c2ad7226b8d740e5c809a6b356325b9d75d793c392272c0b033f7e00425613a7d0213dbeb42fc858d75b8e297d1fc4476770ee517027faea5e2463c234465252f0681846116795d89268baf8afb296238e055d1192aa407ac214529aab3907e3d47f9e592f0bfba10ac14c804c0da60c612a80881d43b21f1c0a8f66d67caa680bd72cda6cd1efcf3158e5caef2a4e9d91b372f88f208b12d9e297ac52fd44976b58de4d2387288156be68c053a24729c641da771cf94956be19501c64095e893aebef5a8d2ca7e672f889004b43875837a977cdfd0b1003d1efba8e25812e99c34c8a05569caea8befbfdc8bb4822bc55cc235c7f", 0xff, 0xffffffff00000000}, {&(0x7f0000000180), 0x0, 0x1dc}, {&(0x7f00000001c0)="b65570da8273aa93fb229b5994b0d21008dac56e8965dca030bf24979e976c03e4d0eab61766b4563fea1696a042d94137b5d4865d878763b82953cb58c5bb679391291e87c7fe69f84a2aff0c73321440a5cecf473c8b6a111cba029dae51082f39d46fd3b1fb0bf619525589f68ba67b3f46b29db0d9e25cf658098bd91e787603e4a84b0f38e8b8fd3a2bcdff62e8e8dc85110b44b5c0f0df3f91e68d42dea3a37b", 0xa3, 0x5}, {&(0x7f0000000280)="12bb4452f0e9c1480329d46e424c90b1498664fe32c1513b9bf2f9310649f34145ba5857883ec1f74a19404e1ca28c30f5a52a3b52d34c9374d4ced34905a2df8080e0a94989d79358259367ecb53e4c13c1ebe97bf31e2e61a764bb", 0x5c, 0x100000001}], 0xbfd8a25d531677bf, &(0x7f0000000380)={[{@check_strict}, {@unhide}], [{@mask={'mask', 0x3d, '^MAY_WRITE'}}, {@fsmagic={'fsmagic', 0x3d, 0x7}}]})
membarrier(0x20, 0x0)

03:51:49 executing program 7:
prctl$PR_GET_FPEMU(0x9, &(0x7f0000000000))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x0, 0x0)
membarrier(0x10, 0x0)

03:51:49 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='iso9660\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x2010000000000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

[ 2178.016503] No source specified
[ 2178.024822] No source specified
[ 2178.088955] FAULT_INJECTION: forcing a failure.
[ 2178.088955] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 2178.089989] CPU: 1 UID: 0 PID: 17357 Comm: syz-executor.6 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2178.090007] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2178.090015] Call Trace:
[ 2178.090020]  <TASK>
[ 2178.090025]  dump_stack_lvl+0xfa/0x120
[ 2178.090048]  should_fail_ex+0x4d7/0x5e0
[ 2178.090065]  _copy_to_user+0x32/0xd0
[ 2178.090084]  simple_read_from_buffer+0xe0/0x180
[ 2178.090103]  proc_fail_nth_read+0x189/0x270
[ 2178.090124]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2178.090143]  ? security_file_permission+0x22/0x90
[ 2178.090159]  ? __pfx_proc_fail_nth_read+0x10/0x10
[ 2178.090178]  vfs_read+0x1eb/0xbe0
[ 2178.090200]  ? __pfx_vfs_read+0x10/0x10
[ 2178.090220]  ? lock_release+0xc8/0x290
[ 2178.090239]  ? __fget_files+0x20d/0x3b0
[ 2178.090267]  ksys_read+0x121/0x240
[ 2178.090285]  ? __pfx_ksys_read+0x10/0x10
[ 2178.090309]  do_syscall_64+0xbf/0x360
[ 2178.090326]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2178.090340] RIP: 0033:0x7f2ff448669c
[ 2178.090350] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 fc ff ff 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 2f fd ff ff 48
[ 2178.090363] RSP: 002b:00007f2ff1a07170 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[ 2178.090375] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007f2ff448669c
[ 2178.090383] RDX: 000000000000000f RSI: 00007f2ff1a071e0 RDI: 0000000000000004
[ 2178.090391] RBP: 00007f2ff1a071d0 R08: 0000000000000000 R09: 0000000000000000
[ 2178.090398] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 2178.090406] R13: 00007ffeaca41a7f R14: 00007f2ff1a07300 R15: 0000000000022000
[ 2178.090422]  </TASK>
03:51:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x2000000000, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xd52, 0xb0, &(0x7f0000000040))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7, &(0x7f0000000000)=0x1)

03:51:59 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)
r2 = getpgid(0x0)
sched_setattr(r2, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
perf_event_open(&(0x7f0000000000)={0x0, 0x80, 0x7, 0x8, 0x6, 0x2, 0x0, 0x4, 0x0, 0xa, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x3, 0x4, @perf_config_ext={0x61, 0x9c}, 0x2020, 0x2da, 0x7ff, 0x5, 0x9, 0x53a2, 0x4, 0x0, 0x800, 0x0, 0x4}, r2, 0xb, r0, 0x0)

03:51:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x8cffffff00000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:59 executing program 7:
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x44, 0x0, 0x300, 0x70bd25, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x38}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5c}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0xb}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7a}]}, 0x44}, 0x1, 0x0, 0x0, 0x4048981}, 0x4000080)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:51:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

03:51:59 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x0)
rmdir(&(0x7f0000000380)='./file0\x00')

03:51:59 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x2c00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:51:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = getpid()
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
pidfd_open(0xffffffffffffffff, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r2 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r3, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r3, 0x0, 0x0)
pwritev2(r3, &(0x7f0000001400)=[{&(0x7f00000001c0)="86c845157422fd55f330eab2e1b129ea27f5eb3e310001526e5399c5564bf42a4398f9f24fb259fd0e8b37ec7bc3c00e1bec915855eefbcdc4033619abb753926afb121df59ed0ffcc54445f03c3870fd250ae200ef7b7421cc4fc41fcd16dc9f32c8c0666bf2c24cebe3244149dbdab6ec78578380b0fb3e7975e8be90bf700877f77479ef439365b0d77d854c228eae078f2d7ad21b0bdffb8e29aa01776edae598c18913ab3a8344eeb660d3158c5d3debbd85e7cb7ee8002130528b786484f4f591d886d08d533f708d4da8b17aeb2f2591f76bd88d63f50c50c373d22f4f5258dc6fa63ef", 0xe7}, {&(0x7f00000002c0)="345219a9528d4822143dba1fe9b8bb62883be6aaf837e1d7af3e57af669821c213bfb285006167ca3d3f30caf4f215573adde0867eb21400252a0f23590924d7e8fe50a6a2f394a3a0e4672c60bce0157df4ac75795b8c4fc5b9d7e5f216cc174a7c175556dce38fad5523e06da6dd38a7b9a0", 0x73}, {&(0x7f0000000340)="1f2438f0bd710e62c2c39eb22f509cbcea5f33f4d19622e1d40f36d690ca3974a9d7a327563a65947df05c3390bbd4a2f49f8f7d30f13487a0c65ca90aa32a9b9a7826a90efa6c78003c6d24eb632e162fdd2cc80936dc1ba844f3804ef629ba64caa553f1e8103d1b237082a2d1e5a5917b7b24eee720ec491114f005c32423da13de7ac8318874cee332d5c47433ed874c1f2791061332f6cb77c3", 0x9c}, {&(0x7f0000000400)="799024c039b06d503861000ec8330a33418dd0eb83633fc62c378007a313beee4a3c26d6b71a7fc7bf322fb43bd838e104035a130ab6bdcb6b73cefbc049fd004a4527ffa40482bdbd10f3a453eb7458d18c6eb1df66bb72b600f6684ea7403ddca428a52278203661d6c8eb886bca4cff910b6269f1bec47db65c88f5fe247be054e45282a62b93306d0bfbb29a50d854603a30f81652082a98b30908ebe34e3f9e07bc851c01f000dbe5255f6d91b2fcec499935a0c53d883dfc7d6af6582d2143bce39387365babdadb88071e0ba29882e943dd5e009cf7d479ae5a8d9ad26d2508c21919271d7bfac0e968b22dad059bcdea8b9c78ef872db07ed3ec3b61e1471365b06244ae4780e13285f4d9fb49584bfc1eb6675cd13a7405367fb9528291e6ed74f16b14f9243f55e12f2a6ca03d96464d75a2550710f73bec78fb2cd72990200d6ea5472adea72015699b8a486c5a65b9c4ee3a7820982f8afde3ac3aa93cad088fcc54947813b61bd3a7a1a4a6e268d6ec6c134bb911a5cc0fe97c60ffb635728d4bc8e8549f5ad99ca0171083f5c8b9ae07e87446eaffa82713ab65a326f407dd0868d542e230215d41c032ce4c5ce0668aa8ce39839fc6c1442dd220243957a6af28004cdcafadba9315188176b0b529aa172fba11b218d2577f4b6f25119a18c4951ae731ad3f15623cc70cb586f20a4dafbe41566af40cdcc9487ec277f88608f1f0c39ad569361b5191bf74db6ee73f60578c7362807c1e935f14fe9eee07c7a577f5abf7a708645fe4fd0c0bdb5b11585e0b382f5aa5534d47b31b100e7ffd1723eb43cd0060ace8b42348b8b21381d83df6566ba14bdf151a6d2c94152714269c782e60629430253a0a95c0104855f88b1480b7c9d9c1f1decb7c998355b42c467a6d4c7e05f1ed80ba13c1ec2f58b63bb75060a4d69ceb5d388399cc3b6bc4f867ea3dea1d80e538d355065ac350bf69cbaa31d7619b1d655a736ed5019deb7f96240c0a910d44bfdd838e2a166a2cdf5cd4d1aed1367369fcd3f857e0bdda853bb6c34c69aaace0869f1e27ed21ee2dcdf139982264a1dacfc93aa2f3fb4e8ba467b5d786bfd8b59118f718bec3902eed4104ccc1643d944da30763a442ea3b33147b808b1eb6154957dcfdefa4be7af0a4058542dbd285edbf262503798c521ff4a1e2885259e9149da7ac876e8544d46916ba3bc28e30c789f91af6c2c9581f28dc5f7a46286e65694b4a7d83e661107d65df1ce7b2b620f809b17b5d4f1ccb6a61e6f346622f7411ca0f25aabc3c3db65ac57932c81710db202f91768395e3d766c93f61e457b79d3c5dba76e4e59096753acec9ba8e75805e952617e4387d82c5047e033fc447c3495b4214e8a5903cf11cf40e6e437513f51b76de53817eb7ae6d4fe846f65ec48ca75ec932216f3a5eeb60140f50067ba6fb3056f63010fd1397dae39670272caaa12c9bca870f432e771cb491f9d9cb6f9dc7e6c3dc0a9ceebf5fd67cbe0afe58310dbc71a54ce62d4ed80b6a253b5af2f5c184bea6ab9de31be77fa3df3a73b23172b338cea88ae8aebe519ad7ab8b962eb4785f49deaad24cd58c534da5a3f8e059561a55cc82a9587e0ea63d6c0458521222fadc0d08256e447ccbb0c22bd365c2d3bb5a55fac4063a418d154a8520490c3dcea77f0ab6bb7162e6ec60c88d34b069b479ec4e78b1a9547b51844bb36472e1125c14f1f90a6af304c5233590a6eb1fa3f9b8344b9fc670e10b41e1479e0f6e5a6313ddbaf60de28e285736ff25742c190ad2de5b850a3a467e7af891c81323c1990cac257b6b454ce3a50dd56a4cefbfc2db41d57432f848f1e39501ab3e181a60ac1b4dbf8560736f7c67f68508f4c620b1dc4ac0f5d2407892035639efe842ad5b0f3396f885ecf1c55982df16b0b28c98e436067f895a72a97516a52cc13fdc355e626f6d97062cf0a2a354f245a64c8ae27694b11221a1f0ad079d2244914e69480335763424ef95480247f7d19cea80128d67491701b870e950d7de4e26db4ff6dc4c59932ba1b3f231a7b89281a21095c4f17d0092ae7559e383f779c2d4a2c8aef3f8d1c2e1bbd09630e7584323da79d116f11da924bd2de60c043a3c6e631a1a3fe5289f551c0bf06d49ccab98196da23329d6f99f037766919cf7c2fce239a89be6ef92fd1cb6554c3ff708523082e7f34526d3c16304a2fc8130283c44a146537872bc8fb42cf043bf26beab9d9e3742cdf3a4e98272836c635c7644d8604a99a93cc99f3d1faab502210ab1e7b9fb93ab08d5f36c6c55b2350de1c38aab7b10e915f9819e53164341f6494e1f64d57e23fe90e0f85f406b3bb622b1e879a1d56a2dd12ba049de145a94e9de349796dc41e15a5f4a873dc3ccb5774788642e75e7edf63b2c221ac38a171dce6538a49b9df46bd62d4a20e62017db5f4de3e29a7ed14d38516d3a3dda11ce8e564b202c029e0f2fe61422a853e134502b00e81693bdce6c509192a8e0bf95926827215581723eeada3d55fdaa17732ba2d02914960fc25a6790ac16fb5071af4a5aeb51f062411648cf1ac72d51541c432a8c51e649ebf7f7f4aa8e1c2429e07190400dc4597dfd70fbcb00b21a8ad188579545245c1bfc208198f8997d66492334e654d4efbb4397cee7bdd8c3ba165d0d3466d8f8eb7b0042d6a1a2f5cfbc055f20ae093207dd169ffe545c5b57f5696d245adf966e0d48eee4496001d6d48d333a97a7aba5632ef682cefd9c4144ee672d8f612dd220b9cc6754747e41102cbe6baeff415f9fb042c74784c9f3532cc7a71232a4205b79d19e122cc7636642c37793ac9f733de5590a5d816c6038d75a809761268ea477e85b1a79efcbb563b967322d94763e55a16871f7069be48945747ae8ac14f2dc0ce50d8f2bba84c167c1a61428bd38b44b14a38fbd251378f94ee423b244fce6df00022071752e9615417e6f906da924dd01aec859928dfb8bcf263564af9a09616815cc5eb2a43e2b8bbe1b1efb1f74861334ef5c7a4882cbcfcc4366ecd7faec1a27b4e016eb9844007a8dacba4f7fa33e57d2ca32145d4cb39820c5c1bb0907e3be7b1a07f493a1aff14d847ff080cb5a48a5d646af35d8cde3d3704ae282d9ab85ef074d29fee9fbd89737213e8c0e7f9d615542cbbba8cf54c4f8c2fdf2c785083ecd1713b70246ca11c38418bbba3ddac84f784ce0e498e1c17eca1387c46e64f26b4a94cf6d36c179bc86d82bb5ac27cff1375319922f4f1f24d0a3607064f38814d4001d2de1116e5483423cfdf305246b8b0767a3023f7862610fa5ee88efb55e4c7c5e9925508232e22a10098753e355c1a02e7e2bd43b3efcbe3ab785e16e5eebfbb41ce05098744e8ad75e5e132c3f895574674021cdde7863b0209c0e85600bc5a36e1dbf2f847c35a715b4477808fd59152596e7c379a3b1442a315b7cfcaba3a49e5977f29dc332b7d50796d805eb8f4c28e6d44e6980a07118c3f4c50c2069e31b2ca1d38eb4e2b16a968449aa1eab373250d3d183b2228062b021933111472bdb56d887cbd5d99df11be16495c38181db5d25617fd1cc079f039ddb9f2306801b7c408d66e1f90a09926b0034b038fcfcfc98ef4bdc3fa5930920a61101631285402e907ec481e528b8e9bd7c6701c7c44014b68fb0fd13db0f1fcc88d2cecbde37afdfeba04669b04c0a5b159623d6df30867711d759136c230043af0a255a96b15969b27c525fa3287ce70a4374412896c9fdad672b97bc6bee3ee7c34abd360e554a8b162daec4c32cccaa7484bef252407273816314a717d4b9ee37946e57a306783122c88e45d9fab40f89a62f74c48fdba237cd9320ead3f48aa929bbd7e702f24989f426844db3504054a335b3e87008c066aecfcb914b645f95b7f037addd808bd332c5bfba82ecc5456f93de74769e4887dfe081af96fb6c8a572230cdabaae06f519862e8a974214f59de4efe4fb1d74964d3b58f81734e5eae22f8d593cf108a684e24306b75e8ddbd0ce1d90527537cb6486a31f6b7d58f1f040d8f51d83ba86bb751b6d86e45d5b3b364c0f82daafe270bd7153e76a6aa65910da1a942fde9030fc093f3f27a0324b789e5d07d3955dcc3c396b191bc0a60a2233a051e80efa4288ac29059caef2beebf7586b7ab9bbc1c37b4798b1826d31de342d573549e926d9cfafa2a7a8e66139a2bdf4474ef5d7f14274859a00b3ec210c45d032a2d0e2bf23417137de01e91fbf9b5e16bac3915c393d2145c05f811537317f485f50dc383130a5462b8abdc861f7056233c175df71a377f9769ea0ded556713627b3fb5e717879ce6fbd68009051b142b80e16a5c56adb5948b32740af0d1de65b9face6939d82b92f995e172cba61782320bcbfe45c39d872f089862ba61d0fd2c1aa8644c968b7b5610fa6133f0d0a907b00bbbee9177924b55ce2fa44d5f0fa309319d42167226dfa7628da590f51f3d8f9619e03a05f3de15a9f8b8764e41bb3b057bad532df8bed125e237f095cf7d038038aa8f192c99ba09266e557258f2046d6842108e213cfdb24d6ab9e64aaeb2fe909d3daa34a0e9fdc4f39492c1c74e00a7900e529c154d6759dac10a6b55c4cb97e073ffd7c79d549f514340f8985bfed9f05f7c88e0c4ea6393e68b76e80ab4da58ccf88bf62702808d97a279ebcb5d36f2cf47083d985ed17c31094b2f0e60a0bb0b124610b7ae670cf7659e20a766b70fa7ee0a37c1e65c7af891441488c560b49e37c14ae9cc8e4f4c32eab4f8ca85813189e2f6c3e70dd859a958dd0d9b57fa480216d37941c80cded13ffaa012f36462b3c6eb29a3cd7f5625a97377bec01fb664d0d4029f382174a17f878bb3c7845622e2b0eaf783fddfc9cbf804a636716529bd17c2dfb4330f2b3d3a3554361019d4eedf4c1eca1f9cff717ffddb82a6b8b63987cd0a53f7adb7d04dbd7292848fb8ad595773e29470cee79e8a12975922cb5cfcb870a15ef842f90f7e4f8e283a3dee02b65dc92609efdcb4b492b2527b78a35bfda72d39073a2a0955a6afd5824787f209c12d5fd20c92d66bdf857f4b70524700a9232f805b365a5a0094b7cf89f364a1b3a71ced6211d7356af9892403f30248145a746f7d8751d70cd96a0801f06c2670ecffa66f6e0212efe5bd00c9f2cc04b03c74ecbb249792f5b2df972efeec538346e42109522065fc68a119f73ef96034939f5dbcdfa442e0f8984b485e65b5746bdf38f7d48a5289f98a21dd52eb494db2e4cdddf6e5a068f2ccfde07fce122413a504b933ed46f043c788ab2044ae7bc3187faba37ab09b1e9919df96e0ea5bafe4edccf55fe4d753cc898396c303502b59e3b28923a306c0eb861a892e229ba892f4c8bffd8fb7f91d4266d6a90cdccc1f9961e1e1211cd5c2e19cb4a00e4b12e71f52e9dd08e644ed7fb7e770efcdb4c2f193d4e1d7136f94d2e785a0ae5983e539ebb1fa26f2e007b6a65190b84104eb5de5fb6cd50e5a5806ace3b7edaca84000e6669206b265a56394f7186fa7fe84a11f5b396049e1b50409078b2ad62c6e7e38ea33f732b0bef2dd3fb59bbb8f3e49bf29f9871c0c0f8f232effe0bdaf8c31a2d0686aa39597d00d92473243c4b71123accd55d80b2b1404d415d257250b8e26ba0380f8633acf13b3f90fdb30f17643b4d4003955a67b4f9749e87bfa1a3d281f1a3970bbd5fdeab3987f227c24866c548013ab5ba9ef6c3481ba874d0b22aeaa8ec9da77251443324c0ed6cfb8be3203f4", 0x1000}], 0x4, 0xff, 0x8, 0x10)
write$tcp_congestion(r2, 0x0, 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
r5 = pidfd_getfd(r2, r4, 0x0)
ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000080)={<r6=>r5, 0x8, 0xa89, 0x4f4})
perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x7f, 0x8, 0x6, 0x3f, 0x0, 0x857, 0x800, 0xf, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x2, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x4, 0x0, @perf_config_ext={0x4, 0x212e}, 0x30, 0x6, 0x5, 0x7, 0xcc5d, 0x8, 0xff1, 0x0, 0x1233, 0x0, 0x1}, r0, 0x3, r2, 0x8)
fsconfig$FSCONFIG_SET_STRING(r6, 0x1, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)='rw\x00', 0x0)

[ 2187.642389] No source specified
03:51:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca8dbfa6b3d33adea29925b1c283b62d91bd"], 0xf8}}, 0x0)

[ 2187.659452] No source specified
03:51:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/slabinfo\x00', 0x0, 0x0)
add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000001c0)="01a2ca2d7e59884363a7a178f45b8b4350b0130cd09e581b07afdcd81bd61958d4dbd33f49ab966505a598eaf826e05214cb071c83aa6049a1e9e0860b0eb77daef1a0937154545133888e9db1d3d2d9241ecde47946aa0b473ea65f250460ece03e31d86d341075ed9b89b34fed0b5b46ae4e2e8ca3b1902cdd11956a281ab518a26ae107bb95b47577118978301dd4a639ee892ae522fe0473895ed5d2da127524c9bb61e0ce69c758bdf8732f3917fc96359f1c986d549b15f7537c", 0xbd, 0xfffffffffffffffb)

03:51:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x401000000000, &(0x7f0000000080)=0x1)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:51:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x10, 0x0)

03:51:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:51:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xf6ffffff00000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:51:59 executing program 5:
socketpair(0x3, 0x4, 0x4, &(0x7f0000000100)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmsg$NL80211_CMD_GET_REG(r0, &(0x7f0000000400)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="20020000", @ANYRES16=0x0, @ANYBLOB="080026bd7000fddbdf251f00000008009a0002000000fc0122804400008008000300ff7f000008000600060000000800010001fcffff080006007226000008000100ff7f00000800060001000080080002000800000008000100000800001c0000800800040006000000080002000700000008000100050000003c0000800800050001000000080007000600000008000700852a0000080001000600000008000600ff0f00000800050009000000080004007f0000001c0000800800010007000000080007000100000008000400010000802c000080080001008200000008000200030000000800040000000000080001000100000008000100b8d3000054000080080002000000000008000200f4ffffff080006008000000008000100000000000800060001000100080001000900000008000700090000000800030008000000080001000100000008000100060000003400008008000300964c000008000500f9ffffff08000700faffffff08000400fcffffff08000400010000000800070005000000240000800800030006000000080002007f00000008000500060000000800030006000000240000800800060001000000080005000800000008000400ff0f000008000400010100004400008008000100e0bb00000800020000000000080006000800000008000200ff070000080005004000000008000600ffffff7f080002003f0000000800020001000000080001005a000000"], 0x220}, 0x1, 0x0, 0x0, 0x1}, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
sendmsg$NL80211_CMD_SET_KEY(r0, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x60, r1, 0x100, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "30878831484e9480e61479e28b"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_KEY_DEFAULT_MGMT={0x4}, @NL80211_ATTR_KEY_TYPE={0x8}, @NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "7ab58533e6"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_IDX={0x5, 0x8, 0x4}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000}, 0x4000001)
r3 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3909, 0x9, &(0x7f0000000580)=0x1)
fsconfig$FSCONFIG_SET_FLAG(r3, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f0000000080)='hugetlbfs\x00', &(0x7f00000000c0)='\x00', 0x0)

[ 2187.782173] No source specified
[ 2187.785226] No source specified
03:51:59 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)
r2 = request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='/\x00', r1)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r3=>0x0}, 0x1100)
setfsuid(r3)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0, {0xee01, <r4=>0xffffffffffffffff}}, './file0\x00'})
keyctl$chown(0x4, r2, r3, r4)

03:51:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

03:52:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x0, &(0x7f0000001b00))
membarrier(0x20, 0x0)
msgget(0x0, 0xaa8)
membarrier(0x20, 0x0)

03:52:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xf9fdffff00000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:09 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x3a00}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:09 executing program 4:
setsockopt$packet_drop_memb(0xffffffffffffffff, 0x107, 0x2, &(0x7f0000000000)={0x0, 0x1, 0x6, @local}, 0x10)
mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0)
mlock(&(0x7f0000ffc000/0x2000)=nil, 0x2000)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000)
fsopen(0x0, 0x0)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
connect(0xffffffffffffffff, &(0x7f00000001c0)=@l2tp6={0xa, 0x0, 0x8001, @loopback, 0xfffffffd, 0x1}, 0x80)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000040)='\\{\x06\x00', &(0x7f0000000080)='\x00', 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:52:09 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

03:52:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffffffff, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:09 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x2)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:09 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x5, &(0x7f0000000000)=0x1)
membarrier(0x2, 0x0)

[ 2197.207871] No source specified
[ 2197.210503] No source specified
03:52:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0xffffffff00000000, 0x0, 0x0, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:09 executing program 4:
r0 = dup(0xffffffffffffffff)
getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000000)=""/11, &(0x7f0000000040)=0xb)
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:52:09 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff00"/138], 0xf8}}, 0x0)

03:52:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
creat(&(0x7f0000000080)='./file0\x00', 0x86)
mlock(&(0x7f0000ffa000/0x3000)=nil, 0x3000)

03:52:09 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
socket$inet6_udp(0xa, 0x2, 0x0)
membarrier(0x2, 0x0)

03:52:09 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

[ 2197.334915] No source specified
[ 2197.338049] No source specified
03:52:09 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x1, 0x0)

03:52:09 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00)=0x1)
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:09 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x2, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:09 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f00000001c0)={0x0, "ba328c11ca89a628eb1b078d9c709bdcbf060574f2ecc7204aaf412849e357c7334349b948758479cb65fd0af5ebbeaf9e8f6659470f8076941404019715a092", 0x14}, 0x48, r0)

[ 2197.531798] No source specified
[ 2197.535525] No source specified
03:52:19 executing program 7:
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r0, 0x0, 0x0)
ftruncate(r0, 0xfffffffffffffff9)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:52:19 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

03:52:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x0, &(0x7f0000000080))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:19 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x4000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
mprotect(&(0x7f0000ffa000/0x4000)=nil, 0x4000, 0x2000005)
membarrier(0x60, 0x0)

03:52:19 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)
r1 = request_key(&(0x7f00000002c0)='user\x00', &(0x7f0000000300)={'syz', 0x1}, &(0x7f0000000340)='[\xa3%&\x00', r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r0, 0x1)
r2 = perf_event_open(&(0x7f0000000000)={0x5, 0x80, 0x3, 0x9d, 0x9, 0x3, 0x0, 0x9, 0x4, 0x4, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x2, 0x0, @perf_config_ext={0x80000000, 0x6}, 0x3580, 0x2, 0x1f, 0x6, 0xffff, 0x800, 0xfff, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x1, 0xffffffffffffffff, 0xa)
writev(r2, &(0x7f0000000080)=[{&(0x7f00000001c0)="d2ebda7dfed62e4d58c609c35cfa6b1f765dcbb49ba60737ee16d727fd2ab23e4f854da0f94f56adf40f0fc9d9a90978e9a1371203428c14b3c7df0e4e16fc87f3c15314194baef43cdcce86a506792cd03ce6fc74eb056d51ad800ec143cbf507c280aabe6cb67d3a62d05a6914b5eb7a8c63b337ac3ca629d81ddba619dcb571d87a177e628f032a76a22a07740171c2d28ec685159dff7db3e5d6ec9e547056b56a0850f6771872fd7b3131ed04f295d1a09050884514a2900d2e66867df9b4", 0xc1}], 0x1)

03:52:19 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x3)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x3, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2207.410495] No source specified
[ 2207.415866] No source specified
03:52:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x4, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:19 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fd\x00')
membarrier(0x2, 0x0)
membarrier(0x20, 0x0)

[ 2207.476614] No source specified
[ 2207.497049] No source specified
03:52:19 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

03:52:19 executing program 5:
ioctl$CDROMREADRAW(0xffffffffffffffff, 0x5314, &(0x7f0000000080)={0x3, 0x7, 0x7, 0x8, 0x1})
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
ioctl$CDROM_SELECT_DISK(r0, 0x5322, 0x5)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:19 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x5, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:19 executing program 4:
r0 = socket$inet6(0xa, 0x2, 0xd8)
getsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000), 0x10)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0xff, 0x0, 0x3, 0x40, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, @perf_bp={0x0}, 0x400, 0x0, 0x0, 0x0, 0x0, 0x1f}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)

03:52:19 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
r0 = openat$sr(0xffffffffffffff9c, &(0x7f0000000440), 0x105842, 0x0)
writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)="95", 0x1}], 0x1)
memfd_create(&(0x7f0000000000)='/\x00', 0x2)
r1 = fspick(r0, &(0x7f0000000080)='./file0\x00', 0x1)
dup2(0xffffffffffffffff, r1)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fallocate(r2, 0x40, 0x80000000, 0x3)

03:52:19 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
newfstatat(0xffffffffffffff9c, &(0x7f0000000540)='./file0\x00', &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, <r2=>0x0}, 0x6000)
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0xf5, 0x6, &(0x7f0000000440)=[{&(0x7f0000000100)="826063d39bad895eb0c8a311b56cf59384de3f2a350485", 0x17, 0x7fff}, {&(0x7f0000000140)="636fbadfca5834b1e8a4519dbf638aca6e7614544c9cb40a0532437f67bc69df76f195354c93048dd570c6cc76242d1b80a83d539052a1a1f5885e171e18abe13b35e79681b179e0d759bc1be96e4a171e297fa2873fb10c118979ccf3d30c728bfb", 0x62, 0x2}, {&(0x7f00000001c0)="1ca46378c40d8070c523a3ad831dada218da154adb343b136146de2365783398517b054b473fb0981f4cc1e85e40bbeda8f5335e26d1ac93c98bd2b00bff46682cb514190d6219bd6ec6dce7721f45792b471da747e6bbfc71956e0e4de6c8aeaec7313595640d050cf4b32108d5a84aeab56cd59ddc70b59d1011aadfabe18daec2b4ae734831758d", 0x89, 0x3}, {&(0x7f0000000280)="95189da6d9e27cc02133f99c1120a248f97084983514e1d933c00b83d383d13c7c4a6b284f9e5f00d44818b6b98a91a49c0bed6c8eee563ac1670e175ba4a5c6f788c8921981156bad6b31c21ffe57148d5be1de41c1222469b6e2a47d8999513d9fe38fa4afbd1094ec4eebb07897edb926384a9b38e398effcb1c52237b3ab1e6ad1ebaf10f75963b869d2e357a844032fa77c47c9c30c1869f24d6eb35315f455f6c2c27d36f9f9fb012e7a205de403214f1b4e7cda6314963ddca4762cef", 0xc0}, {&(0x7f0000000340)="c61bbfbff0d67e15c7081f84fe7275cc040c0a9cd65979522d87c43049909398cabaced4616c4b66defd608e64bbcf60037daaaf747759e9467c0158adfe53aaedfdabbea3ab7c3cee2f895dc7226ffe43227d9d88fa1855caf32c6a840fe2658200dcff96c05eea8b5f767c09ac50c5e6a1b79bad1bb075774f405d99a570b69e9503bba0ba556d6a093d3587ac05f4aad8a135483d52e2d7836214fda32592df49803bd92e723ea3db5e461a6e1d33", 0xb0, 0xa9}, {&(0x7f0000000400)="8df4b47aaed52e254945c9af0d2472ebe1f519ca909f97b749bb73854d31a31a4dbf272804f9f3afeba3c64e8aadd2103f650dda9b60789c83", 0x39, 0x3}], 0x2000, &(0x7f0000000600)={[{@mode}], [{@uid_gt={'uid>', r1}}, {@fowner_gt={'fowner>', r2}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'hugetlbfs\x00'}}, {@obj_user={'obj_user', 0x3d, 'rw\x00'}}, {@appraise}]})
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

[ 2207.681326] No source specified
[ 2207.687447] No source specified
03:52:28 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x6000}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:28 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
fsetxattr$security_selinux(r0, &(0x7f0000000080), &(0x7f00000000c0)='u:r:untrusted_app:s0:c512,c768\x00', 0x1f, 0x2)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000100)='u:r:untrusted_app:s0:c512,c768\x00', &(0x7f0000000140)='\'\x00', 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)

03:52:28 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x4)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:28 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x6, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:52:28 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x6, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:28 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x0, 0x0)
membarrier(0x40, 0x0)
rt_sigtimedwait(&(0x7f0000000000)={[0x80000001]}, &(0x7f0000000040), &(0x7f00000000c0)={0x0, 0x989680}, 0x8)

03:52:29 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
add_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="0df3cc2b08e18fdd69b5a4ec7752b706079476360d37a3fc5e", 0x19, r1)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:52:29 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

[ 2217.102260] No source specified
[ 2217.108356] No source specified
03:52:29 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x7, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:29 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000080)='[#(+)\xae\x00', &(0x7f00000000c0)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:29 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x3ff, &(0x7f0000000000)=0x1)
mprotect(&(0x7f0000ffb000/0x2000)=nil, 0x2000, 0x13)

03:52:29 executing program 2:
r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0xa0480, 0x0)
ioctl$KDADDIO(r0, 0x4b34, 0x5)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:52:29 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c10d05ecc6a4b62dca"], 0xf8}}, 0x0)

03:52:29 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r0, 0x0, 0x0)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
request_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='\x00', 0xfffffffffffffffb)
keyctl$chown(0x4, r2, 0xee00, 0x0)

[ 2217.237013] No source specified
[ 2217.250015] No source specified
03:52:40 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
dup(0xffffffffffffffff)

03:52:40 executing program 5:
r0 = semget$private(0x0, 0x5, 0x0)
semop(r0, &(0x7f0000000040)=[{0x0, 0xffc0}, {}], 0x2)
semctl$GETALL(r0, 0x0, 0xd, &(0x7f00000000c0)=""/100)
semctl$SEM_INFO(r0, 0x2, 0x13, &(0x7f0000000280)=""/192)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1, &(0x7f0000001b00))
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)
ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000018000000", @ANYRES32=<r3=>r1, @ANYBLOB="06000000000000da462f6669ec653000"])
fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='rw\x00', &(0x7f0000000200)='hugetlbfs\x00', 0x0)
r4 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
ioctl$INCFS_IOC_PERMIT_FILL(r3, 0x40046721, &(0x7f0000000240)={r4})

03:52:40 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x72ee}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:40 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x5)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:40 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

03:52:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x3, &(0x7f0000000000)=0x1)

03:52:40 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xfffffffe, 0x0, 0x4, 0xffffffff, 0x4}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, 0x0, &(0x7f0000000240)='.request_key_auth\x00', &(0x7f0000000280)={'syz', 0x1}, r0)
keyctl$KEYCTL_MOVE(0x1e, 0x0, 0x0, 0x0, 0xb852df6dbeb631e)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
fsmount(r2, 0x1, 0x71)
r3 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = fsopen(&(0x7f0000000080)='autofs\x00', 0x1)
fsconfig$FSCONFIG_SET_BINARY(r4, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r4, 0x0, 0x0)
read(r4, &(0x7f00000001c0)=""/113, 0x71)
keyctl$read(0xb, r3, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f00000002c0)='-@.!}*(^-\x00', &(0x7f0000000380)='hugetlbfs\x00', 0x0)
keyctl$search(0xa, r1, &(0x7f0000000000)='cifs.idmap\x00', &(0x7f0000000040)={'syz', 0x2}, r3)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:52:40 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x8, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

[ 2228.159860] No source specified
[ 2228.165814] No source specified
03:52:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
mount(&(0x7f0000000040)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='pstore\x00', 0x10, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x9, 0x6, &(0x7f0000000000))
membarrier(0x2, 0x0)

03:52:40 executing program 7:
sendmsg$SOCK_DESTROY(0xffffffffffffffff, &(0x7f0000000600)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000100)={0x49c, 0x15, 0x100, 0x70bd28, 0x25dfdbfc, {0x6, 0xb1}, [@INET_DIAG_REQ_BYTECODE={0x9a, 0x1, "458c33affe2643387ff9b656892d29592e31d6fab321f08c416e5cc45fa6e246be2a5e22b6e576c564bdbc53feec5c6dce3bb5b71ce04286d958941e1c97464e1e6a52837cbfe58c9d2d5a24ce347801895de496670686d0c466f6f555ede81d835b624d7d3ad5bc24080caad80fadb57dd8c8931bb83ebae0b28d142f094e0ef76775b9193394c13daf70e6532733f4833a9e8d4c5d"}, @INET_DIAG_REQ_BYTECODE={0x39, 0x1, "be5a0c5e27d338d654d88557c0ac56f2a22c0f1583bc151cd8461b845434f0154815b5babe197ae51c33552aa715df52ce5e44e032"}, @INET_DIAG_REQ_BYTECODE={0x5f, 0x1, "16bef2923d6d21349fc0f3cb8d1a47c1a52af0488ebad5e8f623d4bdebaa6e68d1e2e99ed21e8c8876373641fdfaee094ef96944312bb029af22fa6c22d82772c309d99c8172023731586a6062f04981fd3420cea75b3396c7ef3c"}, @INET_DIAG_REQ_BYTECODE={0x1b, 0x1, "52c83c6ca6f3dbd8bb308d118f823121ad550c175d53cf"}, @INET_DIAG_REQ_BYTECODE={0x92, 0x1, "4186cb534d88f0bcde4f1fa47f41c79261ffe6f48f82b1625ff5e02e0dc3cdc5ea04aee5f1fb8a07de1d4400cea8dc89ea72b97641585635d44ef538c1ce18ee3b2b7b20d0620b11160fcd9ef6717b39445ded07592e88072000334b0537b23179b41fc0b9766566f2270f59df83eda36fd860760226eda540c3078426d9caee8bee0e073d040317c862d28c3984"}, @INET_DIAG_REQ_BYTECODE={0xdf, 0x1, "83e377d1ed213d331958b0bafe95fe377c93f6518a6f62f17f77bb60f391f67d3e096831498334139949a70c67cfd2990cb80919e5cd3989fdd7799bf25feac1d51eb008c74aa23c731f85e06ebeeca345279213414dbf8832e1ae7f8a35c38874aedbebe177dca6a5fb50fda9e9ea490f2e7d2bd7ea159f831a319ed27a05c409a3121ee5377e517b79f4e883ed40545153e25844a5b30a8c307ab23bb0696ba244fa76634beb80b585c5bdcc714b120b6074ee7c226c608a454bd8d4c8c9a87bf431408a18982b838dd882c0152253fd4e8476f03e848fae52b4"}, @INET_DIAG_REQ_BYTECODE={0xd0, 0x1, "634f7513a7a5e822729fa6e129b912031656f7f34fbb6ff9e0f2fd824c2bbd7723572b4bbde50d2bc6d0a29f10a01804b9a1d2dd4c48106cefad88405655aa8e6e352360a0f21f079c50017b78e52b6d54517ee603414d8d7f66db619276e8785f86675dc5009e52127538f7081edd53138bd23c660a9607003acda113e8dcecd3e267fb387094461e8b1de75c17ac2747cd687458ae13e8a2f53f06f8e2548e415a2d55870c0f0ca6f359109584df618b1615551690e9b1de6a3d6a81226123f8ae15ee0c95ef4dbc8888a7"}, @INET_DIAG_REQ_BYTECODE={0xef, 0x1, "ee523c071c0dc71447efed1ea11e22bec8bd8f72d89302d48d5e9f1b16316bb00f8fa9bd186d4a203982a609b1d6afb1e36bd06c92527b189ff1b51bca24576a2e9257a87390fffc8a189ba0fa6b5a4c2a45e9877d3e12cf2d29fd6dfb2083356e3a195cdc7ea70015ff8c17f9478cc1c1d311974d481f21263d60170e21f4d4284a6ffad1a2f53fbfdadceee7515bf99141ee876827576df1c96f99b3ec7c764ec930523922986445b007e4a1c0cbe479f47a9a24eeb8bb3962a04b646fe3246dd75e29f00c027f7faeded956b68f7916eba96b485d90ae5d0ed991ef0c975a3ffb8f1009e78641e5b8fb"}]}, 0x49c}, 0x1, 0x0, 0x0, 0x40810}, 0x4008014)
lstat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000640)={{0x1, 0x1, 0x18, <r0=>0xffffffffffffffff}, './file0/../file0\x00'})
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_TID_CONFIG(r2, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f0000000880)={0x30, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x1c, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_RETRY_SHORT={0x5, 0x7, 0x87}]}, {0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8, 0xd, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x4}]}]}]}]}, 0x30}}, 0x0)
r3 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r3, 0x0, 0x0)
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f00000006c0)=<r4=>0x0)
r5 = getpgid(0x0)
r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
getsockopt$inet_mreqn(r6, 0x0, 0x20, 0x0, &(0x7f0000001180))
getpeername(r6, &(0x7f00000008c0)=@ieee802154, &(0x7f0000000840)=0x80)
sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r0, &(0x7f00000007c0)={&(0x7f0000000680)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000780)={&(0x7f0000000700)={0x70, r1, 0x400, 0x70bd27, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x1d}, @void, @void}}, [@NL80211_ATTR_IFINDEX={0x8}, @NL80211_ATTR_NETNS_FD={0x8, 0xdb, r3}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x7ff, 0x1d}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x8}, @NL80211_ATTR_PID={0x8, 0x52, r4}, @NL80211_ATTR_PID={0x8, 0x52, r5}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x42}, @NL80211_ATTR_PID={0x8, 0x52, 0xffffffffffffffff}, @NL80211_ATTR_PID={0x8}]}, 0x70}, 0x1, 0x0, 0x0, 0x4004}, 0x4000004)
r7 = getpgid(0x0)
sched_setattr(r7, &(0x7f00000000c0)={0x38, 0x86448500e516ce5, 0x45, 0x7fffffff, 0x8, 0x81, 0x7, 0x3, 0x2, 0x7}, 0x0)
r8 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000800), 0x200, 0x0)
kcmp(r7, r4, 0x6, r2, r8)
membarrier(0x2, 0x0)

[ 2228.217232] Zero length message leads to an empty skb
03:52:40 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x200, 0x8, &(0x7f0000000000))
membarrier(0x2, 0x0)

03:52:40 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x9, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:40 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

03:52:40 executing program 7:
r0 = syz_genetlink_get_family_id$devlink(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_TRAP_SET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000200)={&(0x7f0000000080)={0x158, r0, 0x2, 0x70bd28, 0x25dfdbfc, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0x1c}, {0x5}}]}, 0x158}, 0x1, 0x0, 0x0, 0x40000}, 0x8000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x100000000, &(0x7f0000001b00))
membarrier(0x2, 0x0)

03:52:40 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x0, 0x80, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61882, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000002640)={0x0, 0x0, 0x0, 0x0, <r1=>0x0}, 0x1100)
setfsuid(r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f00000085c0)={0x0, 0x0, <r4=>0x0}, &(0x7f0000008600)=0xc)
keyctl$chown(0x4, r2, 0xee00, r4)
fchown(r0, r1, r4)
r5 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r6 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r6, 0x0, 0x0)
r7 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r7, 0x0, 0x0)
r8 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000000000), &(0x7f0000000040)=0xc)
keyctl$KEYCTL_MOVE(0x1e, r6, r7, r5, 0x0)
keyctl$chown(0x4, r5, 0xee00, 0x0)

[ 2228.408270] No source specified
[ 2228.420442] No source specified
03:52:40 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x7fffffff, &(0x7f0000000000))

03:52:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/173], 0xf8}}, 0x0)

03:52:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0xa, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:49 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='cifs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)

03:52:49 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:49 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000080), 0x280080, 0x0)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r2, 0xc0189371, &(0x7f00000001c0)={{0x1, 0x1, 0x18, r0}, './file0\x00'})
keyctl$chown(0x4, r1, 0xee00, 0x0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r3, 0x0)
request_key(&(0x7f0000000200)='ceph\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f0000000280)='/dev/autofs\x00', r3)

03:52:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x0, 0x0)

03:52:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
membarrier(0x4, 0x0)
membarrier(0x1, 0x0)
membarrier(0x21, 0x0)
membarrier(0x8, 0x0)

03:52:49 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x6)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:49 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x3, 0x0)

[ 2237.981018] No source specified
[ 2237.981132] ==================================================================
[ 2237.982263] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0xf69/0x1220
[ 2237.982849] Read of size 4 at addr ffff88803cab91c4 by task syz-executor.3/17644
[ 2237.983429] 
[ 2237.983570] CPU: 1 UID: 0 PID: 17644 Comm: syz-executor.3 Not tainted 6.16.0-rc5-next-20250708 #1 PREEMPT(voluntary) 
[ 2237.983586] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014
[ 2237.983595] Call Trace:
[ 2237.983600]  <TASK>
[ 2237.983605]  dump_stack_lvl+0xca/0x120
[ 2237.983624]  print_report+0xcb/0x5f0
[ 2237.983642]  ? __virt_addr_valid+0x100/0x5d0
[ 2237.983662]  ? xfrm_alloc_spi+0xf69/0x1220
[ 2237.983674]  ? xfrm_alloc_spi+0xf69/0x1220
[ 2237.983686]  kasan_report+0xca/0x100
[ 2237.983700]  ? xfrm_alloc_spi+0xf69/0x1220
[ 2237.983714]  xfrm_alloc_spi+0xf69/0x1220
[ 2237.983729]  ? __pfx_xfrm_alloc_spi+0x10/0x10
[ 2237.983741]  ? xfrm_find_acq+0x8e/0xb0
[ 2237.983755]  xfrm_alloc_userspi+0x609/0xbb0
[ 2237.983771]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[ 2237.983784]  ? __nla_parse+0x42/0x60
[ 2237.983801]  ? __pfx_xfrm_alloc_userspi+0x10/0x10
[ 2237.983813]  xfrm_user_rcv_msg+0x459/0xa00
[ 2237.983834]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2237.983853]  ? lock_release+0xc8/0x290
[ 2237.983868]  ? __is_insn_slot_addr+0x140/0x290
[ 2237.983894]  ? __pfx___mutex_trylock_common+0x10/0x10
[ 2237.983911]  netlink_rcv_skb+0x147/0x430
[ 2237.983933]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[ 2237.983953]  ? __pfx_netlink_rcv_skb+0x10/0x10
[ 2237.983975]  ? netlink_deliver_tap+0x1ae/0xce0
[ 2237.983994]  xfrm_netlink_rcv+0x74/0x90
[ 2237.984012]  netlink_unicast+0x53d/0x7f0
[ 2237.984032]  ? __pfx_netlink_unicast+0x10/0x10
[ 2237.984053]  netlink_sendmsg+0x8ac/0xd80
[ 2237.984073]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 2237.984095]  ____sys_sendmsg+0xa67/0xc20
[ 2237.984111]  ? copy_msghdr_from_user+0xfb/0x150
[ 2237.984131]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 2237.984151]  ___sys_sendmsg+0x10f/0x1b0
[ 2237.984172]  ? __pfx____sys_sendmsg+0x10/0x10
[ 2237.984194]  ? lock_acquire+0x15e/0x2f0
[ 2237.984206]  ? __fget_files+0x34/0x3b0
[ 2237.984227]  ? find_held_lock+0x2b/0x80
[ 2237.984244]  ? __fget_files+0x203/0x3b0
[ 2237.984260]  ? lock_release+0xc8/0x290
[ 2237.984273]  ? __fget_files+0x20d/0x3b0
[ 2237.984292]  __sys_sendmsg+0x150/0x200
[ 2237.984302]  ? __pfx___sys_sendmsg+0x10/0x10
[ 2237.984312]  ? __x64_sys_futex+0x1c9/0x4d0
[ 2237.984330]  do_syscall_64+0xbf/0x360
[ 2237.984347]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2237.984360] RIP: 0033:0x7f524a472b19
[ 2237.984370] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[ 2237.984382] RSP: 002b:00007f52479e8188 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 2237.984394] RAX: ffffffffffffffda RBX: 00007f524a585f60 RCX: 00007f524a472b19
[ 2237.984403] RDX: 0000000000000000 RSI: 0000000020000400 RDI: 0000000000000003
[ 2237.984410] RBP: 00007f524a4ccf6d R08: 0000000000000000 R09: 0000000000000000
[ 2237.984418] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 2237.984426] R13: 00007ffc7d76330f R14: 00007f52479e8300 R15: 0000000000022000
[ 2237.984438]  </TASK>
[ 2237.984442] 
[ 2237.986348] No source specified
[ 2237.986563] Allocated by task 17518:
[ 2237.986572]  kasan_save_stack+0x24/0x50
[ 2238.013594]  kasan_save_track+0x14/0x30
[ 2238.013909]  __kasan_slab_alloc+0x59/0x70
[ 2238.014235]  kmem_cache_alloc_noprof+0x13c/0x470
[ 2238.014616]  xfrm_state_alloc+0x25/0x600
[ 2238.014945]  __find_acq_core+0x9c8/0x27a0
[ 2238.015271]  xfrm_find_acq+0x7f/0xb0
[ 2238.015565]  xfrm_alloc_userspi+0x58b/0xbb0
[ 2238.015902]  xfrm_user_rcv_msg+0x459/0xa00
[ 2238.016242]  netlink_rcv_skb+0x147/0x430
[ 2238.016567]  xfrm_netlink_rcv+0x74/0x90
[ 2238.016890]  netlink_unicast+0x53d/0x7f0
[ 2238.017217]  netlink_sendmsg+0x8ac/0xd80
[ 2238.017543]  ____sys_sendmsg+0xa67/0xc20
[ 2238.017867]  ___sys_sendmsg+0x10f/0x1b0
[ 2238.018186]  __sys_sendmsg+0x150/0x200
[ 2238.018491]  do_syscall_64+0xbf/0x360
[ 2238.018798]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 2238.019200] 
[ 2238.019334] Freed by task 11364:
[ 2238.019599]  kasan_save_stack+0x24/0x50
[ 2238.019909]  kasan_save_track+0x14/0x30
[ 2238.020221]  kasan_save_free_info+0x3a/0x60
[ 2238.020562]  __kasan_slab_free+0x38/0x50
[ 2238.020887]  kmem_cache_free+0x2a1/0x460
[ 2238.021215]  xfrm_state_gc_task+0x112/0x170
[ 2238.021560]  process_one_work+0x8e1/0x19c0
[ 2238.021892]  worker_thread+0x67e/0xe90
[ 2238.022202]  kthread+0x3c8/0x740
[ 2238.022481]  ret_from_fork+0x34b/0x430
[ 2238.022799]  ret_from_fork_asm+0x1a/0x30
[ 2238.023126] 
[ 2238.023261] The buggy address belongs to the object at ffff88803cab9100
[ 2238.023261]  which belongs to the cache xfrm_state of size 920
[ 2238.024225] The buggy address is located 196 bytes inside of
[ 2238.024225]  freed 920-byte region [ffff88803cab9100, ffff88803cab9498)
[ 2238.025231] 
[ 2238.025384] The buggy address belongs to the physical page:
[ 2238.025856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803cab8440 pfn:0x3cab8
[ 2238.026607] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 2238.027244] flags: 0x100000000000040(head|node=0|zone=1)
[ 2238.027692] page_type: f5(slab)
[ 2238.027976] raw: 0100000000000040 ffff88800a7c1780 dead000000000122 0000000000000000
[ 2238.028616] raw: ffff88803cab8440 00000000800f000d 00000000f5000000 0000000000000000
[ 2238.029259] head: 0100000000000040 ffff88800a7c1780 dead000000000122 0000000000000000
[ 2238.029913] head: ffff88803cab8440 00000000800f000d 00000000f5000000 0000000000000000
[ 2238.030564] head: 0100000000000002 ffffea0000f2ae01 00000000ffffffff 00000000ffffffff
[ 2238.031201] head: ffff88803cab9818 0000000000000000 00000000ffffffff 0000000000000004
[ 2238.031836] page dumped because: kasan: bad access detected
[ 2238.032296] 
[ 2238.032439] Memory state around the buggy address:
[ 2238.032840]  ffff88803cab9080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 2238.033451]  ffff88803cab9100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2238.034046] >ffff88803cab9180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2238.034642]                                            ^
[ 2238.035085]  ffff88803cab9200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2238.035693]  ffff88803cab9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 2238.036300] ==================================================================
[ 2238.036960] Disabling lock debugging due to kernel taint
03:52:49 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0xb, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:49 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
clock_gettime(0x0, &(0x7f0000000040)={<r0=>0x0, <r1=>0x0})
rt_sigtimedwait(&(0x7f0000000000)={[0x88]}, 0x0, &(0x7f0000000080)={r0, r1+10000000}, 0x8)

03:52:50 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8211, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x810}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:52:50 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
getpid()
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x4, 0x7ff, &(0x7f0000000000))
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={<r0=>0x0}, &(0x7f0000000140)=0xc)
r1 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
write$tcp_congestion(r1, 0x0, 0x0)
perf_event_open(&(0x7f0000000080)={0x4, 0x80, 0xfe, 0x0, 0x8, 0x1f, 0x0, 0xfffffffffffffffe, 0x40469, 0x6, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x3, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2, 0x2, @perf_bp={&(0x7f0000000040)}, 0x4818, 0xffffffffffffff24, 0x4e, 0x5, 0x9, 0x37b, 0xf9d0, 0x0, 0x0, 0x0, 0x6}, r0, 0x0, r1, 0x0)
membarrier(0x2, 0x0)

03:52:50 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
r1 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r1, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r1, 0x0, 0x0)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000080)='sync\x00', 0x0, 0x0)
r2 = syz_open_dev$mouse(&(0x7f0000000140), 0x9, 0x80)
read(r2, &(0x7f0000000180)=""/130, 0x82)

[ 2238.175541] No source specified
03:52:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd70000000000000000000000000000000000000000000000000007711aceea69d9f67c1"], 0xf8}}, 0x0)

[ 2238.193276] No source specified
03:52:50 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$read(0xb, r1, 0x0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$chown(0x4, r0, 0xee00, 0x0)

03:52:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x8, &(0x7f0000000540))
membarrier(0x2, 0x0)
syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x7fff, 0x6, &(0x7f0000000400)=[{&(0x7f0000000080)="ca3edc762b1605ad97498f71682e8c3450a7f504dc66b062e85655848e30471d36a17a59ed01fa0cbb9de90117dd181a29d69dc763b387b1eeead6209fbbc67a56893a5c72dbadbf61d7929a677ec0d4b3f60b84923eb78e61165e67fc8ff03e462b99230484159acaaea01e7cda7779e4e6902e03b2162bcb227a2795d7b64d5a087d7984691d1662275abb834028dec4c80ca4579d954d34b9dd", 0x9b, 0x2}, {&(0x7f0000000140)="e3e5c5bb22aed911f27ee7a989539743188cf921af079820d72e0f7e4ee35af6c4d1fdec0cfbdea6cc56d6a71b2920ee302609dd7e4a45afe489eee07915fbf2dbe55f0b05b2cd2a51514802024a54dda306368a5fc11a4c731c5d67b51290a887d915586c56a1d0d70070000cf9d41401ccd9d80a9ae61ebae4adb4c8a96eaea6a559b7098e1452", 0x88, 0x8}, {&(0x7f0000000200)="076cbac3bcaf214c1d318b247c2a512aaaec98bf9b038b8bb050a6048648a47a06a5acdbfd7ada9c2b72870284fa60dc96f5c63aab4a9161d2a0f8acace49f3250e2d31db12b07", 0x47, 0x1}, {&(0x7f0000000280)="3da4d6aac490bdc47803547b32e171ec061e18a86cf90318e6c6997b0b6ffeacfffb3e319971cdfd1164b44f75bf44989f7ea70bde8d161b483b1bc15ea4b89af960896d2c28ad970bfe86771b3272320789222ea9c1f17cf1bbad05e0d19cd7deb61b1d2b86861370cf14162cebd5f927a42af64f30b7e8c58ac66c3de244f1af4f0506b399617335854cd03577deff", 0x90, 0x8}, {&(0x7f0000000340)="4e56336ff2538bc8021ffb491e80c34ac7012172c390cdd80926d0c3c895a4b22947f42dafa2ecdbca676fa9d1da2bce17bec58ccc1b", 0x36, 0x200}, {&(0x7f0000000380)="2532719da1c93a23fd2112e2567cd1c2e1ab11232b9ddbb58eb94a07d29ad12cea0d33e8b6572e28f4c91a40acaacfd517bee7a480c396277f68ba13429d0e77186fb362d9751aeda8eb439058741b47a6c37abd59", 0x55, 0x100}], 0x800002, &(0x7f00000004c0)={[{@utf8}, {@map_normal}], [{@obj_role={'obj_role', 0x3d, '\xdb,\x7f'}}, {@uid_gt={'uid>', 0xee00}}, {@dont_appraise}]})

03:52:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x1c, &(0x7f0000000000))
membarrier(0x2, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0x3b, &(0x7f0000000040))

03:52:59 executing program 0:
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
ppoll(&(0x7f0000000080)=[{r0}], 0x1, 0x0, 0x0, 0x0)
sendmsg(r0, &(0x7f0000000540)={&(0x7f0000000000)=@nl=@unspec={0x0, 0x0, 0xc0fe}, 0x80, &(0x7f0000000280)=[{&(0x7f00000000c0)="ee72af93", 0x4}], 0x1}, 0x0)

03:52:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
sync_file_range(r0, 0x6, 0x5, 0x4)

03:52:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd700000000000000000000000000000000000000000000000000077"], 0xf8}}, 0x0)

03:52:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x10, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:59 executing program 4:
r0 = perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv2(r0, &(0x7f0000000540)=[{&(0x7f00000001c0)=""/208, 0xd0}, {&(0x7f00000002c0)=""/247, 0xf7}, {&(0x7f00000003c0)=""/211, 0xd3}, {&(0x7f0000000000)=""/131, 0x83}, {&(0x7f00000004c0)=""/69, 0x45}], 0x5, 0x804b, 0x3f, 0x12)
fsopen(0x0, 0x0)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r1, 0xee00, 0x0)

03:52:59 executing program 6:
r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x100000001})
unlink(&(0x7f00000005c0)='./file0\x00')
creat(&(0x7f0000000000)='./file1\x00', 0x7)
rmdir(&(0x7f0000000380)='./file0\x00')

03:52:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/166], 0xf8}}, 0x0)

03:52:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
fsopen(0x0, 0x0)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r0, 0xee00, 0x0)

[ 2247.247364] No source specified
[ 2247.253218] loop7: detected capacity change from 0 to 63
[ 2247.259470] No source specified
[ 2247.262836] iso9660: Unknown parameter 'obj_role'
[ 2247.266075] loop7: detected capacity change from 0 to 63
03:52:59 executing program 5:
sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x10, 0x3f8, 0x8, 0x70bd2b, 0x25dfdbff, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000000)='rw\x00', 0x0, 0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x0, &(0x7f0000000080)=0x1)

03:52:59 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="f8000000160001000000000000000000fe880000000000000000000000000001ac141400000000000000000000000000000000004e2300"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8000000000000000000000000000bb0000000033000000e000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fc6411ffdfffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000025bd7000"/166], 0xf8}}, 0x0)

03:52:59 executing program 7:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
membarrier(0x2, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, &(0x7f0000000000)={0x0, <r0=>0x0})
syz_open_procfs(r0, &(0x7f0000000080)='net/nf_conntrack_expect\x00')

03:52:59 executing program 4:
perf_event_open(&(0x7f0000000140)={0x2, 0x80, 0xf1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
creat(&(0x7f0000000300)='./file0\x00', 0x2)
r0 = fsopen(0x0, 0x0)
r1 = openat2(r0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000040)={0x40, 0x94, 0x14}, 0x18)
ioctl$AUTOFS_DEV_IOCTL_VERSION(r1, 0xc0189371, &(0x7f0000000240)={{0x1, 0x1, 0x18, r1}, './file0\x00'})
r2 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
fsconfig$FSCONFIG_SET_BINARY(r2, 0x2, &(0x7f00000000c0)='\x80)-$].\x00', &(0x7f0000000100)="ad", 0x1)
read(r2, 0x0, 0x0)
r3 = fsmount(r2, 0x1, 0x2)
poll(&(0x7f0000000000)=[{r3, 0x1008}], 0x1, 0x7)
fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, &(0x7f0000000080)='nomand\x00', 0x0, 0x0)
r4 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$chown(0x4, r4, 0xee00, 0x0)
r5 = openat$nvram(0xffffffffffffff9c, &(0x7f00000000c0), 0x101181, 0x0)
ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0x80049370, &(0x7f00000002c0))
write$tcp_congestion(r5, 0x0, 0x0)
r6 = syz_open_dev$hidraw(&(0x7f00000001c0), 0xfff, 0x7ed374d5fc4d3c5a)
ioctl$AUTOFS_DEV_IOCTL_EXPIRE(r5, 0xc018937c, &(0x7f0000000200)={{0x1, 0x1, 0x18, r6, {0x1}}, './file0\x00'})

03:52:59 executing program 2:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
syz_emit_ethernet(0x3e, &(0x7f0000000180)=ANY=[@ANYBLOB="8fccf763792daaaaaaaaaa0086dd60c770cc00083a0000000000000000000000000000000000ff020000000000000000000000000001810090780000000042458f25ff6302cb6016921d68c36cfe38151fb22f25670b7494fce940cd81026dc938f35eaa4c0d0f0250ce9a73dafbec98652725ea06b467ae4a79eb9a7438e140b86de06a39929de32dcc9803ab8aa9bd097ce9114312948af5e2367b019715611e6353becb93a4f958d5e96f436bc99523498e8ac12662d4515440f444e93657b886665b23d1f3875d66de42249ad9e0b7cc52fe80bd48810944fba971fd7fe525ef019642fcd9bc0b14647092c3fbc91051cc3c8e9b202f66bc21cb092ff97ff6a71efa8d4fa15c917926ac295a1a1e077261dd"], 0x0)
membarrier(0x2, 0x0)

03:52:59 executing program 1:
syz_mount_image$msdos(&(0x7f00000017c0), &(0x7f0000001800)='./file0\x00', 0x0, 0x0, 0x0, 0x300, &(0x7f0000001940)={[{@fat=@errors_remount}, {@fat=@usefree}]})

03:52:59 executing program 5:
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000001b00))
r0 = fsopen(&(0x7f0000000040)='hugetlbfs\x00', 0x0)
io_setup(0x7, &(0x7f0000000000)=<r1=>0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000080)='posixacl\x00', 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000100)={<r2=>0x0, <r3=>0x0})
io_pgetevents(r1, 0x3, 0x1, &(0x7f00000000c0)=[{}], &(0x7f0000000140)={r2, r3+10000000}, &(0x7f00000001c0)={&(0x7f0000000180)={[0x8]}, 0x8})

[ 2247.404138] No source specified
[ 2247.413184] No source specified

VM DIAGNOSIS:
06:57:46  Registers:
info registers vcpu 0
RAX=0000000000000000 RBX=0000000000000001 RCX=ffffffff81a105a7 RDX=ffff88801598d280
RSI=ffffffff81a105b5 RDI=0000000000000007 RBP=ffffea00005b04c0 RSP=ffff888036b5f600
R8 =0000000000000000 R9 =fffff940000b6098 R10=0000000000000000 R11=0000000000000001
R12=ffffea00005b04c0 R13=0000000000000000 R14=0000000000000000 R15=ffff888036b5f7d0
RIP=ffffffff817362a0 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 0000000000000000 00000000 00000000
GS =0000 ffff8880e55f1000 00000000 00000000
LDT=0000 ffff888000000000 00000000 00000000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f4e140aa8e0 CR3=000000003ff7f000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=ffffffffffffffffffffffffffffffff
XMM02=00000000000000000000000000000000 XMM03=00000000000000000000000000000000
XMM04=000000000000000000000000000000ff XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000
info registers vcpu 1
RAX=000000000000000a RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8
RSI=ffffffff828b4535 RDI=ffffffff8871ff20 RBP=ffffffff8871fee0 RSP=ffff88803d2ded90
R8 =0000000000000000 R9 =ffffed100153a046 R10=0000000000000001 R11=5f6b636f6c203f20
R12=000000000000000a R13=0000000000000010 R14=ffffffff8871fee0 R15=ffffffff828b4520
RIP=ffffffff828b458d RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 00000000 00000000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 00000000 00000000
FS =0000 00007f52479e8700 00000000 00000000
GS =0000 ffff8880e56f1000 00000000 00000000
LDT=0000 fffffe3a00000000 00000000 00000000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007efd1a656718 CR3=000000000ccb0000 CR4=00350ef0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=00000000000000000000000000000000 XMM01=00007f524a5597c000007f524a5597c8
XMM02=00007f524a5597e000007f524a5597c0 XMM03=00007f524a5597c800007f524a5597c0
XMM04=ffffffffffffffffffffffff00000000 XMM05=00000000000000000000000000000000
XMM06=0000000000000000000000524f525245 XMM07=00000000000000000000000000000000
XMM08=000000000000000000524f5252450040 XMM09=00000000000000000000000000000000
XMM10=00000000000000000000000000000000 XMM11=00000000000000000000000000000000
XMM12=00000000000000000000000000000000 XMM13=00000000000000000000000000000000
XMM14=00000000000000000000000000000000 XMM15=00000000000000000000000000000000