program:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_clone(0x20000, 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x1000002, &(0x7f0000000780)={[{@noblock_validity}, {}, {@sysvgroups}, {@noblock_validity}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@nogrpid}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x1, 0x56a, &(0x7f00000015c0)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH")
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000240)=ANY=[@ANYBLOB="180300000005000000000000000000001801000011af000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000d5030000020000838500000071000000180100002020752500000000806020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='ext4_mb_release_inode_pa\x00', r3}, 0x10)
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x89f1, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r4, &(0x7f0000000200), 0x43451)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000071"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f00000004c0)='ext4_mb_release_inode_pa\x00', r5}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
syz_usb_connect(0x2, 0x27d, &(0x7f0000000300)=ANY=[@ANYBLOB="12010000e124cf4068162303ca5f000000010902"], 0x0)
syz_open_procfs$namespace(r2, &(0x7f0000000040)='ns/cgroup\x00')
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
r7 = syz_open_procfs$pagemap(r2, &(0x7f0000000180))
ioctl$PAGEMAP_SCAN(r7, 0xc0606610, &(0x7f00000004c0)={0x60, 0x2, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, 0x2, &(0x7f00000003c0)=[{0x3, 0x9, 0x7ff}, {0x1ff, 0x0, 0x7}, {0x4, 0x4, 0xffffffff}, {0x2}, {0x1, 0x6, 0x3}, {0x5, 0xffff, 0x69d3}, {0x10001, 0x400, 0x40}, {0x8, 0x100, 0xf52}], 0x8, 0x5, 0x20, 0x5a, 0x24, 0x48})
setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x53b0}, {}, 0x0, 0x9, 0x1, 0x0, 0x0, 0x1}, {{@in6=@ipv4={'\x00', '\xff\xff', @private}, 0x0, 0x33}, 0x0, @in=@loopback, 0x0, 0x3, 0x2, 0xb7}}, 0xe8)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
r8 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r8, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r8, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)

[   81.114827][ T5302] Bluetooth: hci0: command tx timeout
[   81.122319][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[   81.125425][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[   81.259426][ T5318] loop0: detected capacity change from 0 to 1024
[   81.541026][ T5315] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[   81.695025][ T5315] usb 5-1: config 0 has no interfaces?
[   81.697173][ T5315] usb 5-1: New USB device found, idVendor=1668, idProduct=0323, bcdDevice=5f.ca
[   81.700553][ T5315] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   81.712262][ T5315] usb 5-1: config 0 descriptor??
[   81.923632][ T5318] Oops: general protection fault, probably for non-canonical address 0xdffffc000000003c: 0000 [#1] PREEMPT SMP KASAN NOPTI
[   81.928588][ T5318] KASAN: null-ptr-deref in range [0x00000000000001e0-0x00000000000001e7]
[   81.931838][ T5318] CPU: 0 UID: 0 PID: 5318 Comm: syz.0.0 Not tainted 6.14.0-rc1-syzkaller-00235-g9946eaf552b1 #0
[   81.935722][ T5318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014
[   81.939978][ T5318] RIP: 0010:__lock_acquire+0x6a/0x2100
[   81.942561][ T5318] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d eb ce 80 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 38 8b 00 48 be 00 00 00 00 00 fc
[   81.950387][ T5318] RSP: 0018:ffffc9000d397850 EFLAGS: 00010006
[   81.952611][ T5318] RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000001
[   81.955463][ T5318] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00000000000001e0
[   81.958211][ T5318] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   81.960912][ T5318] R10: dffffc0000000000 R11: fffffbfff2036b8f R12: ffff888036562440
[   81.963920][ T5318] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000001e0
[   81.967412][ T5318] FS:  00007f49671366c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   81.971389][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   81.973949][ T5318] CR2: 00007f7a88ce37b7 CR3: 0000000052d30000 CR4: 0000000000352ef0
[   81.976950][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   81.980251][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   81.983080][ T5318] Call Trace:
[   81.984329][ T5318]  <TASK>
[   81.985582][ T5318]  ? __die_body+0x5f/0xb0
[   81.987520][ T5318]  ? die_addr+0xb0/0xe0
[   81.989663][ T5318]  ? exc_general_protection+0x3dd/0x5d0
[   81.992275][ T5318]  ? asm_exc_general_protection+0x26/0x30
[   81.995909][ T5318]  ? __lock_acquire+0x6a/0x2100
[   81.997726][ T5318]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   82.000074][ T5318]  lock_acquire+0x1ed/0x550
[   82.001909][ T5318]  ? do_pagemap_cmd+0x82e/0x1240
[   82.003678][ T5318]  ? __pfx_lock_acquire+0x10/0x10
[   82.005557][ T5318]  ? __pfx___might_resched+0x10/0x10
[   82.008101][ T5318]  down_read_killable+0xca/0xd30
[   82.010664][ T5318]  ? do_pagemap_cmd+0x82e/0x1240
[   82.013358][ T5318]  ? do_pagemap_cmd+0x82e/0x1240
[   82.015523][ T5318]  ? __pfx_down_read_killable+0x10/0x10
[   82.017803][ T5318]  ? rcu_is_watching+0x15/0xb0
[   82.019597][ T5318]  ? trace_kmalloc+0x1f/0xd0
[   82.021332][ T5318]  do_pagemap_cmd+0x82e/0x1240
[   82.023195][ T5318]  ? __pfx_do_pagemap_cmd+0x10/0x10
[   82.025104][ T5318]  ? __fget_files+0x2a/0x410
[   82.026854][ T5318]  ? __fget_files+0x2a/0x410
[   82.028655][ T5318]  ? __pfx_do_pagemap_cmd+0x10/0x10
[   82.030868][ T5318]  __se_sys_ioctl+0xf5/0x170
[   82.033197][ T5318]  do_syscall_64+0xf3/0x230
[   82.035202][ T5318]  ? clear_bhb_loop+0x35/0x90
[   82.037315][ T5318]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   82.039397][ T5318] RIP: 0033:0x7f496638cde9
[   82.041175][ T5318] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   82.048230][ T5318] RSP: 002b:00007f4967136038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[   82.051634][ T5318] RAX: ffffffffffffffda RBX: 00007f49665a5fa0 RCX: 00007f496638cde9
[   82.054966][ T5318] RDX: 00004000000004c0 RSI: 00000000c0606610 RDI: 000000000000000b
[   82.058096][ T5318] RBP: 00007f496640e2a0 R08: 0000000000000000 R09: 0000000000000000
[   82.060906][ T5318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   82.063830][ T5318] R13: 0000000000000000 R14: 00007f49665a5fa0 R15: 00007ffdb7a6a968
[   82.067074][ T5318]  </TASK>
[   82.068625][ T5318] Modules linked in:
[   82.070666][ T5318] ---[ end trace 0000000000000000 ]---
[   82.073587][ T5318] RIP: 0010:__lock_acquire+0x6a/0x2100
[   82.075922][ T5318] Code: b6 04 30 84 c0 0f 85 f8 16 00 00 45 31 f6 83 3d eb ce 80 0e 00 0f 84 c8 13 00 00 89 54 24 60 89 5c 24 38 4c 89 f8 48 c1 e8 03 <80> 3c 30 00 74 12 4c 89 ff e8 78 38 8b 00 48 be 00 00 00 00 00 fc
[   82.083033][ T5318] RSP: 0018:ffffc9000d397850 EFLAGS: 00010006
[   82.085299][ T5318] RAX: 000000000000003c RBX: 0000000000000001 RCX: 0000000000000001
[   82.088231][ T5318] RDX: 0000000000000000 RSI: dffffc0000000000 RDI: 00000000000001e0
[   82.091157][ T5318] RBP: 0000000000000001 R08: 0000000000000001 R09: 0000000000000000
[   82.096720][ T5318] R10: dffffc0000000000 R11: fffffbfff2036b8f R12: ffff888036562440
[   82.100245][ T5318] R13: 0000000000000000 R14: 0000000000000000 R15: 00000000000001e0
[   82.103001][ T5318] FS:  00007f49671366c0(0000) GS:ffff88801fc00000(0000) knlGS:0000000000000000
[   82.106164][ T5318] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[   82.108786][ T5318] CR2: 00007f7a88ce37b7 CR3: 0000000052d30000 CR4: 0000000000352ef0
[   82.111735][ T5318] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[   82.114555][ T5318] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[   82.117313][ T5318] Kernel panic - not syncing: Fatal exception
[   82.119889][ T5318] Kernel Offset: disabled
[   82.121679][ T5318] Rebooting in 86400 seconds..