fd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x8000, 0x5}) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) 23:50:33 executing program 3: r0 = eventfd2(0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)='[{,\x00', 0xfffffffffffffffd) eventfd2(0x0, 0x0) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) request_key(&(0x7f0000000000)='rxrpc_s\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)='[{,\x00', 0xfffffffffffffffd) (async) 23:50:33 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) setsockopt$MRT_DEL_VIF(r0, 0x0, 0xcb, &(0x7f00000000c0)={0x1, 0x0, 0x9, 0x632d, @vifc_lcl_addr=@local, @private=0xa010101}, 0x10) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000100)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000140), &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) (async, rerun: 32) r2 = eventfd(0x0) (rerun: 32) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) read$eventfd(r2, &(0x7f0000000000), 0x8) 23:50:33 executing program 0: r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async, rerun: 32) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x8000, 0x5}) (async, rerun: 32) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) 23:50:33 executing program 3: r0 = eventfd2(0x2004, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:33 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:50:33 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:33 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async, rerun: 32) sched_rr_get_interval(0x0, &(0x7f0000000000)) (rerun: 32) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x8000000, 0xfffffff7, 0x0, 0x0, 0x3f, 0x0, 0x8, 0x2]) 23:50:33 executing program 0: r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x8000, 0x5}) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) eventfd(0x0) (async) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x8000, 0x5}) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) (async) 23:50:33 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) sched_rr_get_interval(0x0, &(0x7f0000000000)) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x8000000, 0xfffffff7, 0x0, 0x0, 0x3f, 0x0, 0x8, 0x2]) 23:50:33 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:50:33 executing program 3: r0 = eventfd2(0x2004, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:33 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:33 executing program 0: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r1}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r8}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000e00)={0x62c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0xbc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x9, 0x7, 0x2}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r6}, {0x174, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe31}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6fb1de07}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc06}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r2}, {0x154, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3f}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x1, 0xff, 0x51}, {0x24d, 0x0, 0x7b}, {0x4, 0x64, 0x1f, 0x256f}, {0x8, 0x1, 0x4, 0x8}, {0x1f, 0x1, 0x40, 0xd09e}, {0x1e40, 0x48, 0x3f, 0xffffffff}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x1f8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x66b}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xda}}, {0x8}}}]}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}]}}]}, 0x62c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000050) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl0\x00', r4, 0x4, 0x4f, 0x2, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x80, 0x7, 0x401}}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000000c0)={0x258, r0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x23c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xf87}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x9, 0x0, 0x1, 0x82}, {0x3, 0x1, 0x7, 0x52}, {0x3f, 0x6, 0x0, 0x77}, {0x0, 0x3f, 0x7, 0x58b}, {0x401, 0x4, 0x1, 0xe4}, {0x8000, 0x81, 0x9, 0x3ff}, {0x9, 0x4, 0x3, 0xff}, {0x3, 0x7f, 0x40, 0x3}, {0x50, 0x3, 0x0, 0x1f}, {0x4, 0x5, 0x9, 0x200}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xcd31}}}]}}]}, 0x258}, 0x1, 0x0, 0x0, 0x80}, 0x48800) 23:50:34 executing program 2: socket(0x2, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:34 executing program 4: r0 = eventfd2(0x5, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1}) r1 = eventfd2(0x8, 0x0) read$eventfd(r1, &(0x7f0000000040), 0x8) r2 = getpgid(0x0) sched_rr_get_interval(r2, &(0x7f00000000c0)) 23:50:34 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0x7, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f00000000c0)=[0x4, 0x95, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3]) 23:50:34 executing program 3: r0 = eventfd2(0x2004, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:34 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(0xffffffffffffffff, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:34 executing program 0: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r1}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r8}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000e00)={0x62c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0xbc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x9, 0x7, 0x2}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r6}, {0x174, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe31}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6fb1de07}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc06}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r2}, {0x154, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3f}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x1, 0xff, 0x51}, {0x24d, 0x0, 0x7b}, {0x4, 0x64, 0x1f, 0x256f}, {0x8, 0x1, 0x4, 0x8}, {0x1f, 0x1, 0x40, 0xd09e}, {0x1e40, 0x48, 0x3f, 0xffffffff}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x1f8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x66b}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xda}}, {0x8}}}]}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}]}}]}, 0x62c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000050) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl0\x00', r4, 0x4, 0x4f, 0x2, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x80, 0x7, 0x401}}) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000000c0)={0x258, r0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x23c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xf87}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x9, 0x0, 0x1, 0x82}, {0x3, 0x1, 0x7, 0x52}, {0x3f, 0x6, 0x0, 0x77}, {0x0, 0x3f, 0x7, 0x58b}, {0x401, 0x4, 0x1, 0xe4}, {0x8000, 0x81, 0x9, 0x3ff}, {0x9, 0x4, 0x3, 0xff}, {0x3, 0x7f, 0x40, 0x3}, {0x50, 0x3, 0x0, 0x1f}, {0x4, 0x5, 0x9, 0x200}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xcd31}}}]}}]}, 0x258}, 0x1, 0x0, 0x0, 0x80}, 0x48800) 23:50:34 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000000), 0x7, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f00000000c0)=[0x4, 0x95, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3]) 23:50:34 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x8) eventfd2(0x8, 0x80800) 23:50:34 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:34 executing program 0: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r0 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r1}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async, rerun: 64) r3 = socket(0x18, 0x0, 0xa7) (rerun: 64) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async, rerun: 32) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) (rerun: 32) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r8}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000580)={&(0x7f0000000480)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000540)={&(0x7f0000000e00)={0x62c, 0x0, 0x400, 0x70bd27, 0x25dfdbfe, {}, [{{0x8, 0x1, r1}, {0xbc, 0x2, 0x0, 0x1, [{0x3c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0xc, 0x4, [{0x0, 0x9, 0x7, 0x2}]}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r6}, {0x174, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xe31}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6fb1de07}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xc06}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r2}, {0x154, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x10000}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x3f}}}, {0x64, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x34, 0x4, [{0x1, 0xff, 0x51}, {0x24d, 0x0, 0x7b}, {0x4, 0x64, 0x1f, 0x256f}, {0x8, 0x1, 0x4, 0x8}, {0x1f, 0x1, 0x40, 0xd09e}, {0x1e40, 0x48, 0x3f, 0xffffffff}]}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x1f8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8, 0x6, r1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x66b}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x400}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xda}}, {0x8}}}]}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1000}}}]}}]}, 0x62c}, 0x1, 0x0, 0x0, 0x20000000}, 0x24000050) (async, rerun: 32) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (rerun: 32) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000440)={'ip6gre0\x00', &(0x7f00000003c0)={'syztnl0\x00', r4, 0x4, 0x4f, 0x2, 0x9, 0x0, @mcast1, @private0={0xfc, 0x0, '\x00', 0x1}, 0x20, 0x80, 0x7, 0x401}}) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000340)={&(0x7f00000000c0)={0x258, r0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [{{0x8, 0x1, r1}, {0x23c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xf87}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0x9, 0x0, 0x1, 0x82}, {0x3, 0x1, 0x7, 0x52}, {0x3f, 0x6, 0x0, 0x77}, {0x0, 0x3f, 0x7, 0x58b}, {0x401, 0x4, 0x1, 0xe4}, {0x8000, 0x81, 0x9, 0x3ff}, {0x9, 0x4, 0x3, 0xff}, {0x3, 0x7f, 0x40, 0x3}, {0x50, 0x3, 0x0, 0x1f}, {0x4, 0x5, 0x9, 0x200}]}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xcd31}}}]}}]}, 0x258}, 0x1, 0x0, 0x0, 0x80}, 0x48800) 23:50:34 executing program 4: r0 = eventfd2(0x5, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1}) (async) r1 = eventfd2(0x8, 0x0) read$eventfd(r1, &(0x7f0000000040), 0x8) (async, rerun: 32) r2 = getpgid(0x0) (rerun: 32) sched_rr_get_interval(r2, &(0x7f00000000c0)) 23:50:34 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000000), 0x7, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f00000000c0)=[0x4, 0x95, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x3]) 23:50:34 executing program 2: socket(0x2, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:34 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:34 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000419bd7000fbdbdf250c0000000800390094175f2f"], 0x1c}, 0x1, 0x0, 0x0, 0x8014}, 0x8080) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) 23:50:34 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0xfffffffffffffffa, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8, 0x0, 0xfffffffe]) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0xe, 0x5, 0xffffff9a}) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000180)={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, "6bda40d93487c1997a8259d333c3007e7a0a8709a29ec2e75f84698234d0e449", 0x957a, 0x8, 0x0, 0x20}, 0x3c) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x48) read$msr(r0, &(0x7f00000000c0)=""/134, 0x86) 23:50:34 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:34 executing program 2: socket(0x2, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:34 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:35 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) eventfd2(0x8, 0x80800) 23:50:35 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000419bd7000fbdbdf250c0000000800390094175f2f"], 0x1c}, 0x1, 0x0, 0x0, 0x8014}, 0x8080) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) 23:50:35 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0xfffffffffffffffa, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8, 0x0, 0xfffffffe]) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0xe, 0x5, 0xffffff9a}) (async) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000180)={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, "6bda40d93487c1997a8259d333c3007e7a0a8709a29ec2e75f84698234d0e449", 0x957a, 0x8, 0x0, 0x20}, 0x3c) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x48) read$msr(r0, &(0x7f00000000c0)=""/134, 0x86) 23:50:35 executing program 4: r0 = eventfd2(0x5, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1}) r1 = eventfd2(0x8, 0x0) read$eventfd(r1, &(0x7f0000000040), 0x8) (async) r2 = getpgid(0x0) sched_rr_get_interval(r2, &(0x7f00000000c0)) 23:50:35 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:35 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152dab2642ba4632d9f6ec6c715b79f470b2c4d63142952e6f0cddd1917aa1bfa5dc5ee57eaa463b065cd4e8ea4cbf26b0470556513a6c3867bdb12376c1d65bdb26a4c512dbfd804e9f2140ce9a52d114fa9866d6c10d7eff1bd87f8ddc21a6791f829b059c4ddbf9c17049caa560208db94a56a8edcc4f6c1e0a07e7591be4ed1f8903741eb2a3546c37e8c5a22", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:35 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000419bd7000fbdbdf250c0000000800390094175f2f"], 0x1c}, 0x1, 0x0, 0x0, 0x8014}, 0x8080) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) add_key$keyring(&(0x7f0000000000), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="000419bd7000fbdbdf250c0000000800390094175f2f"], 0x1c}, 0x1, 0x0, 0x0, 0x8014}, 0x8080) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) (async) 23:50:35 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd2(0x7, 0x800) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) 23:50:35 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0xfffffffffffffffa, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8, 0x0, 0xfffffffe]) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f00000001c0)={0xe, 0x5, 0xffffff9a}) setsockopt$MRT_ADD_MFC_PROXY(r2, 0x0, 0xd2, &(0x7f0000000180)={@loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x1, "6bda40d93487c1997a8259d333c3007e7a0a8709a29ec2e75f84698234d0e449", 0x957a, 0x8, 0x0, 0x20}, 0x3c) (async) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x48) (async) read$msr(r0, &(0x7f00000000c0)=""/134, 0x86) 23:50:35 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:35 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x800, 0x1, 0x101, 0x6, 0x1, 0x3, 0x10001]) 23:50:35 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:35 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) eventfd2(0x8, 0x80800) 23:50:35 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152dab2642ba4632d9f6ec6c715b79f470b2c4d63142952e6f0cddd1917aa1bfa5dc5ee57eaa463b065cd4e8ea4cbf26b0470556513a6c3867bdb12376c1d65bdb26a4c512dbfd804e9f2140ce9a52d114fa9866d6c10d7eff1bd87f8ddc21a6791f829b059c4ddbf9c17049caa560208db94a56a8edcc4f6c1e0a07e7591be4ed1f8903741eb2a3546c37e8c5a22", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) (async) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:35 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) r1 = eventfd2(0x7, 0x800) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) 23:50:35 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x800, 0x1, 0x101, 0x6, 0x1, 0x3, 0x10001]) 23:50:35 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x4000000000000007, 0x0) read$msr(r1, &(0x7f0000000080)=""/4096, 0x1000) 23:50:35 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:36 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x4000000000000007, 0x0) read$msr(r1, &(0x7f0000000080)=""/4096, 0x1000) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000000), 0x4000000000000007, 0x0) (async) read$msr(r1, &(0x7f0000000080)=""/4096, 0x1000) (async) 23:50:36 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x800, 0x1, 0x101, 0x6, 0x1, 0x3, 0x10001]) 23:50:36 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:36 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) (async, rerun: 64) r1 = eventfd2(0x7, 0x800) (rerun: 64) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) 23:50:36 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000000), 0x4000000000000007, 0x0) read$msr(r1, &(0x7f0000000080)=""/4096, 0x1000) 23:50:36 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152dab2642ba4632d9f6ec6c715b79f470b2c4d63142952e6f0cddd1917aa1bfa5dc5ee57eaa463b065cd4e8ea4cbf26b0470556513a6c3867bdb12376c1d65bdb26a4c512dbfd804e9f2140ce9a52d114fa9866d6c10d7eff1bd87f8ddc21a6791f829b059c4ddbf9c17049caa560208db94a56a8edcc4f6c1e0a07e7591be4ed1f8903741eb2a3546c37e8c5a22", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152dab2642ba4632d9f6ec6c715b79f470b2c4d63142952e6f0cddd1917aa1bfa5dc5ee57eaa463b065cd4e8ea4cbf26b0470556513a6c3867bdb12376c1d65bdb26a4c512dbfd804e9f2140ce9a52d114fa9866d6c10d7eff1bd87f8ddc21a6791f829b059c4ddbf9c17049caa560208db94a56a8edcc4f6c1e0a07e7591be4ed1f8903741eb2a3546c37e8c5a22", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) (async) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r2) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:36 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x0, 0xfffffff8, 0x0, 0x0, 0x3]) 23:50:36 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, r2, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x1) read$eventfd(r1, &(0x7f0000000000), 0x8) 23:50:36 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:36 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x71}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0x40000) 23:50:36 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x0, 0xfffffff8, 0x0, 0x0, 0x3]) 23:50:36 executing program 2: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1b) socket(0x1a, 0x0, 0x1) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x400, 0xfffffff8, 0x77660e4, 0x0, 0x0, 0x8, 0x0, 0x2e63e477]) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00', {0x4, 0x80, 0x81, 0x8}, 0xa, [0x7, 0x1, 0x3d3, 0x9, 0x10000, 0x71, 0x1, 0x9, 0x0, 0xcc1c, 0x1, 0xfffffff7, 0x17dd, 0x8, 0x1, 0x80000000, 0x4e, 0xfffe00, 0x3, 0x1f, 0x1, 0x2, 0x4, 0xb9, 0xfffffbff, 0xc4d, 0x7, 0x10000, 0x1, 0x4c, 0xfffffffa, 0x8001, 0x80000001, 0x6, 0x200, 0x4, 0x8001, 0x2eb, 0x2d86, 0x8, 0x2, 0x2, 0xd8bf, 0x5, 0x0, 0x4, 0x40, 0x2, 0x200, 0x6, 0x3f, 0xfff, 0x9, 0x6, 0x3, 0x28, 0x0, 0x3, 0x5, 0x3, 0xf15, 0x1ed, 0x5, 0x1], [0xfffffff8, 0x8, 0x9, 0x8000, 0x200, 0x750, 0x81, 0x8, 0x1, 0x80000000, 0x101, 0x7f, 0x2, 0x8, 0x7, 0x10000, 0x3, 0xaec0, 0x9a05, 0x2, 0x631, 0x89c1, 0x3, 0x7fff, 0x7fffffff, 0x9, 0x1ff, 0x5, 0x1, 0x67, 0x1, 0x3, 0x2c07, 0x8b7d, 0x7e8, 0x6184, 0x3ff, 0x2, 0xffff, 0x405, 0x3, 0x8000, 0x5, 0x1ff, 0x100, 0x263, 0x9, 0xaddf, 0x3c5e, 0x7, 0x2, 0x4, 0x1, 0x3, 0x147, 0x8000, 0x8001, 0x0, 0x7f, 0x1, 0xc9, 0x5, 0x8, 0x800], [0x5, 0xffff0001, 0xff, 0x0, 0x2, 0x1000000, 0x2, 0x67, 0x1, 0x100, 0xffffffff, 0xab8, 0x7, 0x5, 0x3f, 0x7, 0x7, 0x7fffffff, 0xfff, 0x401, 0x8000, 0x8, 0x8, 0x8d, 0x8, 0x3, 0x4, 0x2, 0xffff0001, 0x3, 0xff, 0x6, 0x8000, 0x6, 0x7, 0xfffffffe, 0x4, 0x5, 0x80, 0x837, 0xbf9, 0x1f9, 0xfff, 0x7ff, 0x100, 0xe7, 0x2, 0x0, 0x7, 0x3, 0x9, 0x8, 0x4, 0x23d, 0x6, 0x1f, 0x1, 0x0, 0x3f, 0x2, 0x4, 0xff, 0x4, 0x6], [0x0, 0x2, 0x3, 0x1, 0x7f, 0x3, 0x7fff, 0x5, 0x7, 0x4, 0x0, 0x200, 0x2, 0x1ff, 0x0, 0x3, 0x9, 0x3, 0x3, 0x4ff, 0x4, 0x1f, 0x0, 0x9, 0x4, 0x7d5, 0x0, 0x4, 0xea, 0x1, 0x1, 0x6, 0x0, 0x40, 0xaa0, 0x2, 0x81, 0x2, 0x1, 0x5, 0x7fffffff, 0x48d, 0x1ff, 0x6, 0x4, 0x2, 0x3ff, 0x0, 0x2, 0x4d, 0x81, 0x3, 0x1000, 0x400, 0x9, 0x0, 0x9, 0x7, 0x7, 0xfffffffc, 0x2a3, 0x0, 0x5, 0x5]}, 0x45c) 23:50:36 executing program 3: r0 = eventfd2(0x0, 0x0) eventfd(0x401) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:36 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x71}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0x40000) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x71}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0x40000) (async) 23:50:36 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x0, 0xfffffff8, 0x0, 0x0, 0x3]) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x0, 0xfffffff8, 0x0, 0x0, 0x3]) (async) 23:50:36 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:36 executing program 2: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1b) (async) socket(0x1a, 0x0, 0x1) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x400, 0xfffffff8, 0x77660e4, 0x0, 0x0, 0x8, 0x0, 0x2e63e477]) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00', {0x4, 0x80, 0x81, 0x8}, 0xa, [0x7, 0x1, 0x3d3, 0x9, 0x10000, 0x71, 0x1, 0x9, 0x0, 0xcc1c, 0x1, 0xfffffff7, 0x17dd, 0x8, 0x1, 0x80000000, 0x4e, 0xfffe00, 0x3, 0x1f, 0x1, 0x2, 0x4, 0xb9, 0xfffffbff, 0xc4d, 0x7, 0x10000, 0x1, 0x4c, 0xfffffffa, 0x8001, 0x80000001, 0x6, 0x200, 0x4, 0x8001, 0x2eb, 0x2d86, 0x8, 0x2, 0x2, 0xd8bf, 0x5, 0x0, 0x4, 0x40, 0x2, 0x200, 0x6, 0x3f, 0xfff, 0x9, 0x6, 0x3, 0x28, 0x0, 0x3, 0x5, 0x3, 0xf15, 0x1ed, 0x5, 0x1], [0xfffffff8, 0x8, 0x9, 0x8000, 0x200, 0x750, 0x81, 0x8, 0x1, 0x80000000, 0x101, 0x7f, 0x2, 0x8, 0x7, 0x10000, 0x3, 0xaec0, 0x9a05, 0x2, 0x631, 0x89c1, 0x3, 0x7fff, 0x7fffffff, 0x9, 0x1ff, 0x5, 0x1, 0x67, 0x1, 0x3, 0x2c07, 0x8b7d, 0x7e8, 0x6184, 0x3ff, 0x2, 0xffff, 0x405, 0x3, 0x8000, 0x5, 0x1ff, 0x100, 0x263, 0x9, 0xaddf, 0x3c5e, 0x7, 0x2, 0x4, 0x1, 0x3, 0x147, 0x8000, 0x8001, 0x0, 0x7f, 0x1, 0xc9, 0x5, 0x8, 0x800], [0x5, 0xffff0001, 0xff, 0x0, 0x2, 0x1000000, 0x2, 0x67, 0x1, 0x100, 0xffffffff, 0xab8, 0x7, 0x5, 0x3f, 0x7, 0x7, 0x7fffffff, 0xfff, 0x401, 0x8000, 0x8, 0x8, 0x8d, 0x8, 0x3, 0x4, 0x2, 0xffff0001, 0x3, 0xff, 0x6, 0x8000, 0x6, 0x7, 0xfffffffe, 0x4, 0x5, 0x80, 0x837, 0xbf9, 0x1f9, 0xfff, 0x7ff, 0x100, 0xe7, 0x2, 0x0, 0x7, 0x3, 0x9, 0x8, 0x4, 0x23d, 0x6, 0x1f, 0x1, 0x0, 0x3f, 0x2, 0x4, 0xff, 0x4, 0x6], [0x0, 0x2, 0x3, 0x1, 0x7f, 0x3, 0x7fff, 0x5, 0x7, 0x4, 0x0, 0x200, 0x2, 0x1ff, 0x0, 0x3, 0x9, 0x3, 0x3, 0x4ff, 0x4, 0x1f, 0x0, 0x9, 0x4, 0x7d5, 0x0, 0x4, 0xea, 0x1, 0x1, 0x6, 0x0, 0x40, 0xaa0, 0x2, 0x81, 0x2, 0x1, 0x5, 0x7fffffff, 0x48d, 0x1ff, 0x6, 0x4, 0x2, 0x3ff, 0x0, 0x2, 0x4d, 0x81, 0x3, 0x1000, 0x400, 0x9, 0x0, 0x9, 0x7, 0x7, 0xfffffffc, 0x2a3, 0x0, 0x5, 0x5]}, 0x45c) 23:50:36 executing program 3: r0 = eventfd2(0x0, 0x0) eventfd(0x401) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:37 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:37 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) (async, rerun: 32) r1 = eventfd(0x0) (rerun: 32) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, r2, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x1) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) 23:50:37 executing program 3: r0 = eventfd2(0x0, 0x0) eventfd(0x401) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:37 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, 0x0, 0x200, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x71}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x881}, 0x40000) 23:50:37 executing program 2: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1b) socket(0x1a, 0x0, 0x1) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x400, 0xfffffff8, 0x77660e4, 0x0, 0x0, 0x8, 0x0, 0x2e63e477]) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) write$uinput_user_dev(r1, &(0x7f00000000c0)={'syz0\x00', {0x4, 0x80, 0x81, 0x8}, 0xa, [0x7, 0x1, 0x3d3, 0x9, 0x10000, 0x71, 0x1, 0x9, 0x0, 0xcc1c, 0x1, 0xfffffff7, 0x17dd, 0x8, 0x1, 0x80000000, 0x4e, 0xfffe00, 0x3, 0x1f, 0x1, 0x2, 0x4, 0xb9, 0xfffffbff, 0xc4d, 0x7, 0x10000, 0x1, 0x4c, 0xfffffffa, 0x8001, 0x80000001, 0x6, 0x200, 0x4, 0x8001, 0x2eb, 0x2d86, 0x8, 0x2, 0x2, 0xd8bf, 0x5, 0x0, 0x4, 0x40, 0x2, 0x200, 0x6, 0x3f, 0xfff, 0x9, 0x6, 0x3, 0x28, 0x0, 0x3, 0x5, 0x3, 0xf15, 0x1ed, 0x5, 0x1], [0xfffffff8, 0x8, 0x9, 0x8000, 0x200, 0x750, 0x81, 0x8, 0x1, 0x80000000, 0x101, 0x7f, 0x2, 0x8, 0x7, 0x10000, 0x3, 0xaec0, 0x9a05, 0x2, 0x631, 0x89c1, 0x3, 0x7fff, 0x7fffffff, 0x9, 0x1ff, 0x5, 0x1, 0x67, 0x1, 0x3, 0x2c07, 0x8b7d, 0x7e8, 0x6184, 0x3ff, 0x2, 0xffff, 0x405, 0x3, 0x8000, 0x5, 0x1ff, 0x100, 0x263, 0x9, 0xaddf, 0x3c5e, 0x7, 0x2, 0x4, 0x1, 0x3, 0x147, 0x8000, 0x8001, 0x0, 0x7f, 0x1, 0xc9, 0x5, 0x8, 0x800], [0x5, 0xffff0001, 0xff, 0x0, 0x2, 0x1000000, 0x2, 0x67, 0x1, 0x100, 0xffffffff, 0xab8, 0x7, 0x5, 0x3f, 0x7, 0x7, 0x7fffffff, 0xfff, 0x401, 0x8000, 0x8, 0x8, 0x8d, 0x8, 0x3, 0x4, 0x2, 0xffff0001, 0x3, 0xff, 0x6, 0x8000, 0x6, 0x7, 0xfffffffe, 0x4, 0x5, 0x80, 0x837, 0xbf9, 0x1f9, 0xfff, 0x7ff, 0x100, 0xe7, 0x2, 0x0, 0x7, 0x3, 0x9, 0x8, 0x4, 0x23d, 0x6, 0x1f, 0x1, 0x0, 0x3f, 0x2, 0x4, 0xff, 0x4, 0x6], [0x0, 0x2, 0x3, 0x1, 0x7f, 0x3, 0x7fff, 0x5, 0x7, 0x4, 0x0, 0x200, 0x2, 0x1ff, 0x0, 0x3, 0x9, 0x3, 0x3, 0x4ff, 0x4, 0x1f, 0x0, 0x9, 0x4, 0x7d5, 0x0, 0x4, 0xea, 0x1, 0x1, 0x6, 0x0, 0x40, 0xaa0, 0x2, 0x81, 0x2, 0x1, 0x5, 0x7fffffff, 0x48d, 0x1ff, 0x6, 0x4, 0x2, 0x3ff, 0x0, 0x2, 0x4d, 0x81, 0x3, 0x1000, 0x400, 0x9, 0x0, 0x9, 0x7, 0x7, 0xfffffffc, 0x2a3, 0x0, 0x5, 0x5]}, 0x45c) 23:50:37 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:37 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:37 executing program 3: r0 = eventfd2(0xffffffdf, 0x80000) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000000)={0x0, 0x40}, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:37 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:37 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000000)=[0x6, 0x1f, 0x9, 0x2cbd, 0x80, 0x0, 0xffff, 0x1f]) 23:50:37 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r1, &(0x7f00000000c0)=""/225, 0xe1) 23:50:37 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000000), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:37 executing program 3: r0 = eventfd2(0xffffffdf, 0x80000) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000000)={0x0, 0x40}, 0x1) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:38 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, r2, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x1) read$eventfd(r1, &(0x7f0000000000), 0x8) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) eventfd(0x0) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) (async) sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x90, r2, 0x100, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}]}}]}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x1) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) 23:50:38 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000000)=[0x6, 0x1f, 0x9, 0x2cbd, 0x80, 0x0, 0xffff, 0x1f]) 23:50:38 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, 0x0, &(0x7f0000000180)) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r1, &(0x7f00000000c0)=""/225, 0xe1) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) read$msr(r1, &(0x7f00000000c0)=""/225, 0xe1) (async) 23:50:38 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 3: r0 = eventfd2(0xffffffdf, 0x80000) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000000)={0x0, 0x40}, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0xffffffdf, 0x80000) (async) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000000)={0x0, 0x40}, 0x1) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x9) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042cbd7000a8e6c1e50fd3d8b208003c0006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0x5, 0x3}) r4 = eventfd2(0x2, 0x80801) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:38 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000000)=[0x6, 0x1f, 0x9, 0x2cbd, 0x80, 0x0, 0xffff, 0x1f]) 23:50:38 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r1, &(0x7f00000000c0)=""/225, 0xe1) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) (async) read$msr(r1, &(0x7f00000000c0)=""/225, 0xe1) (async) 23:50:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x9) (async) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) (async) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x6) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042cbd7000a8e6c1e50fd3d8b208003c0006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) (async, rerun: 64) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0x5, 0x3}) (async, rerun: 64) r4 = eventfd2(0x2, 0x80801) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:38 executing program 4: r0 = eventfd2(0x0, 0x801) read$eventfd(r0, &(0x7f0000000040), 0x8) r1 = eventfd2(0x3, 0xbdd85886ad3b53c3) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1, 0x1}) 23:50:38 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, 0x0) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 1: socket(0x2, 0x0, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:38 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x9) (async) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) (async) ioctl$UI_SET_SNDBIT(0xffffffffffffffff, 0x4004556a, 0x6) (async) r2 = socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000200)={&(0x7f0000000100), 0xc, &(0x7f00000001c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="00042cbd7000a8e6c1e50fd3d8b208003c0006000000"], 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x4000000) ioctl$UI_END_FF_ERASE(r0, 0x400c55cb, &(0x7f0000000040)={0x9, 0x5, 0x3}) r4 = eventfd2(0x2, 0x80801) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:38 executing program 4: r0 = eventfd2(0x0, 0x801) read$eventfd(r0, &(0x7f0000000040), 0x8) r1 = eventfd2(0x3, 0xbdd85886ad3b53c3) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1, 0x1}) 23:50:38 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:38 executing program 1: r0 = eventfd2(0x5, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x1}) r1 = eventfd2(0x8, 0x0) read$eventfd(r1, &(0x7f0000000040), 0x8) r2 = getpgid(0x0) sched_rr_get_interval(r2, &(0x7f00000000c0)) 23:50:38 executing program 3: r0 = semget$private(0x0, 0x3, 0x18c) semctl$GETPID(r0, 0x2, 0xb, &(0x7f00000000c0)=""/71) r1 = eventfd2(0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:38 executing program 2: socket(0x2, 0x0, 0x0) socketpair(0x22, 0x4, 0x1, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7f}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x4000) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:39 executing program 4: r0 = eventfd2(0x0, 0x801) read$eventfd(r0, &(0x7f0000000040), 0x8) (async) r1 = eventfd2(0x3, 0xbdd85886ad3b53c3) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1, 0x1}) 23:50:39 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 4: r0 = eventfd2(0x3d, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 2: socket(0x2, 0x0, 0x0) (async) socketpair(0x22, 0x4, 0x1, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7f}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x4000) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:39 executing program 3: r0 = semget$private(0x0, 0x3, 0x18c) semctl$GETPID(r0, 0x2, 0xb, &(0x7f00000000c0)=""/71) r1 = eventfd2(0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)) (async) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:39 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) read$msr(r0, &(0x7f00000000c0)=""/3, 0x3) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_VLAN(r2, &(0x7f0000000440)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="01002bbd7000fedbdf251100000008002b000300000008003400000400000500350004000000"], 0x2c}, 0x1, 0x0, 0x0, 0x104e5b3976125a51}, 0x20040040) r5 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r5) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r5, 0x6, 0x14, &(0x7f00000002c0)=0x2, 0x4) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x1ff, 0x4) r6 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000004c0)={&(0x7f0000000480)=[0x0, 0x0], 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000540)={r7, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0]}) accept4$bt_l2cap(r6, &(0x7f0000000300)={0x1f, 0x0, @fixed}, &(0x7f0000000340)=0xe, 0x800) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x10) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x44, 0x0, 0x400, 0x70bd23, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x81}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44090}, 0x4090) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6) 23:50:39 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 4: r0 = eventfd2(0x3d, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, &(0x7f0000000040)) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 2: socket(0x2, 0x0, 0x0) (async) socketpair(0x22, 0x4, 0x1, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x400, 0x70bd2c, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x7f}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20008800}, 0x4000) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6) 23:50:39 executing program 3: r0 = semget$private(0x0, 0x3, 0x18c) semctl$GETPID(r0, 0x2, 0xb, &(0x7f00000000c0)=""/71) r1 = eventfd2(0x0, 0x0) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) semget$private(0x0, 0x3, 0x18c) (async) semctl$GETPID(r0, 0x2, 0xb, &(0x7f00000000c0)=""/71) (async) eventfd2(0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f0000000000)) (async) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:39 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r0, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICLIST(r0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x2c, r1, 0x8, 0x70bd2c, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @multicast2}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}, @NLBL_UNLABEL_A_ACPTFLG={0x5, 0x1, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4}, 0x4015) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5]) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x7, 0x4) 23:50:39 executing program 4: r0 = eventfd2(0x3d, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x6) 23:50:39 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x1000007, 0x0) getsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000000), 0x2) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) 23:50:39 executing program 4: r0 = eventfd2(0x0, 0x80801) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0x2, 0x101, 0xfa}, 0x34, [0x8, 0x3, 0x4, 0xfffffff8, 0x1, 0x7fff, 0x2, 0xffff8000, 0x3ff, 0x9, 0x7, 0x6, 0x800, 0xffff620e, 0x401, 0x2, 0xce, 0xe5d9, 0x0, 0x1, 0x5, 0x10001, 0x4bf, 0x1, 0x42e, 0x400, 0x78, 0x7f, 0x8, 0x0, 0x79b8, 0xfff, 0x80, 0x4, 0x2, 0xdab, 0x7, 0x5, 0x7ff, 0x10001, 0x464c, 0x7ff, 0x7fff, 0x6, 0x7, 0x7159d1fa, 0x1ff, 0x5, 0x80000001, 0x27216605, 0xff, 0xffffffa3, 0xd69, 0x3, 0x0, 0x1, 0x2, 0x0, 0x7fff, 0x2c, 0x1000, 0x1, 0xd6, 0xd9], [0xe4, 0x4, 0x3, 0x3, 0x0, 0x3, 0x8001, 0x1, 0x8b11, 0x0, 0x1, 0x0, 0x400, 0x7, 0xbd, 0x6, 0x401, 0x80, 0x6, 0x6, 0x9247, 0x800, 0x1f, 0x6, 0x3ff, 0x1, 0x7, 0x7fffffff, 0x4, 0x9258, 0xffffff01, 0xc7e4, 0x3c, 0xffff, 0x3ff, 0x81, 0x10000, 0x1, 0x7, 0x6, 0xffffff80, 0xfffffffb, 0x8001, 0x8, 0x0, 0x4, 0x2, 0x80000001, 0xffffffff, 0xafe3, 0x0, 0x2, 0x311, 0xdc, 0xfce, 0x4, 0xe163, 0x2020, 0x8, 0xb96, 0x0, 0x4f5, 0xfff, 0x8], [0xcfd, 0x83, 0x0, 0x3, 0x2c77, 0xfffffffe, 0x0, 0x8, 0x0, 0x200, 0x2, 0x1, 0x10000, 0x480, 0x6, 0x0, 0x9, 0x0, 0x6c62, 0x1, 0x5, 0x9, 0x7ff, 0x3, 0x8, 0x2, 0x4, 0x0, 0xe853, 0x7, 0x67, 0x80, 0x20, 0x400, 0x7fffffff, 0xfff, 0x6, 0x4, 0x8, 0xa0, 0xfff, 0x200, 0x81, 0x0, 0x0, 0x401, 0x100, 0x5, 0x4, 0x4, 0x9, 0x4, 0x4, 0xffffffff, 0x2, 0x101, 0x9, 0x8001, 0xfff, 0x1000, 0x6, 0x0, 0x4a, 0x9], [0x80000001, 0x4, 0x0, 0x3f3, 0x80, 0x5, 0xf27, 0xf7, 0xffff8001, 0x7f, 0x6, 0x4, 0x1, 0x9, 0x0, 0x3f, 0x73b, 0x2, 0x5, 0x3, 0x0, 0x1, 0x9, 0x8, 0x4, 0x8, 0x517a, 0x2, 0x33c0, 0x6, 0x5, 0xea0, 0x6bd5, 0x2, 0xa5, 0x1, 0x5, 0x4, 0x8, 0x4c, 0x7ff, 0x5, 0x5d, 0x6, 0x5, 0x7, 0x9, 0x0, 0x7, 0x100, 0x6d, 0x438, 0x8b1, 0x1, 0x80000000, 0x7c2, 0x0, 0xc810, 0x0, 0xffff, 0x9, 0x4, 0x8, 0x800]}, 0x45c) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd(0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x0) 23:50:39 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400080000000800"/72, @ANYRES32=0x0, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000001200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000008000100", @ANYRES32=r2, @ANYBLOB="0400028080511e6f00629091a244ba07d2313bbdb11c8169977c1ae6a4c190f7125a512b35f2c89efe32295f1e880d0bc75d2a6f89522b47225db359312e49ce7578229633"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000012c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f0397d47bd69cc34c8893f55b2d7374617473000000000000000000050003000b000000080004000800000008000700000000000800010000000000000000000040", @ANYRES32=r7, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001180)={&(0x7f0000000500)={0xc50, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}]}}, {{0x8}, {0x21c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xad}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xff5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8}, {0x1d4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r3}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}]}}, {{0x8, 0x1, r4}, {0x268, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x98}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x284, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x0, 0x2, 0xcc, 0x1000000}, {0x6, 0x0, 0xe5, 0x1f}, {0x1000, 0xcb, 0x1, 0x1}, {0x9, 0x1, 0x2, 0xffffffc0}, {0x3, 0x3, 0xb9, 0xffffff36}, {0xd9, 0x9, 0xfa, 0x7ff}, {0x6, 0x5b, 0x7, 0x7b7d}, {0x4, 0x4, 0xc3, 0x7}, {0x6, 0x51, 0x80, 0x8}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x101, 0x80, 0x81, 0x7}, {0x1ff, 0x6, 0x7, 0x1}, {0x6, 0x80, 0x2, 0x6}, {0x6, 0x7f, 0xf8, 0x20}, {0x6, 0x36, 0x81, 0xf1}]}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0xc50}, 0x1, 0x0, 0x0, 0x4015}, 0x4) 23:50:39 executing program 4: r0 = eventfd2(0x0, 0x80801) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0x2, 0x101, 0xfa}, 0x34, [0x8, 0x3, 0x4, 0xfffffff8, 0x1, 0x7fff, 0x2, 0xffff8000, 0x3ff, 0x9, 0x7, 0x6, 0x800, 0xffff620e, 0x401, 0x2, 0xce, 0xe5d9, 0x0, 0x1, 0x5, 0x10001, 0x4bf, 0x1, 0x42e, 0x400, 0x78, 0x7f, 0x8, 0x0, 0x79b8, 0xfff, 0x80, 0x4, 0x2, 0xdab, 0x7, 0x5, 0x7ff, 0x10001, 0x464c, 0x7ff, 0x7fff, 0x6, 0x7, 0x7159d1fa, 0x1ff, 0x5, 0x80000001, 0x27216605, 0xff, 0xffffffa3, 0xd69, 0x3, 0x0, 0x1, 0x2, 0x0, 0x7fff, 0x2c, 0x1000, 0x1, 0xd6, 0xd9], [0xe4, 0x4, 0x3, 0x3, 0x0, 0x3, 0x8001, 0x1, 0x8b11, 0x0, 0x1, 0x0, 0x400, 0x7, 0xbd, 0x6, 0x401, 0x80, 0x6, 0x6, 0x9247, 0x800, 0x1f, 0x6, 0x3ff, 0x1, 0x7, 0x7fffffff, 0x4, 0x9258, 0xffffff01, 0xc7e4, 0x3c, 0xffff, 0x3ff, 0x81, 0x10000, 0x1, 0x7, 0x6, 0xffffff80, 0xfffffffb, 0x8001, 0x8, 0x0, 0x4, 0x2, 0x80000001, 0xffffffff, 0xafe3, 0x0, 0x2, 0x311, 0xdc, 0xfce, 0x4, 0xe163, 0x2020, 0x8, 0xb96, 0x0, 0x4f5, 0xfff, 0x8], [0xcfd, 0x83, 0x0, 0x3, 0x2c77, 0xfffffffe, 0x0, 0x8, 0x0, 0x200, 0x2, 0x1, 0x10000, 0x480, 0x6, 0x0, 0x9, 0x0, 0x6c62, 0x1, 0x5, 0x9, 0x7ff, 0x3, 0x8, 0x2, 0x4, 0x0, 0xe853, 0x7, 0x67, 0x80, 0x20, 0x400, 0x7fffffff, 0xfff, 0x6, 0x4, 0x8, 0xa0, 0xfff, 0x200, 0x81, 0x0, 0x0, 0x401, 0x100, 0x5, 0x4, 0x4, 0x9, 0x4, 0x4, 0xffffffff, 0x2, 0x101, 0x9, 0x8001, 0xfff, 0x1000, 0x6, 0x0, 0x4a, 0x9], [0x80000001, 0x4, 0x0, 0x3f3, 0x80, 0x5, 0xf27, 0xf7, 0xffff8001, 0x7f, 0x6, 0x4, 0x1, 0x9, 0x0, 0x3f, 0x73b, 0x2, 0x5, 0x3, 0x0, 0x1, 0x9, 0x8, 0x4, 0x8, 0x517a, 0x2, 0x33c0, 0x6, 0x5, 0xea0, 0x6bd5, 0x2, 0xa5, 0x1, 0x5, 0x4, 0x8, 0x4c, 0x7ff, 0x5, 0x5d, 0x6, 0x5, 0x7, 0x9, 0x0, 0x7, 0x100, 0x6d, 0x438, 0x8b1, 0x1, 0x80000000, 0x7c2, 0x0, 0xc810, 0x0, 0xffff, 0x9, 0x4, 0x8, 0x800]}, 0x45c) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 0: r0 = eventfd2(0x0, 0x80801) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0x2, 0x101, 0xfa}, 0x34, [0x8, 0x3, 0x4, 0xfffffff8, 0x1, 0x7fff, 0x2, 0xffff8000, 0x3ff, 0x9, 0x7, 0x6, 0x800, 0xffff620e, 0x401, 0x2, 0xce, 0xe5d9, 0x0, 0x1, 0x5, 0x10001, 0x4bf, 0x1, 0x42e, 0x400, 0x78, 0x7f, 0x8, 0x0, 0x79b8, 0xfff, 0x80, 0x4, 0x2, 0xdab, 0x7, 0x5, 0x7ff, 0x10001, 0x464c, 0x7ff, 0x7fff, 0x6, 0x7, 0x7159d1fa, 0x1ff, 0x5, 0x80000001, 0x27216605, 0xff, 0xffffffa3, 0xd69, 0x3, 0x0, 0x1, 0x2, 0x0, 0x7fff, 0x2c, 0x1000, 0x1, 0xd6, 0xd9], [0xe4, 0x4, 0x3, 0x3, 0x0, 0x3, 0x8001, 0x1, 0x8b11, 0x0, 0x1, 0x0, 0x400, 0x7, 0xbd, 0x6, 0x401, 0x80, 0x6, 0x6, 0x9247, 0x800, 0x1f, 0x6, 0x3ff, 0x1, 0x7, 0x7fffffff, 0x4, 0x9258, 0xffffff01, 0xc7e4, 0x3c, 0xffff, 0x3ff, 0x81, 0x10000, 0x1, 0x7, 0x6, 0xffffff80, 0xfffffffb, 0x8001, 0x8, 0x0, 0x4, 0x2, 0x80000001, 0xffffffff, 0xafe3, 0x0, 0x2, 0x311, 0xdc, 0xfce, 0x4, 0xe163, 0x2020, 0x8, 0xb96, 0x0, 0x4f5, 0xfff, 0x8], [0xcfd, 0x83, 0x0, 0x3, 0x2c77, 0xfffffffe, 0x0, 0x8, 0x0, 0x200, 0x2, 0x1, 0x10000, 0x480, 0x6, 0x0, 0x9, 0x0, 0x6c62, 0x1, 0x5, 0x9, 0x7ff, 0x3, 0x8, 0x2, 0x4, 0x0, 0xe853, 0x7, 0x67, 0x80, 0x20, 0x400, 0x7fffffff, 0xfff, 0x6, 0x4, 0x8, 0xa0, 0xfff, 0x200, 0x81, 0x0, 0x0, 0x401, 0x100, 0x5, 0x4, 0x4, 0x9, 0x4, 0x4, 0xffffffff, 0x2, 0x101, 0x9, 0x8001, 0xfff, 0x1000, 0x6, 0x0, 0x4a, 0x9], [0x80000001, 0x4, 0x0, 0x3f3, 0x80, 0x5, 0xf27, 0xf7, 0xffff8001, 0x7f, 0x6, 0x4, 0x1, 0x9, 0x0, 0x3f, 0x73b, 0x2, 0x5, 0x3, 0x0, 0x1, 0x9, 0x8, 0x4, 0x8, 0x517a, 0x2, 0x33c0, 0x6, 0x5, 0xea0, 0x6bd5, 0x2, 0xa5, 0x1, 0x5, 0x4, 0x8, 0x4c, 0x7ff, 0x5, 0x5d, 0x6, 0x5, 0x7, 0x9, 0x0, 0x7, 0x100, 0x6d, 0x438, 0x8b1, 0x1, 0x80000000, 0x7c2, 0x0, 0xc810, 0x0, 0xffff, 0x9, 0x4, 0x8, 0x800]}, 0x45c) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:39 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x0) 23:50:39 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400080000000800"/72, @ANYRES32=0x0, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000001200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000008000100", @ANYRES32=r2, @ANYBLOB="0400028080511e6f00629091a244ba07d2313bbdb11c8169977c1ae6a4c190f7125a512b35f2c89efe32295f1e880d0bc75d2a6f89522b47225db359312e49ce7578229633"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000012c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f0397d47bd69cc34c8893f55b2d7374617473000000000000000000050003000b000000080004000800000008000700000000000800010000000000000000000040", @ANYRES32=r7, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001180)={&(0x7f0000000500)={0xc50, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}]}}, {{0x8}, {0x21c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xad}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xff5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8}, {0x1d4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r3}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}]}}, {{0x8, 0x1, r4}, {0x268, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x98}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x284, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x0, 0x2, 0xcc, 0x1000000}, {0x6, 0x0, 0xe5, 0x1f}, {0x1000, 0xcb, 0x1, 0x1}, {0x9, 0x1, 0x2, 0xffffffc0}, {0x3, 0x3, 0xb9, 0xffffff36}, {0xd9, 0x9, 0xfa, 0x7ff}, {0x6, 0x5b, 0x7, 0x7b7d}, {0x4, 0x4, 0xc3, 0x7}, {0x6, 0x51, 0x80, 0x8}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x101, 0x80, 0x81, 0x7}, {0x1ff, 0x6, 0x7, 0x1}, {0x6, 0x80, 0x2, 0x6}, {0x6, 0x7f, 0xf8, 0x20}, {0x6, 0x36, 0x81, 0xf1}]}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0xc50}, 0x1, 0x0, 0x0, 0x4015}, 0x4) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400080000000800"/72, @ANYRES32=0x0, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000001200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000008000100", @ANYRES32=r2, @ANYBLOB="0400028080511e6f00629091a244ba07d2313bbdb11c8169977c1ae6a4c190f7125a512b35f2c89efe32295f1e880d0bc75d2a6f89522b47225db359312e49ce7578229633"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000012c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f0397d47bd69cc34c8893f55b2d7374617473000000000000000000050003000b000000080004000800000008000700000000000800010000000000000000000040", @ANYRES32=r7, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001180)={&(0x7f0000000500)={0xc50, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}]}}, {{0x8}, {0x21c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xad}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xff5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8}, {0x1d4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r3}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}]}}, {{0x8, 0x1, r4}, {0x268, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x98}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x284, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x0, 0x2, 0xcc, 0x1000000}, {0x6, 0x0, 0xe5, 0x1f}, {0x1000, 0xcb, 0x1, 0x1}, {0x9, 0x1, 0x2, 0xffffffc0}, {0x3, 0x3, 0xb9, 0xffffff36}, {0xd9, 0x9, 0xfa, 0x7ff}, {0x6, 0x5b, 0x7, 0x7b7d}, {0x4, 0x4, 0xc3, 0x7}, {0x6, 0x51, 0x80, 0x8}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x101, 0x80, 0x81, 0x7}, {0x1ff, 0x6, 0x7, 0x1}, {0x6, 0x80, 0x2, 0x6}, {0x6, 0x7f, 0xf8, 0x20}, {0x6, 0x36, 0x81, 0xf1}]}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0xc50}, 0x1, 0x0, 0x0, 0x4015}, 0x4) (async) 23:50:39 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x0, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:39 executing program 4: r0 = eventfd2(0x0, 0x80801) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000000c0)={'syz0\x00', {0x2, 0x101, 0xfa}, 0x34, [0x8, 0x3, 0x4, 0xfffffff8, 0x1, 0x7fff, 0x2, 0xffff8000, 0x3ff, 0x9, 0x7, 0x6, 0x800, 0xffff620e, 0x401, 0x2, 0xce, 0xe5d9, 0x0, 0x1, 0x5, 0x10001, 0x4bf, 0x1, 0x42e, 0x400, 0x78, 0x7f, 0x8, 0x0, 0x79b8, 0xfff, 0x80, 0x4, 0x2, 0xdab, 0x7, 0x5, 0x7ff, 0x10001, 0x464c, 0x7ff, 0x7fff, 0x6, 0x7, 0x7159d1fa, 0x1ff, 0x5, 0x80000001, 0x27216605, 0xff, 0xffffffa3, 0xd69, 0x3, 0x0, 0x1, 0x2, 0x0, 0x7fff, 0x2c, 0x1000, 0x1, 0xd6, 0xd9], [0xe4, 0x4, 0x3, 0x3, 0x0, 0x3, 0x8001, 0x1, 0x8b11, 0x0, 0x1, 0x0, 0x400, 0x7, 0xbd, 0x6, 0x401, 0x80, 0x6, 0x6, 0x9247, 0x800, 0x1f, 0x6, 0x3ff, 0x1, 0x7, 0x7fffffff, 0x4, 0x9258, 0xffffff01, 0xc7e4, 0x3c, 0xffff, 0x3ff, 0x81, 0x10000, 0x1, 0x7, 0x6, 0xffffff80, 0xfffffffb, 0x8001, 0x8, 0x0, 0x4, 0x2, 0x80000001, 0xffffffff, 0xafe3, 0x0, 0x2, 0x311, 0xdc, 0xfce, 0x4, 0xe163, 0x2020, 0x8, 0xb96, 0x0, 0x4f5, 0xfff, 0x8], [0xcfd, 0x83, 0x0, 0x3, 0x2c77, 0xfffffffe, 0x0, 0x8, 0x0, 0x200, 0x2, 0x1, 0x10000, 0x480, 0x6, 0x0, 0x9, 0x0, 0x6c62, 0x1, 0x5, 0x9, 0x7ff, 0x3, 0x8, 0x2, 0x4, 0x0, 0xe853, 0x7, 0x67, 0x80, 0x20, 0x400, 0x7fffffff, 0xfff, 0x6, 0x4, 0x8, 0xa0, 0xfff, 0x200, 0x81, 0x0, 0x0, 0x401, 0x100, 0x5, 0x4, 0x4, 0x9, 0x4, 0x4, 0xffffffff, 0x2, 0x101, 0x9, 0x8001, 0xfff, 0x1000, 0x6, 0x0, 0x4a, 0x9], [0x80000001, 0x4, 0x0, 0x3f3, 0x80, 0x5, 0xf27, 0xf7, 0xffff8001, 0x7f, 0x6, 0x4, 0x1, 0x9, 0x0, 0x3f, 0x73b, 0x2, 0x5, 0x3, 0x0, 0x1, 0x9, 0x8, 0x4, 0x8, 0x517a, 0x2, 0x33c0, 0x6, 0x5, 0xea0, 0x6bd5, 0x2, 0xa5, 0x1, 0x5, 0x4, 0x8, 0x4c, 0x7ff, 0x5, 0x5d, 0x6, 0x5, 0x7, 0x9, 0x0, 0x7, 0x100, 0x6d, 0x438, 0x8b1, 0x1, 0x80000000, 0x7c2, 0x0, 0xc810, 0x0, 0xffff, 0x9, 0x4, 0x8, 0x800]}, 0x45c) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:39 executing program 1: r0 = semget$private(0x0, 0x3, 0x0) semop(r0, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETVAL(r0, 0x2, 0xc, &(0x7f0000000080)=""/157) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, 0x0) 23:50:40 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd(0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:40 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x0) 23:50:40 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x0, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:40 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x8) 23:50:40 executing program 4: r0 = eventfd2(0x0, 0x80801) r1 = semget$private(0x0, 0x3, 0x0) semop(r1, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semop(r1, &(0x7f0000000000)=[{0x2, 0x3ff, 0x800}, {0x2, 0x1}, {0x3, 0x7, 0x1000}, {0x4, 0x4, 0x1000}, {0x2, 0x1, 0x800}], 0x5) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:40 executing program 2: r0 = socket(0x2, 0x0, 0x0) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b00000008000400080000000800"/72, @ANYRES32=0x0, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async, rerun: 32) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) (rerun: 32) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000001200)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040008000000080007000000000008000100", @ANYRES32=r2, @ANYBLOB="0400028080511e6f00629091a244ba07d2313bbdb11c8169977c1ae6a4c190f7125a512b35f2c89efe32295f1e880d0bc75d2a6f89522b47225db359312e49ce7578229633"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000400)={0xffffffffffffffff, 0xe0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0xa, &(0x7f0000000180)=[0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000200)=[{}], 0x8, 0x10, &(0x7f0000000240), &(0x7f0000000280), 0x8, 0x10, 0x8, 0x8, &(0x7f00000002c0)}}, 0x10) (async, rerun: 32) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) (async, rerun: 32) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000440)={'batadv_slave_0\x00'}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r6}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000012c0)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="040028bd7000fcdbdf250000000008000100", @ANYRES32=0x0, @ANYBLOB="4400028040000100240001006c625f686173685f0397d47bd69cc34c8893f55b2d7374617473000000000000000000050003000b000000080004000800000008000700000000000800010000000000000000000040", @ANYRES32=r7, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000004c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f00000011c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000001180)={&(0x7f0000000500)={0xc50, 0x0, 0x2, 0x70bd2c, 0x25dfdbfc, {}, [{{0x8}, {0x128, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x800}}}]}}, {{0x8}, {0x21c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xad}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xff5}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x400}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x78, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xfffffff8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}]}}, {{0x8}, {0x1d4, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x1}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}]}}, {{0x8, 0x1, r3}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x101}}}]}}, {{0x8, 0x1, r4}, {0x268, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x800}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x98}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xb13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}]}}, {{0x8}, {0x284, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r6}}}, {0x7c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x4c, 0x4, [{0x0, 0x2, 0xcc, 0x1000000}, {0x6, 0x0, 0xe5, 0x1f}, {0x1000, 0xcb, 0x1, 0x1}, {0x9, 0x1, 0x2, 0xffffffc0}, {0x3, 0x3, 0xb9, 0xffffff36}, {0xd9, 0x9, 0xfa, 0x7ff}, {0x6, 0x5b, 0x7, 0x7b7d}, {0x4, 0x4, 0xc3, 0x7}, {0x6, 0x51, 0x80, 0x8}]}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x5c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x2c, 0x4, [{0x101, 0x80, 0x81, 0x7}, {0x1ff, 0x6, 0x7, 0x1}, {0x6, 0x80, 0x2, 0x6}, {0x6, 0x7f, 0xf8, 0x20}, {0x6, 0x36, 0x81, 0xf1}]}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xd}}, {0x8, 0x6, r8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}]}, 0xc50}, 0x1, 0x0, 0x0, 0x4015}, 0x4) 23:50:40 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x8) 23:50:40 executing program 4: r0 = eventfd2(0x0, 0x80801) (async) r1 = semget$private(0x0, 0x3, 0x0) semop(r1, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async, rerun: 64) semop(r1, &(0x7f0000000000)=[{0x2, 0x3ff, 0x800}, {0x2, 0x1}, {0x3, 0x7, 0x1000}, {0x4, 0x4, 0x1000}, {0x2, 0x1, 0x800}], 0x5) (async, rerun: 64) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:40 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004) socket(0x2, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:40 executing program 4: r0 = eventfd2(0x0, 0x80801) r1 = semget$private(0x0, 0x3, 0x0) semop(r1, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semop(r1, &(0x7f0000000000)=[{0x2, 0x3ff, 0x800}, {0x2, 0x1}, {0x3, 0x7, 0x1000}, {0x4, 0x4, 0x1000}, {0x2, 0x1, 0x800}], 0x5) read$eventfd(r0, &(0x7f0000000080), 0x8) eventfd2(0x0, 0x80801) (async) semget$private(0x0, 0x3, 0x0) (async) semop(r1, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semop(r1, &(0x7f0000000000)=[{0x2, 0x3ff, 0x800}, {0x2, 0x1}, {0x3, 0x7, 0x1000}, {0x4, 0x4, 0x1000}, {0x2, 0x1, 0x800}], 0x5) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) 23:50:40 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async, rerun: 64) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004) (async, rerun: 64) socket(0x2, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:40 executing program 5: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, 0x0) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:41 executing program 3: eventfd2(0x0, 0x0) (async) r0 = eventfd(0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) 23:50:41 executing program 4: r0 = eventfd2(0x0, 0x80801) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) getsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000140)=""/224, &(0x7f0000000240)=0xe0) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) socketpair(0xf, 0x0, 0x3, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$MRT(r2, 0x0, 0xcf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r3 = semget$private(0x0, 0x3, 0x0) r4 = semget$private(0x0, 0x3, 0x0) semop(r4, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETZCNT(r4, 0x3, 0xf, &(0x7f00000002c0)=""/192) semop(r3, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETZCNT(r3, 0x2, 0xf, &(0x7f0000000280)=""/20) 23:50:41 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:50:41 executing program 5: r0 = eventfd2(0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_SWBIT(r1, 0x4004556d, 0x1) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000040)={0xb, 0x1, 0x6}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:41 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004) socket(0x2, 0x0, 0x0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, r1, 0x300, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x2}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x3ff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000004) (async) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:41 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x8) 23:50:41 executing program 4: r0 = eventfd2(0x0, 0x80801) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) getsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000140)=""/224, &(0x7f0000000240)=0xe0) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) socketpair(0xf, 0x0, 0x3, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$MRT(r2, 0x0, 0xcf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r3 = semget$private(0x0, 0x3, 0x0) r4 = semget$private(0x0, 0x3, 0x0) semop(r4, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETZCNT(r4, 0x3, 0xf, &(0x7f00000002c0)=""/192) semop(r3, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETZCNT(r3, 0x2, 0xf, &(0x7f0000000280)=""/20) eventfd2(0x0, 0x80801) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) getsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000140)=""/224, &(0x7f0000000240)=0xe0) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) socketpair(0xf, 0x0, 0x3, &(0x7f0000000040)) (async) getsockopt$MRT(r2, 0x0, 0xcf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) (async) semget$private(0x0, 0x3, 0x0) (async) semget$private(0x0, 0x3, 0x0) (async) semop(r4, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semctl$GETZCNT(r4, 0x3, 0xf, &(0x7f00000002c0)=""/192) (async) semop(r3, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semctl$GETZCNT(r3, 0x2, 0xf, &(0x7f0000000280)=""/20) (async) 23:50:41 executing program 1: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x12) 23:50:41 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000000080)=""/158, 0x9e) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000140)=0x9, 0x2) 23:50:41 executing program 2: socket(0x2, 0x0, 0x0) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) bind$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:41 executing program 4: r0 = eventfd2(0x0, 0x80801) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) getsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000140)=""/224, &(0x7f0000000240)=0xe0) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) socketpair(0xf, 0x0, 0x3, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$MRT(r2, 0x0, 0xcf, &(0x7f00000000c0), &(0x7f0000000100)=0x4) r3 = semget$private(0x0, 0x3, 0x0) (async) r4 = semget$private(0x0, 0x3, 0x0) semop(r4, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$GETZCNT(r4, 0x3, 0xf, &(0x7f00000002c0)=""/192) (async) semop(r3, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semctl$GETZCNT(r3, 0x2, 0xf, &(0x7f0000000280)=""/20) 23:50:41 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:42 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd2(0x3ff, 0x80000) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:42 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000000080)=""/158, 0x9e) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000140)=0x9, 0x2) 23:50:42 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) ioctl$UI_SET_PROPBIT(0xffffffffffffffff, 0x4004556e, 0x8) 23:50:42 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000100)=0x1, &(0x7f0000000140)=0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x7, 0x2) read$eventfd(r0, &(0x7f0000000080), 0x8) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000180)=0x9, &(0x7f00000001c0)=0x4) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000040)=0x8ec, &(0x7f00000000c0)=0x4) 23:50:42 executing program 2: socket(0x2, 0x0, 0x0) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) bind$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) bind$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:42 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000000080)=""/158, 0x9e) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000140)=0x9, 0x2) 23:50:42 executing program 3: eventfd2(0x0, 0x0) (async) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) r1 = eventfd2(0x3ff, 0x80000) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:42 executing program 1: r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x64, r1, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_MGMT_A_CV4DOI={0x8, 0x4, 0x3}, @NLBL_MGMT_A_IPV4ADDR={0x8, 0x7, @loopback}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x18}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @local}, @NLBL_MGMT_A_IPV6ADDR={0x14, 0x5, @private0}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x2a}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x61}}]}, 0x64}, 0x1, 0x0, 0x0, 0x240088c0}, 0x40040c0) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000100)=0x1, &(0x7f0000000140)=0x4) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) (async) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x7, 0x2) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000180)=0x9, &(0x7f00000001c0)=0x4) (async) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) (async) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000040)=0x8ec, &(0x7f00000000c0)=0x4) 23:50:42 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) r1 = eventfd2(0x3ff, 0x80000) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:42 executing program 2: socket(0x2, 0x0, 0x0) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) bind$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) bind$bt_sco(r0, &(0x7f00000000c0)={0x1f, @none}, 0x8) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:42 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000000080)=""/158, 0x9e) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000100)=0x1, &(0x7f0000000140)=0x4) (async) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_RCVMTU(r1, 0x112, 0xd, &(0x7f0000000000)=0x7, 0x2) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000180)=0x9, &(0x7f00000001c0)=0x4) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) (async, rerun: 64) getsockopt$bt_BT_CHANNEL_POLICY(r2, 0x112, 0xa, &(0x7f0000000040)=0x8ec, &(0x7f00000000c0)=0x4) (rerun: 64) 23:50:42 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:50:42 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, 0x0, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:50:42 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) read$msr(r0, &(0x7f0000000080)=""/158, 0x9e) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, 0xffffffffffffffff, 0xc}) 23:50:42 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000014}, 0x800) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x100, 0x8000, r0}) 23:50:42 executing program 1: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x8, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) r1 = socket(0x18, 0x0, 0xa7) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r4) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) connect$bt_sco(r1, &(0x7f0000000000), 0x8) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket(0x10, 0x2, 0x0) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r7, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r8, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r6, &(0x7f0000000400)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000380)={0x2c, r8, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xfffffefd}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004}, 0x4004000) r9 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r9, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x44, r5, 0x0, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x2}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x44}, 0x1, 0x0, 0x0, 0x480c0}, 0x80) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000300)={0xffffffffffffffff, &(0x7f00000001c0)="a3d5e3ff4c82c66d52959f71a610cff042617001b14330d120f9f616e52991a73d1f879a1ab329cc738c0025595bae489997b2ba4ff9915b850ff234a3123fbe33abd816b4b4cbdda63e5c1890331463fe49e42bd19a2eba9e487f33c35bdbf1bfc8ac91fafc29b7ebdd111aba816ad482b96014e8a0f7c5f1ffb74bd3bcf9ad5a9593f122786bd02bae131516a3b8ae13d9b2336e6481f28ebd1ac6539369e870d4d849b2ce9cb9c3ab0d19be4b54f40f813c05a91de16759c8823acbf8acc1268dcce21f6f59d4131d9c6d", &(0x7f00000002c0)=@tcp6=r10, 0x2}, 0x20) 23:50:42 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:50:42 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, 0xffffffffffffffff, 0xc}) 23:50:42 executing program 5: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000014}, 0x800) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000014}, 0x800) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x100, 0x8000, r0}) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x100, 0x8000, r0}) (async) 23:50:42 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, 0xffffffffffffffff, 0xc}) 23:50:42 executing program 5: socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x100, 0x8000, r0}) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0x100, 0x8000, r0}) (async) 23:50:42 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, 0x0, 0x10, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000014}, 0x800) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:42 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x0, 0xc9, 0x4c, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x700, 0x800, 0x200}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0], 0x0, 0x8, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000500)={'batadv0\x00', 0x0}) syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r2) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000540)={0x48c, r3, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x128, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x22c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x32a8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x48c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 23:50:42 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:42 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 5: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r1) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="03d56a0365020000000000000000000001080005001e2114bc26b4179816b3f02181a8253c53c84f840173440dc4624f0f1ec3870252108914dc92d2f70f835ea5c0ae000000000000d0d11dfa667b80a4d8047ab019510a737901a8dc2b049bb9cabd624b4bc017631ccb669fd733c02d00"], 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xc4, r2, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:devtty_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x5}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:auditd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x23, 0x7, 'system_u:object_r:adjtime_t:s0\x00'}]}, 0xc4}}, 0x8000) 23:50:42 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r2 = semget(0x2, 0x2, 0x18) semctl$GETNCNT(r2, 0x2, 0xe, &(0x7f0000000100)=""/66) accept4$bt_l2cap(r0, 0x0, &(0x7f00000000c0), 0x80800) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:42 executing program 1: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r1) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="03d56a0365020000000000000000000001080005001e2114bc26b4179816b3f02181a8253c53c84f840173440dc4624f0f1ec3870252108914dc92d2f70f835ea5c0ae000000000000d0d11dfa667b80a4d8047ab019510a737901a8dc2b049bb9cabd624b4bc017631ccb669fd733c02d00"], 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xc4, r2, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:devtty_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x5}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:auditd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x23, 0x7, 'system_u:object_r:adjtime_t:s0\x00'}]}, 0xc4}}, 0x8000) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r1) (async) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="03d56a0365020000000000000000000001080005001e2114bc26b4179816b3f02181a8253c53c84f840173440dc4624f0f1ec3870252108914dc92d2f70f835ea5c0ae000000000000d0d11dfa667b80a4d8047ab019510a737901a8dc2b049bb9cabd624b4bc017631ccb669fd733c02d00"], 0x1c}}, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xc4, r2, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:devtty_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x5}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:auditd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x23, 0x7, 'system_u:object_r:adjtime_t:s0\x00'}]}, 0xc4}}, 0x8000) (async) 23:50:42 executing program 5: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 1: socketpair(0x18, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 5: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:42 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r2 = semget(0x2, 0x2, 0x18) semctl$GETNCNT(r2, 0x2, 0xe, &(0x7f0000000100)=""/66) accept4$bt_l2cap(r0, 0x0, &(0x7f00000000c0), 0x80800) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) semget(0x2, 0x2, 0x18) (async) semctl$GETNCNT(r2, 0x2, 0xe, &(0x7f0000000100)=""/66) (async) accept4$bt_l2cap(r0, 0x0, &(0x7f00000000c0), 0x80800) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:43 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x0, 0xc9, 0x4c, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x700, 0x800, 0x200}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0], 0x0, 0x8, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000500)={'batadv0\x00', 0x0}) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r2) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000540)={0x48c, r3, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x128, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x22c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x32a8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x48c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 23:50:43 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r6, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) 23:50:43 executing program 1: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:43 executing program 5: socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) 23:50:43 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f00000000c0), r1) (async) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) (async) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="03d56a0365020000000000000000000001080005001e2114bc26b4179816b3f02181a8253c53c84f840173440dc4624f0f1ec3870252108914dc92d2f70f835ea5c0ae000000000000d0d11dfa667b80a4d8047ab019510a737901a8dc2b049bb9cabd624b4bc017631ccb669fd733c02d00"], 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000000340)={0xc4, r2, 0x10, 0x70bd29, 0x25dfdbfc, {}, [@NLBL_UNLABEL_A_SECCTX={0x22, 0x7, 'system_u:object_r:devtty_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @multicast2}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private2={0xfc, 0x2, '\x00', 0x5}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @mcast1}, @NLBL_UNLABEL_A_SECCTX={0x2a, 0x7, 'system_u:object_r:auditd_var_run_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x23, 0x7, 'system_u:object_r:adjtime_t:s0\x00'}]}, 0xc4}}, 0x8000) 23:50:43 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000000)={'batadv_slave_1\x00'}) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r2 = semget(0x2, 0x2, 0x18) semctl$GETNCNT(r2, 0x2, 0xe, &(0x7f0000000100)=""/66) (async) accept4$bt_l2cap(r0, 0x0, &(0x7f00000000c0), 0x80800) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:43 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:50:43 executing program 2: ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x7d) socket(0x2, 0x0, 0x0) socket(0x1, 0x0, 0x401) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x5, 0x3, 0x1f, 0x3, 0x9, 0x4, 0x3, 0x2]) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xdf, 0x1000}, &(0x7f00000000c0)={'enc=', 'oaep', ' hash=', {'blake2s-224\x00'}}, &(0x7f0000000140)="0c40268ab3c86f865c4b1cc594dd8504ae5b800a031f216d92c784fa94ad00042b65d55a9a637a4a7ba071b56ca4e4ec2934bc95138c1ba4e60060865ac49191069af6f27ceba56ebcdbf89a15ac6e99de51496b4034aaa7baab79176b9c75e72b365510f67a0694d972edaa66efc80bf894089f2d75dc7090aa526e697bc9057fcb4094858fd8c88723e71be7220163ec96b8fc3d4c1b9f149d7622e9ca2026d87aa16d406ed621d2640d6c2f653b5d168e5a7fa805ba1f3a9ba78d8a49f0983ffe8d90dc351aeeea1cb024a9c9d32bf015746f8f11143bcf8bbc30a41e61", &(0x7f0000000240)=""/4096) 23:50:43 executing program 1: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:43 executing program 5: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:43 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:50:43 executing program 1: socketpair(0x0, 0xa, 0x2, &(0x7f0000000000)) 23:50:44 executing program 2: ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x7d) socket(0x2, 0x0, 0x0) (async) socket(0x1, 0x0, 0x401) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x5, 0x3, 0x1f, 0x3, 0x9, 0x4, 0x3, 0x2]) (async, rerun: 64) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xdf, 0x1000}, &(0x7f00000000c0)={'enc=', 'oaep', ' hash=', {'blake2s-224\x00'}}, &(0x7f0000000140)="0c40268ab3c86f865c4b1cc594dd8504ae5b800a031f216d92c784fa94ad00042b65d55a9a637a4a7ba071b56ca4e4ec2934bc95138c1ba4e60060865ac49191069af6f27ceba56ebcdbf89a15ac6e99de51496b4034aaa7baab79176b9c75e72b365510f67a0694d972edaa66efc80bf894089f2d75dc7090aa526e697bc9057fcb4094858fd8c88723e71be7220163ec96b8fc3d4c1b9f149d7622e9ca2026d87aa16d406ed621d2640d6c2f653b5d168e5a7fa805ba1f3a9ba78d8a49f0983ffe8d90dc351aeeea1cb024a9c9d32bf015746f8f11143bcf8bbc30a41e61", &(0x7f0000000240)=""/4096) (rerun: 64) 23:50:44 executing program 5: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:44 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:44 executing program 1: socketpair(0x18, 0x0, 0x2, &(0x7f0000000000)) 23:50:44 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) connect$bt_sco(r1, &(0x7f0000000000)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}}, 0x8) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) r3 = syz_genetlink_get_family_id$team(&(0x7f00000000c0), 0xffffffffffffffff) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x0, 0xc9, 0x4c, @loopback, @private1={0xfc, 0x1, '\x00', 0x1}, 0x40, 0x700, 0x800, 0x200}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r7}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xe0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0], 0x0, 0x8, &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000300), &(0x7f0000000340), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000380)}}, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000500)={'batadv0\x00', 0x0}) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000a80), r2) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_NOOP(r2, &(0x7f0000000a40)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000a00)={&(0x7f0000000540)={0x48c, r3, 0x400, 0x70bd29, 0x25dfdbfb, {}, [{{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7f}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x128, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x84, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x22c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x32a8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x80000000}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x48c}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 23:50:44 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={0xffffffffffffffff, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x9, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:50:44 executing program 2: ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x7d) socket(0x2, 0x0, 0x0) socket(0x1, 0x0, 0x401) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x5, 0x3, 0x1f, 0x3, 0x9, 0x4, 0x3, 0x2]) (async) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xdf, 0x1000}, &(0x7f00000000c0)={'enc=', 'oaep', ' hash=', {'blake2s-224\x00'}}, &(0x7f0000000140)="0c40268ab3c86f865c4b1cc594dd8504ae5b800a031f216d92c784fa94ad00042b65d55a9a637a4a7ba071b56ca4e4ec2934bc95138c1ba4e60060865ac49191069af6f27ceba56ebcdbf89a15ac6e99de51496b4034aaa7baab79176b9c75e72b365510f67a0694d972edaa66efc80bf894089f2d75dc7090aa526e697bc9057fcb4094858fd8c88723e71be7220163ec96b8fc3d4c1b9f149d7622e9ca2026d87aa16d406ed621d2640d6c2f653b5d168e5a7fa805ba1f3a9ba78d8a49f0983ffe8d90dc351aeeea1cb024a9c9d32bf015746f8f11143bcf8bbc30a41e61", &(0x7f0000000240)=""/4096) 23:50:44 executing program 5: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:44 executing program 1: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:44 executing program 4: r0 = semget$private(0x0, 0x3, 0x0) semctl$SETVAL(r0, 0x1, 0x10, &(0x7f0000000000)=0x10000) semop(r0, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000000)) r1 = eventfd2(0x0, 0x80801) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:44 executing program 5: socketpair(0x18, 0x0, 0x2, 0x0) 23:50:44 executing program 1: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:44 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:44 executing program 4: r0 = semget$private(0x0, 0x3, 0x0) semctl$SETVAL(r0, 0x1, 0x10, &(0x7f0000000000)=0x10000) semop(r0, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000000)) r1 = eventfd2(0x0, 0x80801) read$eventfd(r1, &(0x7f0000000080), 0x8) semget$private(0x0, 0x3, 0x0) (async) semctl$SETVAL(r0, 0x1, 0x10, &(0x7f0000000000)=0x10000) (async) semop(r0, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000000)) (async) eventfd2(0x0, 0x80801) (async) read$eventfd(r1, &(0x7f0000000080), 0x8) (async) 23:50:44 executing program 2: semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000300)=""/4096) r0 = socket(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffffb}, @BATADV_ATTR_VLANID={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}}, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6ddd}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x44008) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x24, r6, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24004000) setsockopt$inet6_dccp_int(r5, 0x21, 0x3, &(0x7f00000001c0)=0x5, 0x4) 23:50:44 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) [ 1821.804927] Bluetooth: hci5 command 0x0405 tx timeout 23:50:45 executing program 4: r0 = semget$private(0x0, 0x3, 0x0) semctl$SETVAL(r0, 0x1, 0x10, &(0x7f0000000000)=0x10000) (async) semop(r0, &(0x7f0000003580)=[{0x2, 0x5}, {0x0, 0x0, 0x1800}], 0x2) (async) semctl$IPC_INFO(r0, 0x0, 0x3, &(0x7f0000000000)) (async) r1 = eventfd2(0x0, 0x80801) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x9b1b, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x36}, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:45 executing program 1: socketpair(0x18, 0x0, 0x0, &(0x7f0000000000)) 23:50:45 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:45 executing program 2: semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000300)=""/4096) r0 = socket(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffffb}, @BATADV_ATTR_VLANID={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}}, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6ddd}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x44008) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x24, r6, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24004000) setsockopt$inet6_dccp_int(r5, 0x21, 0x3, &(0x7f00000001c0)=0x5, 0x4) semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000300)=""/4096) (async) socket(0x2, 0x0, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) (async) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffffb}, @BATADV_ATTR_VLANID={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}}, 0x0) (async) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6ddd}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x44008) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) socket$inet6_dccp(0xa, 0x6, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r0) (async) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x24, r6, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24004000) (async) setsockopt$inet6_dccp_int(r5, 0x21, 0x3, &(0x7f00000001c0)=0x5, 0x4) (async) 23:50:45 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:45 executing program 1: socketpair(0x18, 0x0, 0x2, 0x0) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x9b1b, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x36}, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x9b1b, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x36}, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:45 executing program 4: eventfd2(0x0, 0x80801) eventfd2(0x50d, 0x1) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x4) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:45 executing program 2: semctl$GETALL(0x0, 0x0, 0xd, &(0x7f0000000300)=""/4096) (async) r0 = socket(0x2, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r1, &(0x7f0000000180)={&(0x7f0000000000), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x3c, r2, 0x20, 0x70bd2a, 0x25dfdbfb, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xfffffffb}, @BATADV_ATTR_VLANID={0x6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4040}, 0x20000000) r3 = socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)={0x34, r4, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x34}}, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x1, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0xffff}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x6ddd}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x5}, 0x44008) (async, rerun: 64) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (rerun: 64) r5 = socket$inet6_dccp(0xa, 0x6, 0x0) (async, rerun: 64) r6 = syz_genetlink_get_family_id$batadv(&(0x7f0000001340), r0) (rerun: 64) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000001400)={&(0x7f0000001300)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000013c0)={&(0x7f0000001380)={0x24, r6, 0x8, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x2}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x24004000) (async) setsockopt$inet6_dccp_int(r5, 0x21, 0x3, &(0x7f00000001c0)=0x5, 0x4) 23:50:45 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:45 executing program 4: eventfd2(0x0, 0x80801) eventfd2(0x50d, 0x1) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async, rerun: 32) r1 = eventfd(0x4) (rerun: 32) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:45 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:45 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x0, 0x9b1b, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x36}, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:45 executing program 4: eventfd2(0x0, 0x80801) eventfd2(0x50d, 0x1) (async, rerun: 32) r0 = eventfd(0x0) (rerun: 32) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x4) read$eventfd(r1, &(0x7f0000000080), 0x8) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x7435, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, 0x1, 0x80, 0x1, 0x8001}}) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000000)=0xffff, 0xffffffffffffff02) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0xe, 0x0) 23:50:45 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:45 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:45 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x7435, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, 0x1, 0x80, 0x1, 0x8001}}) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x1) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) (async) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000000)=0xffff, 0xffffffffffffff02) (async) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0xe, 0x0) 23:50:45 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/97, &(0x7f0000000000)=0x61) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:45 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd(0x2) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0xf582, 0x8, r2}) 23:50:45 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd(0x2) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0xf582, 0x8, r2}) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) eventfd(0x2) (async) eventfd(0x0) (async) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0xf582, 0x8, r2}) (async) 23:50:45 executing program 3: r0 = eventfd2(0x0, 0x0) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'ip6_vti0\x00', 0x0, 0x2f, 0x8, 0x1f, 0x7435, 0x4, @private1={0xfc, 0x1, '\x00', 0x1}, @empty, 0x1, 0x80, 0x1, 0x8001}}) sendmsg$BATADV_CMD_GET_VLAN(r1, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x4c, 0x0, 0x20, 0x70bd28, 0x25dfdbff, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r2}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20000010}, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_SNDMTU(r3, 0x112, 0xc, &(0x7f0000000000)=0xffff, 0xffffffffffffff02) (async) accept4$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040), &(0x7f00000000c0)=0xe, 0x0) 23:50:45 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/97, &(0x7f0000000000)=0x61) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/97, &(0x7f0000000000)=0x61) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:45 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:45 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:50:46 executing program 3: eventfd2(0x1, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f00000000c0)="b69da186de8b75836c6567885a6dc5843ea6c5a2c4fb21f48533d059f64e2d67dadeb3c5b4c95983fcdea594094984ab07631a8baab808caa1f88fe1292d4c6c31a495b106446d796e00c67653560b83b658ce08f0c955dfac7d3c25a8a013bbdecb17bab1fbd63defc003f49c127bb64b6dfc7f969b55d2c9ce3b821af5f8d14d654903ac56adcef622afca2cb9dfdbecb330cac7c0580dd458fedb61765722568df58ba47e159a8cfe9aa4ee62aba06b7764860a36a4098148494e92f6cead2c54f04fb088722bd202605bc912cd8c5063c0ffbf13df03d0f4b7daf7cda124b2ae0056ac87", 0xe6) eventfd(0x2) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = eventfd(0xfffffffd) read$eventfd(r2, &(0x7f0000000040), 0x8) 23:50:46 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 4: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = eventfd(0x2) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0xf582, 0x8, r2}) eventfd2(0x0, 0x80801) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) eventfd(0x2) (async) eventfd(0x0) (async) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r1, 0xf582, 0x8, r2}) (async) 23:50:46 executing program 4: eventfd2(0x0, 0x80801) r0 = eventfd(0x0) eventfd2(0x200, 0x0) write$eventfd(r0, &(0x7f0000000000)=0x400000000000, 0x8) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:46 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/97, &(0x7f0000000000)=0x61) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:46 executing program 4: eventfd2(0x0, 0x80801) r0 = eventfd(0x0) eventfd2(0x200, 0x0) (async, rerun: 32) write$eventfd(r0, &(0x7f0000000000)=0x400000000000, 0x8) (rerun: 32) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:46 executing program 3: eventfd2(0x1, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f00000000c0)="b69da186de8b75836c6567885a6dc5843ea6c5a2c4fb21f48533d059f64e2d67dadeb3c5b4c95983fcdea594094984ab07631a8baab808caa1f88fe1292d4c6c31a495b106446d796e00c67653560b83b658ce08f0c955dfac7d3c25a8a013bbdecb17bab1fbd63defc003f49c127bb64b6dfc7f969b55d2c9ce3b821af5f8d14d654903ac56adcef622afca2cb9dfdbecb330cac7c0580dd458fedb61765722568df58ba47e159a8cfe9aa4ee62aba06b7764860a36a4098148494e92f6cead2c54f04fb088722bd202605bc912cd8c5063c0ffbf13df03d0f4b7daf7cda124b2ae0056ac87", 0xe6) eventfd(0x2) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = eventfd(0xfffffffd) read$eventfd(r2, &(0x7f0000000040), 0x8) eventfd2(0x1, 0x0) (async) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f00000000c0)="b69da186de8b75836c6567885a6dc5843ea6c5a2c4fb21f48533d059f64e2d67dadeb3c5b4c95983fcdea594094984ab07631a8baab808caa1f88fe1292d4c6c31a495b106446d796e00c67653560b83b658ce08f0c955dfac7d3c25a8a013bbdecb17bab1fbd63defc003f49c127bb64b6dfc7f969b55d2c9ce3b821af5f8d14d654903ac56adcef622afca2cb9dfdbecb330cac7c0580dd458fedb61765722568df58ba47e159a8cfe9aa4ee62aba06b7764860a36a4098148494e92f6cead2c54f04fb088722bd202605bc912cd8c5063c0ffbf13df03d0f4b7daf7cda124b2ae0056ac87", 0xe6) (async) eventfd(0x2) (async) eventfd(0x0) (async) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) eventfd(0x0) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) eventfd(0xfffffffd) (async) read$eventfd(r2, &(0x7f0000000040), 0x8) (async) 23:50:46 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:46 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:46 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0xc6b, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:46 executing program 4: eventfd2(0x0, 0x80801) r0 = eventfd(0x0) eventfd2(0x200, 0x0) (async) write$eventfd(r0, &(0x7f0000000000)=0x400000000000, 0x8) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:46 executing program 3: eventfd2(0x1, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0x1a, &(0x7f00000000c0)="b69da186de8b75836c6567885a6dc5843ea6c5a2c4fb21f48533d059f64e2d67dadeb3c5b4c95983fcdea594094984ab07631a8baab808caa1f88fe1292d4c6c31a495b106446d796e00c67653560b83b658ce08f0c955dfac7d3c25a8a013bbdecb17bab1fbd63defc003f49c127bb64b6dfc7f969b55d2c9ce3b821af5f8d14d654903ac56adcef622afca2cb9dfdbecb330cac7c0580dd458fedb61765722568df58ba47e159a8cfe9aa4ee62aba06b7764860a36a4098148494e92f6cead2c54f04fb088722bd202605bc912cd8c5063c0ffbf13df03d0f4b7daf7cda124b2ae0056ac87", 0xe6) (async) eventfd(0x2) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) (async, rerun: 32) r2 = eventfd(0xfffffffd) (rerun: 32) read$eventfd(r2, &(0x7f0000000040), 0x8) 23:50:46 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:46 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:46 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0xc6b, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0xc6b, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:46 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 3: r0 = socket(0x18, 0x0, 0xa7) r1 = accept4$bt_l2cap(r0, 0x0, &(0x7f0000000100), 0x80000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000040)={@empty, @rand_addr=0x64010100, 0x1, "ad6bf43c88abc2355b0ffbb8a8590115045885b5bdb33e79c78ff6cd9a49c3ff", 0x8, 0x4, 0x6}, 0x3c) eventfd2(0x0, 0x0) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f00000000c0)={@loopback, @loopback}) read$eventfd(r2, &(0x7f0000000080), 0x8) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x7fff, 0x4) 23:50:46 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0xc6b, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:46 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:46 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:46 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e21, 0x4, @remote, 0x4}}, 0x0, 0x0, 0x21, 0x0, "386a332a86b4b96a1930ceaf45078b8bc0a2822917628bc1c26f07e769daf8eac0159155ab7f61dc21c40a15fadc94068ffdce8a465a0c8283acd8ef6bcd21d7837ad2c75720ac4562fcf30f1c9ce311"}, 0xd8) 23:50:46 executing program 2: r0 = socket(0x2, 0x0, 0x0) (async, rerun: 32) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (rerun: 32) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e21, 0x4, @remote, 0x4}}, 0x0, 0x0, 0x21, 0x0, "386a332a86b4b96a1930ceaf45078b8bc0a2822917628bc1c26f07e769daf8eac0159155ab7f61dc21c40a15fadc94068ffdce8a465a0c8283acd8ef6bcd21d7837ad2c75720ac4562fcf30f1c9ce311"}, 0xd8) 23:50:46 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:46 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:50:46 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:47 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) eventfd(0x7fffffff) 23:50:47 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:47 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:47 executing program 3: r0 = socket(0x18, 0x0, 0xa7) r1 = accept4$bt_l2cap(r0, 0x0, &(0x7f0000000100), 0x80000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000040)={@empty, @rand_addr=0x64010100, 0x1, "ad6bf43c88abc2355b0ffbb8a8590115045885b5bdb33e79c78ff6cd9a49c3ff", 0x8, 0x4, 0x6}, 0x3c) eventfd2(0x0, 0x0) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f00000000c0)={@loopback, @loopback}) (async) read$eventfd(r2, &(0x7f0000000080), 0x8) (async) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x7fff, 0x4) 23:50:47 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:47 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000001c0)={@in6={{0xa, 0x4e21, 0x4, @remote, 0x4}}, 0x0, 0x0, 0x21, 0x0, "386a332a86b4b96a1930ceaf45078b8bc0a2822917628bc1c26f07e769daf8eac0159155ab7f61dc21c40a15fadc94068ffdce8a465a0c8283acd8ef6bcd21d7837ad2c75720ac4562fcf30f1c9ce311"}, 0xd8) 23:50:47 executing program 3: r0 = socket(0x18, 0x0, 0xa7) r1 = accept4$bt_l2cap(r0, 0x0, &(0x7f0000000100), 0x80000) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000140)={'batadv_slave_0\x00'}) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000040)={@empty, @rand_addr=0x64010100, 0x1, "ad6bf43c88abc2355b0ffbb8a8590115045885b5bdb33e79c78ff6cd9a49c3ff", 0x8, 0x4, 0x6}, 0x3c) (async) eventfd2(0x0, 0x0) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$SIOCGETSGCNT_IN6(r0, 0x89e1, &(0x7f00000000c0)={@loopback, @loopback}) (async) read$eventfd(r2, &(0x7f0000000080), 0x8) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000000)=0x7fff, 0x4) 23:50:47 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) 23:50:47 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) 23:50:47 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:47 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:47 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:47 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) eventfd(0x7fffffff) 23:50:47 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_GET_VERSION(r1, 0x8004552d, &(0x7f00000000c0)) 23:50:47 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x4001, 0x6, 0x1, 0x0, 0x5, 0xffffffff, 0x0, 0xa923]) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 23:50:47 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) eventfd(0x7fffffff) 23:50:47 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:47 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) eventfd(0x7fffffff) 23:50:48 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd(0xaa) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x1, 0x3, 0xfb9df2860a73e683, @remote, @private1, 0x1, 0x1, 0x6, 0xff}}) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280)={0x4}, 0x2) getresgid(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)) setfsgid(r1) eventfd2(0x3f, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000140)={{0xdf, 0x0, 0x8, 0x6c1}, 'syz0\x00', 0x5}) 23:50:48 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x4001, 0x6, 0x1, 0x0, 0x5, 0xffffffff, 0x0, 0xa923]) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 23:50:48 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:48 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:48 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x3, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000000)=[0x4001, 0x6, 0x1, 0x0, 0x5, 0xffffffff, 0x0, 0xa923]) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 23:50:48 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd(0xaa) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x1, 0x3, 0xfb9df2860a73e683, @remote, @private1, 0x1, 0x1, 0x6, 0xff}}) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280)={0x4}, 0x2) getresgid(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)) setfsgid(r1) eventfd2(0x3f, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000140)={{0xdf, 0x0, 0x8, 0x6c1}, 'syz0\x00', 0x5}) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) eventfd(0xaa) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x1, 0x3, 0xfb9df2860a73e683, @remote, @private1, 0x1, 0x1, 0x6, 0xff}}) (async) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280)={0x4}, 0x2) (async) getresgid(&(0x7f00000001c0), &(0x7f0000000200), &(0x7f0000000240)) (async) setfsgid(r1) (async) eventfd2(0x3f, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) (async) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000140)={{0xdf, 0x0, 0x8, 0x6c1}, 'syz0\x00', 0x5}) (async) 23:50:48 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) eventfd(0xaa) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'ip6gre0\x00', 0x0, 0x4, 0x8, 0x1, 0x3, 0xfb9df2860a73e683, @remote, @private1, 0x1, 0x1, 0x6, 0xff}}) (async) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f0000000280)={0x4}, 0x2) (async) getresgid(&(0x7f00000001c0), &(0x7f0000000200)=0x0, &(0x7f0000000240)) setfsgid(r1) (async) eventfd2(0x3f, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000140)={{0xdf, 0x0, 0x8, 0x6c1}, 'syz0\x00', 0x5}) 23:50:48 executing program 2: socket(0x2, 0x0, 0x0) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, "3c56bc7ec6da2814657b718a29ce32815a95f5bf911735f9fb9e08810610471b", 0x33ddf89e, 0x3, 0x100, 0x751}, 0x3c) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000000c0)=0x8001, 0x2) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:48 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:48 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:48 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, "3c56bc7ec6da2814657b718a29ce32815a95f5bf911735f9fb9e08810610471b", 0x33ddf89e, 0x3, 0x100, 0x751}, 0x3c) (async) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000000c0)=0x8001, 0x2) (async) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x194, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004441}, 0x20008004) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:48 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:48 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:48 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async, rerun: 64) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@multicast1, @dev={0xac, 0x14, 0x14, 0x18}, 0x0, "3c56bc7ec6da2814657b718a29ce32815a95f5bf911735f9fb9e08810610471b", 0x33ddf89e, 0x3, 0x100, 0x751}, 0x3c) (async, rerun: 64) setsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f00000000c0)=0x8001, 0x2) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x194, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004441}, 0x20008004) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)) (async) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x194, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004441}, 0x20008004) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:48 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:48 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x194, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004441}, 0x20008004) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) socket$nl_generic(0x10, 0x3, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000001c0)) (async) sendmsg$TEAM_CMD_PORT_LIST_GET(r0, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)={0x194, 0x0, 0x2, 0x70bd2a, 0x25dfdbff, {}, [{{0x8}, {0x178, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x12}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r1}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}]}, 0x194}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async) sendmsg$BATADV_CMD_GET_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)={0x48, r3, 0x400, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5}]}, 0x48}, 0x1, 0x0, 0x0, 0x4004441}, 0x20008004) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r4, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:48 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:48 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:48 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:48 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000), 0x2) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x3ff, 0xfffffff6, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7]) 23:50:49 executing program 3: r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r0) request_key(&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)='fscrypt:', r0) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) r2 = socket(0x2, 0x1, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @auto=[0x35, 0x37, 0x64, 0x64, 0x37, 0x37, 0x32, 0x35, 0x38, 0x38, 0x62, 0x30, 0x65, 0x36, 0x64, 0x63]}, &(0x7f00000001c0)={0x0, "b0f5c678841afb24c56b403c781afec8a3af827187b9dfa2f40c7f35e992334d381ff7354fe1bc281b9c9689fa036c4ab2cb7b49040395ab4aaa10f559f76753", 0x39}, 0x48, r0) bind$bt_sco(r2, 0x0, 0x0) r3 = eventfd(0x7fff) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) write$eventfd(r3, &(0x7f0000000000)=0x6e, 0x8) 23:50:49 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000), 0x2) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x3ff, 0xfffffff6, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7]) socket(0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100), 0x4) (async) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) (async) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000), 0x2) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x3ff, 0xfffffff6, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7]) (async) 23:50:49 executing program 3: r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r0) request_key(&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)='fscrypt:', r0) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) r2 = socket(0x2, 0x1, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @auto=[0x35, 0x37, 0x64, 0x64, 0x37, 0x37, 0x32, 0x35, 0x38, 0x38, 0x62, 0x30, 0x65, 0x36, 0x64, 0x63]}, &(0x7f00000001c0)={0x0, "b0f5c678841afb24c56b403c781afec8a3af827187b9dfa2f40c7f35e992334d381ff7354fe1bc281b9c9689fa036c4ab2cb7b49040395ab4aaa10f559f76753", 0x39}, 0x48, r0) bind$bt_sco(r2, 0x0, 0x0) r3 = eventfd(0x7fff) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) write$eventfd(r3, &(0x7f0000000000)=0x6e, 0x8) add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) (async) keyctl$unlink(0x9, r0, r0) (async) request_key(&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)='fscrypt:', r0) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) (async) socket(0x2, 0x1, 0x0) (async) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @auto=[0x35, 0x37, 0x64, 0x64, 0x37, 0x37, 0x32, 0x35, 0x38, 0x38, 0x62, 0x30, 0x65, 0x36, 0x64, 0x63]}, &(0x7f00000001c0)={0x0, "b0f5c678841afb24c56b403c781afec8a3af827187b9dfa2f40c7f35e992334d381ff7354fe1bc281b9c9689fa036c4ab2cb7b49040395ab4aaa10f559f76753", 0x39}, 0x48, r0) (async) bind$bt_sco(r2, 0x0, 0x0) (async) eventfd(0x7fff) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) (async) write$eventfd(r3, &(0x7f0000000000)=0x6e, 0x8) (async) 23:50:49 executing program 3: r0 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$unlink(0x9, r0, r0) request_key(&(0x7f0000000240)='syzkaller\x00', &(0x7f0000000280)={'syz', 0x0}, &(0x7f00000002c0)='fscrypt:', r0) (async) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) (async) r2 = socket(0x2, 0x1, 0x0) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f00000000c0)={'fscrypt:', @auto=[0x35, 0x37, 0x64, 0x64, 0x37, 0x37, 0x32, 0x35, 0x38, 0x38, 0x62, 0x30, 0x65, 0x36, 0x64, 0x63]}, &(0x7f00000001c0)={0x0, "b0f5c678841afb24c56b403c781afec8a3af827187b9dfa2f40c7f35e992334d381ff7354fe1bc281b9c9689fa036c4ab2cb7b49040395ab4aaa10f559f76753", 0x39}, 0x48, r0) bind$bt_sco(r2, 0x0, 0x0) r3 = eventfd(0x7fff) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000100)={0x2, r3}) (async) write$eventfd(r3, &(0x7f0000000000)=0x6e, 0x8) 23:50:49 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100), 0x4) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000), 0x2) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x3ff, 0xfffffff6, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7]) socket(0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) (async) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000100), 0x4) (async) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='scalable\x00', 0x9) (async) getsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000000), 0x2) (async) getresgid(&(0x7f0000000140), &(0x7f0000000180), &(0x7f00000001c0)) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x3ff, 0xfffffff6, 0x1, 0x8, 0x0, 0x1, 0x3, 0x7]) (async) 23:50:49 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:49 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:49 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:49 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:49 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:49 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:49 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:49 executing program 3: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_DEV_CREATE(r0, 0x5501) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_DEV_CREATE(r0, 0x5501) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:49 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:49 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) 23:50:49 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 3: eventfd2(0x9, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) socket$inet6_tcp(0xa, 0x1, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xd, 0x4, 0xffffffff}) 23:50:49 executing program 2: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) socket(0x2, 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:50:49 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r4) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:49 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:49 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:49 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 2: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:50:49 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r1, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:49 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:49 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:49 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:50 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:50 executing program 2: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) socket(0x2, 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) 23:50:50 executing program 3: eventfd2(0x9, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) socket$inet6_tcp(0xa, 0x1, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xd, 0x4, 0xffffffff}) eventfd2(0x9, 0x0) (async) eventfd(0x0) (async) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) (async) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xd, 0x4, 0xffffffff}) (async) 23:50:50 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:50 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:50 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:50 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:50 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x2000, &(0x7f00000000c0)=0x2) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:50 executing program 4: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:50 executing program 3: eventfd2(0x9, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async, rerun: 32) socket$inet6_tcp(0xa, 0x1, 0x0) (async, rerun: 32) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) ioctl$UI_END_FF_ERASE(r1, 0x400c55cb, &(0x7f0000000040)={0xd, 0x4, 0xffffffff}) 23:50:50 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:50 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:50 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:50 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x2000, &(0x7f00000000c0)=0x2) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:50 executing program 4: socket(0x2, 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:50 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SNDMTU(r1, 0x112, 0xc, &(0x7f0000000000)=0x2000, &(0x7f00000000c0)=0x2) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:50 executing program 4: socket(0x2, 0x0, 0x0) r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:50 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:50 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:50 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:50 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000000)={@multicast2, @loopback}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8010) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:51 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x3e) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:51 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:51 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000000)={@multicast2, @loopback}) (async) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8010) (async) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:51 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:51 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:51 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:51 executing program 4: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:51 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x3e) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) (async) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x3e) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:51 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000000)={@multicast2, @loopback}) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8010) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) ioctl$SIOCGETSGCNT(r0, 0x89e1, &(0x7f0000000000)={@multicast2, @loopback}) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r1, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x5c, 0x0, 0x300, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x8010) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:51 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_KEYBIT(r1, 0x40045565, 0x3e) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:51 executing program 4: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:51 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:51 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:51 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:51 executing program 4: socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(0xffffffffffffffff, 0x0, 0xcc, &(0x7f0000000000)={@private=0xa010100, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:51 executing program 3: eventfd2(0xfffffffc, 0x80800) 23:50:51 executing program 2: socket(0x2, 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x21, 0xfffffff8, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0xa923]) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x80501) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 23:50:51 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, 0x0, 0x0) 23:50:51 executing program 3: eventfd2(0xfffffffc, 0x80800) 23:50:51 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:51 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:51 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:51 executing program 2: socket(0x2, 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x21, 0xfffffff8, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0xa923]) (async) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x80501) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 23:50:51 executing program 3: eventfd2(0xfffffffc, 0x80800) eventfd2(0xfffffffc, 0x80800) (async) 23:50:51 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, 0x0, 0x0) 23:50:51 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000000)={0xf, 0x100, 0x6}) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:50:51 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:51 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, 0x0, 0x0) 23:50:51 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:51 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:51 executing program 2: socket(0x2, 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x21, 0xfffffff8, 0x1, 0xffffffff, 0x0, 0x0, 0x0, 0xa923]) r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x80501) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0]}) 23:50:52 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x49b1, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:52 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/132, &(0x7f0000000000)=0x84) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:52 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x0, 0x8, 0xc157, 0x1ff}, 0x3c) 23:50:52 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:52 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:52 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:52 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000000)={0xf, 0x100, 0x6}) (async) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:50:52 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x0, 0x0, 0xc157, 0x1ff}, 0x3c) 23:50:52 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:52 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:52 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:52 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/132, &(0x7f0000000000)=0x84) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/132, &(0x7f0000000000)=0x84) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:52 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:52 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9", 0x0, 0x0, 0x0, 0x1ff}, 0x3c) 23:50:52 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_CONNINFO(r0, 0x11, 0x2, &(0x7f00000000c0)=""/132, &(0x7f0000000000)=0x84) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:52 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:52 executing program 4: r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_MFC(r0, 0x0, 0xcc, &(0x7f0000000000)={@private, @multicast1, 0x0, "79acbcee188fc79ef6dadf119bcab3c260f695b13e59e3c4212bd512a144d8e9"}, 0x3c) 23:50:52 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:53 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000000)={0xf, 0x100, 0x6}) (async) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:50:53 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:53 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:53 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$inet6_dccp_buf(r0, 0x21, 0x0, &(0x7f00000000c0)=""/174, &(0x7f0000000000)=0xae) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:53 executing program 1: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:53 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:53 executing program 1: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:53 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:53 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:53 executing program 1: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:53 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$inet6_dccp_buf(r0, 0x21, 0x0, &(0x7f00000000c0)=""/174, &(0x7f0000000000)=0xae) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) getsockopt$inet6_dccp_buf(r0, 0x21, 0x0, &(0x7f00000000c0)=""/174, &(0x7f0000000000)=0xae) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:53 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:54 executing program 3: setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e21, 0x6, @private0, 0x23}}, 0x0, 0x0, 0x2, 0x0, "559d9296155c2e1eb5550708d88b260ec083891875e9e5dd85d8bfe3715c97fcac5b5271695f7a8870f6ce4b94d702da4d548def4e78f71cdfbc1eddef36d8acef0072ce3e1ad806c7fc14cb9864f910"}, 0xd8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:54 executing program 5: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 2: r0 = socket(0x2, 0x0, 0x0) getsockopt$inet6_dccp_buf(r0, 0x21, 0x0, &(0x7f00000000c0)=""/174, &(0x7f0000000000)=0xae) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:54 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:54 executing program 3: setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e21, 0x6, @private0, 0x23}}, 0x0, 0x0, 0x2, 0x0, "559d9296155c2e1eb5550708d88b260ec083891875e9e5dd85d8bfe3715c97fcac5b5271695f7a8870f6ce4b94d702da4d548def4e78f71cdfbc1eddef36d8acef0072ce3e1ad806c7fc14cb9864f910"}, 0xd8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e21, 0x6, @private0, 0x23}}, 0x0, 0x0, 0x2, 0x0, "559d9296155c2e1eb5550708d88b260ec083891875e9e5dd85d8bfe3715c97fcac5b5271695f7a8870f6ce4b94d702da4d548def4e78f71cdfbc1eddef36d8acef0072ce3e1ad806c7fc14cb9864f910"}, 0xd8) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:54 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) 23:50:54 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 3: setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f00000000c0)={@in6={{0xa, 0x4e21, 0x6, @private0, 0x23}}, 0x0, 0x0, 0x2, 0x0, "559d9296155c2e1eb5550708d88b260ec083891875e9e5dd85d8bfe3715c97fcac5b5271695f7a8870f6ce4b94d702da4d548def4e78f71cdfbc1eddef36d8acef0072ce3e1ad806c7fc14cb9864f910"}, 0xd8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:54 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) 23:50:54 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:54 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:54 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1}) 23:50:54 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:54 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:54 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) 23:50:55 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1}) read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1}) (async) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:55 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 3: read$eventfd(0xffffffffffffffff, &(0x7f0000000080), 0xfffffffffffffedb) (async, rerun: 32) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1}) (rerun: 32) 23:50:55 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) (async) 23:50:55 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, 0x0) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x0, 0x10000, r0}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, 0x0) 23:50:55 executing program 2: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) (async) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x0, 0x10000, r0}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x0, 0x10000, r0}) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000000)={r0, 0x0, 0x10000, r0}) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_PIM(r1, 0x0, 0xcf, &(0x7f0000000000)=0x2, 0x4) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) socketpair(0x9, 0x5, 0x3, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$bt_l2cap(r1, 0x0, &(0x7f0000000040), 0x80000) 23:50:55 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, 0x0) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) socketpair(0x9, 0x5, 0x3, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$bt_l2cap(r1, 0x0, &(0x7f0000000040), 0x80000) 23:50:55 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_PIM(r1, 0x0, 0xcf, &(0x7f0000000000)=0x2, 0x4) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) socket$igmp(0x2, 0x3, 0x2) (async) setsockopt$MRT_PIM(r1, 0x0, 0xcf, &(0x7f0000000000)=0x2, 0x4) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) socketpair(0x9, 0x5, 0x3, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) accept4$bt_l2cap(r1, 0x0, &(0x7f0000000040), 0x80000) 23:50:55 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:55 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_PIM(r1, 0x0, 0xcf, &(0x7f0000000000)=0x2, 0x4) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x8, 0x80000) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4, r1, 0x1}) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x0, r2, 0x1}) 23:50:55 executing program 2: socketpair(0x5, 0x80006, 0x800, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e20, @local}}, 0x0, 0x0, 0xb, 0x0, "200128456778d026de04cd38eee0bf185c51f41544acfd8810b514822e7a42c290f8b9a93fe20e5a6ac58dd874ad4f3392e0eeca617d9e1e1b6fad18b6b06ac7c91d7bb2f309abf20c3a17fbc0044241"}, 0xd8) socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:55 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x8, 0x80000) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4, r1, 0x1}) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x0, r2, 0x1}) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) eventfd2(0x8, 0x80000) (async) eventfd(0x0) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4, r1, 0x1}) (async) eventfd(0x0) (async) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x0, r2, 0x1}) (async) 23:50:55 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:55 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:56 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) 23:50:56 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 2: socketpair(0x5, 0x80006, 0x800, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e20, @local}}, 0x0, 0x0, 0xb, 0x0, "200128456778d026de04cd38eee0bf185c51f41544acfd8810b514822e7a42c290f8b9a93fe20e5a6ac58dd874ad4f3392e0eeca617d9e1e1b6fad18b6b06ac7c91d7bb2f309abf20c3a17fbc0044241"}, 0xd8) socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socketpair(0x5, 0x80006, 0x800, &(0x7f0000000000)) (async) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e20, @local}}, 0x0, 0x0, 0xb, 0x0, "200128456778d026de04cd38eee0bf185c51f41544acfd8810b514822e7a42c290f8b9a93fe20e5a6ac58dd874ad4f3392e0eeca617d9e1e1b6fad18b6b06ac7c91d7bb2f309abf20c3a17fbc0044241"}, 0xd8) (async) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) eventfd2(0x8, 0x80000) (async) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x4, r1, 0x1}) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x0, r2, 0x1}) 23:50:56 executing program 2: socketpair(0x5, 0x80006, 0x800, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f00000000c0)={@in={{0x2, 0x4e20, @local}}, 0x0, 0x0, 0xb, 0x0, "200128456778d026de04cd38eee0bf185c51f41544acfd8810b514822e7a42c290f8b9a93fe20e5a6ac58dd874ad4f3392e0eeca617d9e1e1b6fad18b6b06ac7c91d7bb2f309abf20c3a17fbc0044241"}, 0xd8) (async) socket(0x2, 0x0, 0x0) (async, rerun: 32) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (rerun: 32) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:56 executing program 3: eventfd2(0x6, 0x0) eventfd2(0x80, 0x801) r0 = eventfd2(0xe000003, 0x800) socketpair(0x1f, 0xa, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x400, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x890}, 0x4000) read$eventfd(r0, &(0x7f0000000000), 0x4) 23:50:56 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:56 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) 23:50:56 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:56 executing program 3: eventfd2(0x6, 0x0) (async) eventfd2(0x80, 0x801) (async) r0 = eventfd2(0xe000003, 0x800) (async) socketpair(0x1f, 0xa, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x400, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x890}, 0x4000) (async) read$eventfd(r0, &(0x7f0000000000), 0x4) 23:50:56 executing program 3: eventfd2(0x6, 0x0) eventfd2(0x80, 0x801) (async) r0 = eventfd2(0xe000003, 0x800) (async) socketpair(0x1f, 0xa, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r2 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x2c, r2, 0x400, 0x70bd27, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_VLANID={0x6}]}, 0x2c}, 0x1, 0x0, 0x0, 0x890}, 0x4000) read$eventfd(r0, &(0x7f0000000000), 0x4) 23:50:56 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:56 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:56 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 2: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="20002abd7000fddbdf250100000008002b006a0000000a000900aaaaaaaaaabb000008003b00a20e0000080039000800000008003400050000000600280000000000050033000000001fd9115d3761360070542aa8cc3d72f1c7089dec8babefbebff4ca15c891acaed9b3d43d63ec83d192af7f988f54821895775b3b16af17a265e0ce8923af1f0c96d51576cb9f9f1271838903e1a9e96ae1c48db1b5ddc1dfbfcea1b6cd2e2463b1f1140c3c99a7a32d146c27b1ecab6796c46a4c07aa55bc99b519627e03fb2973020f68158e9dd154401fa9d3260134236395c2505a75d163ee8e0cba7a35d6e086c2555c"], 0x50}, 0x1, 0x0, 0x0, 0x4044}, 0x44090) 23:50:56 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:56 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="20002abd7000fddbdf250100000008002b006a0000000a000900aaaaaaaaaabb000008003b00a20e0000080039000800000008003400050000000600280000000000050033000000001fd9115d3761360070542aa8cc3d72f1c7089dec8babefbebff4ca15c891acaed9b3d43d63ec83d192af7f988f54821895775b3b16af17a265e0ce8923af1f0c96d51576cb9f9f1271838903e1a9e96ae1c48db1b5ddc1dfbfcea1b6cd2e2463b1f1140c3c99a7a32d146c27b1ecab6796c46a4c07aa55bc99b519627e03fb2973020f68158e9dd154401fa9d3260134236395c2505a75d163ee8e0cba7a35d6e086c2555c"], 0x50}, 0x1, 0x0, 0x0, 0x4044}, 0x44090) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="20002abd7000fddbdf250100000008002b006a0000000a000900aaaaaaaaaabb000008003b00a20e0000080039000800000008003400050000000600280000000000050033000000001fd9115d3761360070542aa8cc3d72f1c7089dec8babefbebff4ca15c891acaed9b3d43d63ec83d192af7f988f54821895775b3b16af17a265e0ce8923af1f0c96d51576cb9f9f1271838903e1a9e96ae1c48db1b5ddc1dfbfcea1b6cd2e2463b1f1140c3c99a7a32d146c27b1ecab6796c46a4c07aa55bc99b519627e03fb2973020f68158e9dd154401fa9d3260134236395c2505a75d163ee8e0cba7a35d6e086c2555c"], 0x50}, 0x1, 0x0, 0x0, 0x4044}, 0x44090) (async) 23:50:56 executing program 2: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000001c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="20002abd7000fddbdf250100000008002b006a0000000a000900aaaaaaaaaabb000008003b00a20e0000080039000800000008003400050000000600280000000000050033000000001fd9115d3761360070542aa8cc3d72f1c7089dec8babefbebff4ca15c891acaed9b3d43d63ec83d192af7f988f54821895775b3b16af17a265e0ce8923af1f0c96d51576cb9f9f1271838903e1a9e96ae1c48db1b5ddc1dfbfcea1b6cd2e2463b1f1140c3c99a7a32d146c27b1ecab6796c46a4c07aa55bc99b519627e03fb2973020f68158e9dd154401fa9d3260134236395c2505a75d163ee8e0cba7a35d6e086c2555c"], 0x50}, 0x1, 0x0, 0x0, 0x4044}, 0x44090) 23:50:56 executing program 2: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x3ff, 0x6, 0x4, 0x0, 0x7fffffff}, 0x14) 23:50:56 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:56 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:56 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xf) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x3ff, 0x6, 0x4, 0x0, 0x7fffffff}, 0x14) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x3ff, 0x6, 0x4, 0x0, 0x7fffffff}, 0x14) (async) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000000)={0x3ff, 0x6, 0x4, 0x0, 0x7fffffff}, 0x14) 23:50:56 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async, rerun: 64) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (rerun: 64) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) (async, rerun: 32) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xf) (rerun: 32) 23:50:56 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) socketpair(0x1f, 0x6, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x81}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x4040840) 23:50:57 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) socketpair(0x1f, 0x6, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = socket(0x10, 0x2, 0x0) (async) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x81}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x4040840) 23:50:57 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) socketpair(0x1f, 0x6, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) (async) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}, 0x1, 0x0, 0x0, 0x80}, 0x0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r3, 0x400, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x2f}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x81}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x9}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x4040840) 23:50:57 executing program 3: r0 = eventfd2(0x4080004, 0x80801) read$eventfd(r0, &(0x7f0000000040), 0x8) r1 = eventfd(0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f00000001c0)={0x3f, 0xa}, 0x2) write$eventfd(r1, &(0x7f0000000000), 0x8) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', 0x0, 0x8}, 0x10) semctl$SEM_INFO(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000000080)=""/181) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 3: r0 = eventfd2(0x4080004, 0x80801) read$eventfd(r0, &(0x7f0000000040), 0x8) (async) r1 = eventfd(0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f00000001c0)={0x3f, 0xa}, 0x2) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) (async, rerun: 64) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', 0x0, 0x8}, 0x10) (async, rerun: 64) semctl$SEM_INFO(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000000080)=""/181) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 2: socket(0x2, 0x0, 0x0) (async) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000000)) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xf) 23:50:57 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 3: r0 = eventfd2(0x4080004, 0x80801) read$eventfd(r0, &(0x7f0000000040), 0x8) (async) r1 = eventfd(0x0) setsockopt$bt_BT_SECURITY(0xffffffffffffffff, 0x112, 0x4, &(0x7f00000001c0)={0x3f, 0xa}, 0x2) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) write$eventfd(r1, &(0x7f0000000000)=0x1, 0x8) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000180)={&(0x7f0000000140)='./file0\x00', 0x0, 0x8}, 0x10) semctl$SEM_INFO(0xffffffffffffffff, 0x1, 0x13, &(0x7f0000000080)=""/181) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 3: r0 = eventfd2(0x0, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x14, 0x7, 0x3}, 0x18) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:57 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1f, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) 23:50:57 executing program 3: r0 = eventfd2(0x0, 0x0) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x14, 0x7, 0x3}, 0x18) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:57 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1f, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1f, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:57 executing program 3: r0 = eventfd2(0x0, 0x0) (async) write$input_event(0xffffffffffffffff, &(0x7f0000000000)={{0x77359400}, 0x14, 0x7, 0x3}, 0x18) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:57 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:57 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 2: socket(0x2, 0x0, 0x0) r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1f, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) socket(0x2, 0x0, 0x0) (async) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) (async) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x1f, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) (async) 23:50:57 executing program 3: ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000000)) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:57 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:57 executing program 3: ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000000)) (async, rerun: 32) r0 = eventfd2(0x0, 0x0) (rerun: 32) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:58 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:50:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 3: ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, &(0x7f0000000000)) (async) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:50:58 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:50:58 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:58 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r2) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:50:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:58 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:58 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:58 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:50:58 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:58 executing program 4: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:58 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:59 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:59 executing program 4: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:50:59 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:50:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:50:59 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:59 executing program 4: ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r0 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:59 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:50:59 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:59 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:50:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:50:59 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:50:59 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:50:59 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:50:59 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) 23:50:59 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:50:59 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:51:00 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:00 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:51:00 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:00 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:00 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:51:00 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:00 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 23:51:00 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) 23:51:00 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:00 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:00 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:00 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:51:00 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) (async) 23:51:00 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) 23:51:00 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:51:00 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:00 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, 0x0) eventfd(0x7fffffff) 23:51:01 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:01 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:01 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd(0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x3000, &(0x7f0000000000), 0x4, r1, 0x2}) read$eventfd(r0, &(0x7f00000000c0), 0x8) 23:51:01 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:01 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:01 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, 0x0) eventfd(0x7fffffff) 23:51:01 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:01 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:01 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:01 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 23:51:01 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:01 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, 0x0) eventfd(0x7fffffff) 23:51:01 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:01 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:02 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd(0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x3000, &(0x7f0000000000), 0x4, r1, 0x2}) read$eventfd(r0, &(0x7f00000000c0), 0x8) eventfd2(0x0, 0x0) (async) eventfd(0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x3000, &(0x7f0000000000), 0x4, r1, 0x2}) (async) read$eventfd(r0, &(0x7f00000000c0), 0x8) (async) 23:51:02 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:02 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 23:51:02 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)) eventfd(0x7fffffff) 23:51:02 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:02 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:02 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1) 23:51:02 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:02 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:02 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:02 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)) eventfd(0x7fffffff) 23:51:02 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:02 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd(0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x3000, &(0x7f0000000000), 0x4, r1, 0x2}) read$eventfd(r0, &(0x7f00000000c0), 0x8) eventfd2(0x0, 0x0) (async) eventfd(0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x3000, &(0x7f0000000000), 0x4, r1, 0x2}) (async) read$eventfd(r0, &(0x7f00000000c0), 0x8) (async) 23:51:03 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:03 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:03 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:03 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)) eventfd(0x7fffffff) 23:51:03 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:03 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:03 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:03 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:03 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:03 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:03 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:03 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)) eventfd(0x0) 23:51:03 executing program 3: eventfd2(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) 23:51:03 executing program 3: eventfd2(0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) 23:51:03 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:03 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:03 executing program 3: eventfd2(0x0, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000), ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x6, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:04 executing program 1: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) 23:51:04 executing program 0: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) 23:51:04 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd2(0x8001, 0x800) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = eventfd2(0x200, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r1, 0x0, 0x7fffffff, r2}) read$eventfd(r0, &(0x7f0000000000), 0x63) 23:51:04 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, 0x0, 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 3: eventfd2(0x0, 0x0) (async) r0 = eventfd2(0x8001, 0x800) (async) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) r2 = eventfd2(0x200, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r1, 0x0, 0x7fffffff, r2}) (async) read$eventfd(r0, &(0x7f0000000000), 0x63) 23:51:04 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, 0x0) eventfd(0x7fffffff) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(0x0, 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, 0x0) eventfd(0x7fffffff) 23:51:04 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:04 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd2(0x8001, 0x800) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) r2 = eventfd2(0x200, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r1, 0x0, 0x7fffffff, r2}) read$eventfd(r0, &(0x7f0000000000), 0x63) eventfd2(0x0, 0x0) (async) eventfd2(0x8001, 0x800) (async) eventfd(0x0) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) eventfd2(0x200, 0x0) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r1, 0x0, 0x7fffffff, r2}) (async) read$eventfd(r0, &(0x7f0000000000), 0x63) (async) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:04 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 3: r0 = eventfd2(0x4010001, 0x0) r1 = eventfd2(0x8, 0x0) eventfd2(0x7fff, 0x80000) socketpair(0x6, 0x4, 0xee02, &(0x7f0000000140)) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) write$eventfd(r2, &(0x7f0000000000)=0x1, 0x8) write$eventfd(r1, &(0x7f0000000040)=0x3, 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) read$msr(0xffffffffffffffff, &(0x7f00000000c0)=""/116, 0x74) 23:51:04 executing program 3: r0 = eventfd2(0x4010001, 0x0) (async, rerun: 32) r1 = eventfd2(0x8, 0x0) (async, rerun: 32) eventfd2(0x7fff, 0x80000) (async) socketpair(0x6, 0x4, 0xee02, &(0x7f0000000140)) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) write$eventfd(r2, &(0x7f0000000000)=0x1, 0x8) write$eventfd(r1, &(0x7f0000000040)=0x3, 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async, rerun: 64) read$msr(0xffffffffffffffff, &(0x7f00000000c0)=""/116, 0x74) (rerun: 64) 23:51:04 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 3: r0 = eventfd2(0x4010001, 0x0) (async) r1 = eventfd2(0x8, 0x0) (async) eventfd2(0x7fff, 0x80000) (async) socketpair(0x6, 0x4, 0xee02, &(0x7f0000000140)) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) write$eventfd(r2, &(0x7f0000000000)=0x1, 0x8) (async) write$eventfd(r1, &(0x7f0000000040)=0x3, 0x8) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) read$msr(0xffffffffffffffff, &(0x7f00000000c0)=""/116, 0x74) 23:51:04 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:04 executing program 3: eventfd2(0x0, 0x0) r0 = eventfd(0x7) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, r0, 0x2}) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:04 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r2, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:04 executing program 3: eventfd2(0x0, 0x0) (async) r0 = eventfd(0x7) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, r0, 0x2}) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:04 executing program 3: eventfd2(0x0, 0x0) (async, rerun: 32) r0 = eventfd(0x7) (rerun: 32) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x0, &(0x7f0000000000), 0x8, r0, 0x2}) 23:51:04 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) eventfd2(0x1, 0x80000) read$eventfd(r1, &(0x7f0000000000), 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:04 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:04 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:04 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:04 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:05 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r3 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r3, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:05 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) 23:51:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r2 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r1) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), 0xffffffffffffffff) 23:51:05 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) eventfd2(0x1, 0x80000) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:05 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:51:05 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:51:05 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:51:05 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:51:06 executing program 3: r0 = eventfd2(0x0, 0x0) (async) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) eventfd2(0x1, 0x80000) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:06 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) 23:51:06 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:06 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:51:06 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:51:06 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:06 executing program 2: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) socket(0x18, 0x0, 0xa7) socket(0x18, 0x0, 0xa7) 23:51:06 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) 23:51:06 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:06 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:06 executing program 1: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:07 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:07 executing program 2: r0 = socket(0x18, 0x1, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000040)={'ip6_vti0\x00', &(0x7f00000000c0)={'syztnl0\x00', r1, 0x2f, 0x0, 0xff, 0x1, 0x5b, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @local, 0x20, 0x80, 0x40, 0x9}}) r2 = eventfd2(0x0, 0x0) read$eventfd(r2, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:07 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x0, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1}) 23:51:07 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x103840, 0x0) r2 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r5 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r5) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) eventfd(0x7fffffff) r6 = socket(0x18, 0x0, 0xa7) r7 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r7) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r7, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x24, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MARK={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x8800}, 0x4000) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_ASSERT(r6, 0x0, 0xcf, &(0x7f00000000c0)=0x1, 0x4) 23:51:07 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, 0x0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:51:07 executing program 2: r0 = socket(0x2, 0x0, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f00000000c0)={0x4, 0x10001, {0x56, 0x6, 0xfff, {0xff, 0xfc01}, {0x1ff}, @period={0x5c, 0x5, 0x7, 0x1ff, 0x2, {0x401, 0x1, 0x3, 0x46}, 0xa, &(0x7f0000000000)=[0x4, 0x0, 0x6, 0x7, 0x3f, 0x1, 0x6, 0x1, 0xa4f, 0x401]}}, {0x51, 0xffff, 0xe2, {0x0, 0x2}, {0x4e7, 0x100}, @const={0x6, {0x4f3, 0x1, 0x1, 0xff43}}}}) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0xa, 0x5, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000280)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000004c0)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={0xffffffffffffffff, 0xe0, &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000500)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000580)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000005c0)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000600), &(0x7f0000000640), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000680)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000800)={'batadv_slave_1\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000840)={'team0\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000b40)={0xffffffffffffffff, 0xe0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000880)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, &(0x7f00000008c0)=[0x0], &(0x7f0000000900)=[0x0], 0x0, 0x8, &(0x7f0000000940)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000980), &(0x7f00000009c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000a00)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e80)={0xffffffffffffffff, 0xe0, &(0x7f0000000d80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000b80)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x5, &(0x7f0000000bc0)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000c00)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000c40)=[{}, {}, {}, {}, {}, {}, {}, {}, {}, {}], 0x50, 0x10, &(0x7f0000000cc0), &(0x7f0000000d00), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000d40)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000f40)={'syztnl1\x00', &(0x7f0000000ec0)={'ip6gre0\x00', 0x0, 0x4, 0x0, 0xc1, 0x260000, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast2, 0x8000, 0x40, 0x4, 0x66000}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001000)={'ip6_vti0\x00', &(0x7f0000000f80)={'syztnl2\x00', 0x0, 0x29, 0xd9, 0x61, 0x4, 0x40, @dev={0xfe, 0x80, '\x00', 0x21}, @mcast2, 0x8000, 0x30, 0x0, 0x3}}) sendmsg$TEAM_CMD_OPTIONS_GET(0xffffffffffffffff, &(0x7f0000001480)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000001440)={&(0x7f0000001040)={0x3ec, 0x0, 0x100, 0x70bd29, 0x25dfdbfb, {}, [{{0x8, 0x1, r2}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r3}}}]}}, {{0x8, 0x1, r4}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xa8000000}}}]}}, {{0x8, 0x1, r7}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}]}}, {{0x8, 0x1, r9}, {0xc8, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x72}}, {0x8}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}]}, 0x3ec}, 0x1, 0x0, 0x0, 0x4}, 0x10) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0xffffffff, 0x9, 0x0, 0x0, 0x0, 0xa923]) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1}) 23:51:07 executing program 2: select(0x0, 0x0, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:51:07 executing program 0: r0 = socket(0x2, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r1, 0xc02063a0, &(0x7f0000000080)=[0x1, 0xfffffff8, 0x1, 0x0, 0x0, 0x0, 0x0, 0xa923]) r2 = socket(0x10, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000300)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r4}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000600)={0xffffffffffffffff, 0xe0, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000340)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x5, &(0x7f0000000380)=[0x0, 0x0, 0x0, 0x0], &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000400)=[{}], 0x8, 0x10, &(0x7f0000000440), &(0x7f0000000480), 0x8, 0x10, 0x8, 0x8, &(0x7f00000004c0)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000900)={0xffffffffffffffff, 0xe0, &(0x7f0000000800)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000640)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x5, 0x7, &(0x7f0000000680)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000700)=[{}], 0x8, 0x10, &(0x7f0000000740), &(0x7f0000000780), 0x8, 0x10, 0x8, 0x8, &(0x7f00000007c0)}}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000c40)={0xffffffffffffffff, 0xe0, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000940)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000980)=[0x0, 0x0, 0x0], &(0x7f00000009c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000a00)=[{}, {}, {}, {}, {}, {}, {}, {}, {}], 0x48, 0x10, &(0x7f0000000a80), &(0x7f0000000ac0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000b00)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000c80)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r9}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000fc0)={0xffffffffffffffff, 0xe0, &(0x7f0000000ec0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f0000000cc0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000d00)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000d80)=[0x0], 0x0, 0x8, &(0x7f0000000dc0)=[{}, {}, {}], 0x18, 0x10, &(0x7f0000000e00), &(0x7f0000000e40), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000e80)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000001700)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000016c0)={&(0x7f0000001000)={0x698, 0x0, 0x2, 0x70bd2b, 0x25dfdbfc, {}, [{{0x8}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb62c}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfffff000}}}]}}, {{0x8, 0x1, r3}, {0xc0, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x71c}}, {0x8, 0x6, r4}}}]}}, {{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x6}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x1f4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r7}}}]}}, {{0x8}, {0xbc, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x1a8, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffaf}}, {0x8, 0x6, r10}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x80000001}}, {0x8, 0x6, r11}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0xfffffffc}}}]}}]}, 0x698}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) r12 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r12, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r0, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x4c, r12, 0x10, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x5}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x10000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xa6ac}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}]}, 0x4c}, 0x1, 0x0, 0x0, 0x1}, 0x8040) 23:51:07 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x6) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = eventfd(0x0) write$eventfd(r1, &(0x7f0000000000), 0x8) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000000)={0x1, r1}) 23:51:07 executing program 4: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 1: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r1, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r2 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r3, 0x4008556c, &(0x7f0000000340)='syz1\x00') r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) ioctl$UI_SET_EVBIT(r4, 0x40045564, 0x6) 23:51:07 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0xb9a, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 3: eventfd2(0xffff, 0x80000) 23:51:07 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0xb9a, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0xb9a, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 1: r0 = eventfd2(0x0, 0x80801) eventfd2(0x9, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:07 executing program 0: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, r2, 0x200, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x3c}, 0x1, 0x0, 0x0, 0x404e811}, 0x440d4) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 3: eventfd2(0xffff, 0x80000) 23:51:07 executing program 4: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$BATADV_CMD_GET_GATEWAYS(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x1c, 0x0, 0x4, 0x70bd2a, 0x25dfdbfd, {}, [@BATADV_ATTR_GW_MODE={0x5}]}, 0x1c}}, 0x40) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(0xffffffffffffffff, 0xc02064b6, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r2, &(0x7f00000003c0)={'syz1\x00', {}, 0x0, [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], [0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x69d]}, 0x45c) ioctl$UI_DEV_CREATE(r2, 0x5501) ioctl$UI_SET_FFBIT(r2, 0x4004556b, 0x0) ioctl$UI_SET_LEDBIT(0xffffffffffffffff, 0x40045569, 0x200d) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000080)={0x1, 0x2, {0x57, 0xe5, 0x600, {0x1958, 0x2}, {0x40, 0x1}, @rumble={0x2, 0xfff}}, {0x53, 0xf16d, 0x8e, {0xff, 0x101}, {0x1f, 0x3}, @cond=[{0x8da6, 0xaaf2, 0xffff, 0xff, 0x80, 0x20}, {0x9, 0x9, 0x4, 0x1ff, 0x5, 0xdef}]}}) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) r4 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r4, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0xb9a, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) 23:51:07 executing program 1: r0 = eventfd2(0x0, 0x80801) eventfd2(0x9, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:07 executing program 3: eventfd2(0xffff, 0x80000) 23:51:07 executing program 0: select(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0xfffffffffffffffd, 0xfff, 0x3}, &(0x7f0000000200)={0x0, 0x1, 0x3, 0x10000000000000, 0x0, 0xfffffffffffffffe, 0xfff}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, &(0x7f0000000280)) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r2 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x0, 0x1, 0x5, 0x0, @vifc_lcl_ifindex, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f00000002c0)={{0x20, 0x2, 0x7}, 'syz0\x00', 0x2c}) r3 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_BT_DEFER_SETUP(r3, 0x112, 0x7, &(0x7f0000000000)=0x1, &(0x7f0000000040)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000240), 0x802, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000340)='syz1\x00') r5 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r5, 0x40045566, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000140)=0x1, &(0x7f0000000180)=0x4) 23:51:07 executing program 5: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) syz_open_dev$MSR(&(0x7f0000000000), 0xb9a, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:07 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (fail_nth: 1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x9, 0xd26, 0xfff, 0xffffffff, 0xffff, 0x277, 0x8, 0x8]) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000840)="08167faad857a77ae5ad8d52c4e44d49f89c07b6044dee53301442f0f375c964454b9811be83c70356a0bad91798cbb3ce93544aaaeaaf960f65de560f8f4d98a4495f0d66f34e951ef2d6461df4e453bb58b0c9b5fabf5091a0a3b6e73ea9d1ca0fa5cc5851b963c233fbc370e6f0c85dedd3e2696324c3a94a17b5e79381b3395ea6672b5192238830e9ff14d3fe145412a2c2687356dbc32c8558bcc73f3b539cb3659a8521472ce1cbbb6c099275dc3b1d2fd9b1e41c6a6bc0ccdb72adc8f4cbd534d049a03129a7e82a92cdcd376c685c167aaa068c03eeb07bf9361ffca3e5bd1655fdbfd1f4cd2daac2aad1fd194b569fca55cd768f9fb3ddd3791b0475612b0d27e7370c4e15abf7d300a2af691796d4160304d2b34c62aa90fd447f6339de913ab888080676cf5376730dec16de1519557c9af9c82e96aced667c16c3348a0656bb270886f15145ae7761db3c2d03ac2bf9d905d7a59a9ce6c4e7f082b15b51cc6b8b495fa076cf5dc62bec6f3790bbd71b806b72315536611ca118e94dcae4e9e20102247022647a5539656fd0bbe6858a8e1d9eebfe95d3ac0ca884ae52c867480f5111997047c8981bc70a2bce3ee515020d0dc2be27e9663cbcfa0cabd755c016ae7420420aea259178b1619e66d4519127274d7c8f50b8a46dbc403ebbef6e2d2c4d4acba2b41d8c06bef3cb44b52fa94c05821c23e048fc268502ef6d2afaa21cbb629b1b86efbec99310fcb57f32d1e565624cfaaa8b52a97a9a5a558d28fef2c02690203d62cf890263e10b4ea2b8cbd6e4659d58a4980022dd0080e5d52b27f7c72384ff11263bdb0afc5d3433701ca3b2263ff43e6369f2bcd7db04d374beb264f75e80330edf8d8a675f9ebbbebb5da1906a45272b713708494f3e9f1ed60b2c0a6dcf2dcf70ab3e9874cf9878106802c732f3c8eddeaecede22dad41fad0f75321b89b7ffc700357808c22798a1f1b44f5886716ae5d7b0f8268f9f78c54108862f0ed92e99aacdef153a7984c0f88bd62a9e6cd8cbd658c8cab866751958114d90624eccf9805e02a72f464af059d2a3876af358dfa3725965cad676d52ed13d892d73bdd862a232c81e0e170d887b2f768e34b8b2946845ccfe2064fa8c4e8ddfc877c2bf11d6b1d50093b402e070a28a565c5e736fbf7a36090d73ad99038f274829a1b14b787dcad6b34cbac6aba5f6fd1a159b9c071824446b3fbf324fa9fa3f96edcd818890eede08a5270b140f885bc5b371196b1ca21827c3c5322df507de521342504c229ecbd998e605a2d9f8d34c4493a53645ee30f6a1fe02ba4876a954a32a0bb17b091cb3d9f652a91119e070a782795b8644734e71f8416884ac1fb15dda1d686bcf420f0beaf6963fe84bb0f218e774b2d8f73b7ca8301bf0517fd8d1479b923f4e554683130556a6203d6ef651a7d3276af03e975b89c91a6b2085bb620b72b13e7bcce38498edf927ef692fb8e50d79888835bd8b2dcb86199b1fad6a1333cf191e8f488b4809dddd976de57eff5092a1432dc0024cac1257a7e3631d663b042f66b25a792fb5277070455026b43ae6a8c578d0071d61c62ce6bce4a9ab99bc98571650a4217e4a548592406868dbde1d16ddfa654e9c354dea2a4fb6d5fa776a44d1f299a997ca4dab7652362050cd0874f60090ae2826d80afa87209da1937a21a11345b128f93db40dbe95e6e28c7fdc90728c5b4a07924cee50340ce1bb24ff3209cf99d2d2cad34a2395e366b7aa6e60e6161701040f161b209d577fe98171704ce5abf84ee4196db6801679b5192374f39388387230d83d36f7861fdbea9288e08810d921a0dd8a6b9313039940def492248d1f1c07011e03d986d423b4020cf5b61704f5248674eb84c2dcfd888094a9a09c959a402b646666dd02f7c1e78e1e19d5ef347c4b00c30690bfa1ce06dc88894a6d3e54e32e1eb2c9e70305b7dd8558834cd854609e6f7812f166bbb8bb10ddf3af5e12cc4852513e1ab1dfb1cbe0dbd5f1268caa499dbe7650318078b87e8b9d38bf13764d289eae9e1aa3bbc0b1c63b531f24f31f952427b5c6d7e6616045955b2339d3a2db3f1e76d16b8782b87da06bd26357006069a02883d44bc3f73bfc8fdab11ce78d73e1050483830747ebb8f0fad85b5aaec5d39d6e1978126f4e9ff46ef738bd97c1319283d1ccfd6a463c9a5152a17fbfaf530c644f38038121f0948640513b6588fb7ed2db50e9df89bbcc0768b7f337eb4e38ac1bf07eb526d2075575fc57bc8616022a53ce03a7aff743b6d7af22b50e39046de7007fe9a8e3ef5b54020762ce7841fe1c9be961207743952ebe12e603c043708c3a7568b324096673740d0982abe20a844b004758e7d08cf580b2c651a1d1bbf50c72cd2d87e848cd6f0d6704fa7a809733d231ae41c4a93058c774dcd89546e01b8bc7ce28027f05e0d7c941bde44d1ded370682c4dfb0a8cc130b431bfd94e74982e70719d6b8bd8da7b636641793c8a53e5da1d3c7dc85276f1daec4ae0e787a8497f514dfc804d2e37a4b67661890bb8b58207799312305f7527ea4be1160613f89c690442c9e41f2b4cc900e30648241d31bf4c35f5a8b75d048efb328413c3600f68abfdc1d83d7918f6b37ba1d8b3d63611e20eb6fe2b3d8d300cb1b4dc7c29730e86a748f14e51a3b2e15eeff70e008f981058f39df6e9a76d11182dd102e0eee40934a974cc2ec6cd7e3f872992f2b80b71a2eece85f92cc5fa96a8a19f5a1e4ee8111b85ae618a4549992a3832b8ca21dbc6593ce3214f7c49b498674bb5c7b1b80188c5e76793dc4dc9afdbda1e44a1b0056e0a44f4fdb32239f05d8fe14f93122f27cf11e654a5ecddc46b22a5dbcf8406262072b652d8695980b8023c9fada93da53d3500dcc4cdf52c9392b4bd3493304bb246707a2002d3efef11cd0ed7c9bd205c6e03771f4752a98e21abd293163a8849fa25b54f514e37c287a7dcfaace747c4119e9b24ef336ac488322b9e685983778319d652cd9513230fa8b03568d18242c79740a65849de84a3209d4ca3abc160ed4956d4892642703f102f98e0846e17544f695f4a4edd2c6f0b7cabb48fc028a83ad3ba584fee8f14e56fe880d8f2a44a5e6a9ce8afc398ec0a49927a558c0db0ff452a9c18193226cd36f927910679a30018c38c3b7e570d5dcd3bfb1aed69f447939813468d473265408548174cbeeaed2fbbe3da8eb061f57fbcabe18722fb76f061b19c2e9b97f58e5a5400ed16f6e3060a7062ccbdeb2d10abf83c3321a472ce66192bf6d5500fa73d5c839e492eda9c4864e4a2c36f89e95cc2c449f19d124536e895c741ac921d600e921362b56d8bf6b88dc88ba851b509786549ceb5fc7ad615c6cb031e0793699ae896a1bf27d04cc456a0dbe881a039c88b01e1c7ff719c876e4ff28d4f89a18f7d8fe08c3a0257c79f7e768d60cf6bded62d257468de5491de52909c6e6428997667fda1c1318725fa28a2555b0741f737d71dd1c78e774ead8c3fc25f18d039c346da5f54b236798c0f1742b66557521b3f0d535a7d29ebba0c8137ec31c670a48fa988cb0511d79a601049ea60b22826d5c2b807a32a428c7c1e0a803467ddb767258485cc49faebd4514452275a10ad4dc048465f5fbf18ca0863b2ded8ad70f21a99485f1c2fb907d0e394b16732ca9de34e2c9dbe82654232b4bf1d0b7bea935bd7e1b83204ad00f9e78861917624c286191835e5404945dab8480f6e371da27ecf92b138db326a5dc7cb3c26a9d6aadd222957e320b445c298f75969f6f8d77ff54f0ec8ff30fc619e5fe29fec17b78a0631795395ff51f61e5a6b6c4316aa4eb40f8dcd97fca2eac2b80ccc722cfdeb1778140f2c491d284b15807013798a9eb5226de6b12d323f605f9bcc7c0b243413a6393b6cbbfc3e37624f55ebb032835cccb9b778b8d67b8ca487f64630cd37e46c755d61c6297505a9d2e19b2acb202112948bca162568285412bebd69b51814d9a05852041dfb2e8b5b4efb2726f0d05109eb8b2d6fd75630eed9e39aeae6623ce06252bd003a362429f97e8f7978c07dd871890115a428246bb8ecf30d8ed2d84369ce333898ef65e2b5a2533bb9692f12b6581cf730f7d8e4079a7a4f56e19e08da64c217ba6d6f0888ba382fc9a7be71bcc7c377a54c82442c3e30ea64824a75f76ec672a903abcfe131ff7a6ce7823831e16e8b0a57d363d3d19ce5603b2ee5a38462ffb0f2662197b508cead12e7c4e855dd1505b9fb5f58fb256b429e36cef554f11fbf7ee9f12b39fbebb06e260df0cadb32799f06de1e3c08d5a6ec2b214b95db5972e9f0dd216cae2e6ef925f39b578a688ec00cfbca296238ace7bf89e3394645e7b731244c71f434047cd70019d4612b60b183e2ad6a2a248a4b4d8af59597bea7b397f76f7e734473a1675ec80cc2cd5a2496e652205452218063981b0e052f20345c9c4960541892049f124e5592848ceb16cff362e01383ffc87ec1cf22156ae3d6a191789c94e89f40aa38937c930b5f2ed63b53482b7de6456d04220a063c54598db006c18cb2564a7c8a947fb05a31753d3605f48593751d77887b374933426731aaf1840bb4f2fc67b0d5feb0c78c3e8ccb6e5fd5e0d66adae59cab9fadfd03654641c2955091ad0fbe264162ae0f5189dd32e175e1f1e789a3f02cd140d40a732134d65789a679e8c93838c62c3ae6cd4f4e6a9945e71d251fe474b2b3a4508d0f43a400fddf55964b006b75b637530d9057a62857baa6026cd5d0af52d2f0e9ce6d9cbd7156f504f3be7c034b5c4b8e4d903bab38d026c4b08e3647c2f40788818ceb84734414ff6221236d4774471b49a3257c3d7ba4f77442739db3084665bb1a89e0e3d509a409ff3ef97b9bc2a0953c6382f7157fb30ce593b6d93f891844caccb0ebebbeb6f60547be2e60c0127ab314505f9a99b43abddd08afc0143adf8941bdfeb287c3df957268311c366ecc1540dafd430bc6dc82eda92e3684c737038e298d9f582792b91440ec30312f93873c37279b07947e74a8fa7649cf32bbdcad4e6d742a196b027b27291447de54be2a3682b89c1d7d2c37f9b8825c7e72581d17ac3dbc057aecf97a6caef3a97834aef69f349e5aeb4c101ae490388e378c3356967db8a6dd48084a4e69a11f15d73333a9ac78309acf17eeed3c297cfafbceaaa45ec3c21c4af6b517dfefc1a1e3c5986c22de0828a8770b248898939d4dd729e9048bbedbe56dd44f36fae3cfe54f142c21600f3991add6bd1383321f0870e7346e6437cfcfa2edeb7015eb38a91cfe315f83d9c50b3467f28afd0982cecbb654feace809dd4259f3b680079dcf9cc5bdb7314992f1badd4c17bdc7e758ba296a4dfd345a5925e9084d0cb01a7f2efc0fc30c5c49acbf509545bde1365503fe8d72079238ee34f32beb86f538b05240c37afba294a24bbe699045e2cfd8c9df398f204cf36becff75e71f27ecd23dfdee0708a192168ca767700449fb4ada0f983c345c713caece1a361a05b1190225487df75c96fa19592e48dcc253ec3eccea13854168d3853419c3f968cb55850491c173e3a690fdaa59685cff1555e4b367c1c91908942e2d42778628eb33763ee49f16f894ac84c0a74010c9416c92b06b112653cda5a4f9330891d0c25ab3a9b75b2324c5f60775e1e2f8a768242d8042565ee60ae8687bdc499646aca84b093209e6212a7d7af5623a2c3b2227a080aab76b3b48d1fb26691eb853045adba14ee9f0fa2", 0x1000) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) [ 1844.756249] input: syz1 as /devices/virtual/input/input33574 23:51:07 executing program 1: r0 = eventfd2(0x0, 0x80801) eventfd2(0x9, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:07 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:07 executing program 5: syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x9, 0xd26, 0xfff, 0xffffffff, 0xffff, 0x277, 0x8, 0x8]) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000840)="08167faad857a77ae5ad8d52c4e44d49f89c07b6044dee53301442f0f375c964454b9811be83c70356a0bad91798cbb3ce93544aaaeaaf960f65de560f8f4d98a4495f0d66f34e951ef2d6461df4e453bb58b0c9b5fabf5091a0a3b6e73ea9d1ca0fa5cc5851b963c233fbc370e6f0c85dedd3e2696324c3a94a17b5e79381b3395ea6672b5192238830e9ff14d3fe145412a2c2687356dbc32c8558bcc73f3b539cb3659a8521472ce1cbbb6c099275dc3b1d2fd9b1e41c6a6bc0ccdb72adc8f4cbd534d049a03129a7e82a92cdcd376c685c167aaa068c03eeb07bf9361ffca3e5bd1655fdbfd1f4cd2daac2aad1fd194b569fca55cd768f9fb3ddd3791b0475612b0d27e7370c4e15abf7d300a2af691796d4160304d2b34c62aa90fd447f6339de913ab888080676cf5376730dec16de1519557c9af9c82e96aced667c16c3348a0656bb270886f15145ae7761db3c2d03ac2bf9d905d7a59a9ce6c4e7f082b15b51cc6b8b495fa076cf5dc62bec6f3790bbd71b806b72315536611ca118e94dcae4e9e20102247022647a5539656fd0bbe6858a8e1d9eebfe95d3ac0ca884ae52c867480f5111997047c8981bc70a2bce3ee515020d0dc2be27e9663cbcfa0cabd755c016ae7420420aea259178b1619e66d4519127274d7c8f50b8a46dbc403ebbef6e2d2c4d4acba2b41d8c06bef3cb44b52fa94c05821c23e048fc268502ef6d2afaa21cbb629b1b86efbec99310fcb57f32d1e565624cfaaa8b52a97a9a5a558d28fef2c02690203d62cf890263e10b4ea2b8cbd6e4659d58a4980022dd0080e5d52b27f7c72384ff11263bdb0afc5d3433701ca3b2263ff43e6369f2bcd7db04d374beb264f75e80330edf8d8a675f9ebbbebb5da1906a45272b713708494f3e9f1ed60b2c0a6dcf2dcf70ab3e9874cf9878106802c732f3c8eddeaecede22dad41fad0f75321b89b7ffc700357808c22798a1f1b44f5886716ae5d7b0f8268f9f78c54108862f0ed92e99aacdef153a7984c0f88bd62a9e6cd8cbd658c8cab866751958114d90624eccf9805e02a72f464af059d2a3876af358dfa3725965cad676d52ed13d892d73bdd862a232c81e0e170d887b2f768e34b8b2946845ccfe2064fa8c4e8ddfc877c2bf11d6b1d50093b402e070a28a565c5e736fbf7a36090d73ad99038f274829a1b14b787dcad6b34cbac6aba5f6fd1a159b9c071824446b3fbf324fa9fa3f96edcd818890eede08a5270b140f885bc5b371196b1ca21827c3c5322df507de521342504c229ecbd998e605a2d9f8d34c4493a53645ee30f6a1fe02ba4876a954a32a0bb17b091cb3d9f652a91119e070a782795b8644734e71f8416884ac1fb15dda1d686bcf420f0beaf6963fe84bb0f218e774b2d8f73b7ca8301bf0517fd8d1479b923f4e554683130556a6203d6ef651a7d3276af03e975b89c91a6b2085bb620b72b13e7bcce38498edf927ef692fb8e50d79888835bd8b2dcb86199b1fad6a1333cf191e8f488b4809dddd976de57eff5092a1432dc0024cac1257a7e3631d663b042f66b25a792fb5277070455026b43ae6a8c578d0071d61c62ce6bce4a9ab99bc98571650a4217e4a548592406868dbde1d16ddfa654e9c354dea2a4fb6d5fa776a44d1f299a997ca4dab7652362050cd0874f60090ae2826d80afa87209da1937a21a11345b128f93db40dbe95e6e28c7fdc90728c5b4a07924cee50340ce1bb24ff3209cf99d2d2cad34a2395e366b7aa6e60e6161701040f161b209d577fe98171704ce5abf84ee4196db6801679b5192374f39388387230d83d36f7861fdbea9288e08810d921a0dd8a6b9313039940def492248d1f1c07011e03d986d423b4020cf5b61704f5248674eb84c2dcfd888094a9a09c959a402b646666dd02f7c1e78e1e19d5ef347c4b00c30690bfa1ce06dc88894a6d3e54e32e1eb2c9e70305b7dd8558834cd854609e6f7812f166bbb8bb10ddf3af5e12cc4852513e1ab1dfb1cbe0dbd5f1268caa499dbe7650318078b87e8b9d38bf13764d289eae9e1aa3bbc0b1c63b531f24f31f952427b5c6d7e6616045955b2339d3a2db3f1e76d16b8782b87da06bd26357006069a02883d44bc3f73bfc8fdab11ce78d73e1050483830747ebb8f0fad85b5aaec5d39d6e1978126f4e9ff46ef738bd97c1319283d1ccfd6a463c9a5152a17fbfaf530c644f38038121f0948640513b6588fb7ed2db50e9df89bbcc0768b7f337eb4e38ac1bf07eb526d2075575fc57bc8616022a53ce03a7aff743b6d7af22b50e39046de7007fe9a8e3ef5b54020762ce7841fe1c9be961207743952ebe12e603c043708c3a7568b324096673740d0982abe20a844b004758e7d08cf580b2c651a1d1bbf50c72cd2d87e848cd6f0d6704fa7a809733d231ae41c4a93058c774dcd89546e01b8bc7ce28027f05e0d7c941bde44d1ded370682c4dfb0a8cc130b431bfd94e74982e70719d6b8bd8da7b636641793c8a53e5da1d3c7dc85276f1daec4ae0e787a8497f514dfc804d2e37a4b67661890bb8b58207799312305f7527ea4be1160613f89c690442c9e41f2b4cc900e30648241d31bf4c35f5a8b75d048efb328413c3600f68abfdc1d83d7918f6b37ba1d8b3d63611e20eb6fe2b3d8d300cb1b4dc7c29730e86a748f14e51a3b2e15eeff70e008f981058f39df6e9a76d11182dd102e0eee40934a974cc2ec6cd7e3f872992f2b80b71a2eece85f92cc5fa96a8a19f5a1e4ee8111b85ae618a4549992a3832b8ca21dbc6593ce3214f7c49b498674bb5c7b1b80188c5e76793dc4dc9afdbda1e44a1b0056e0a44f4fdb32239f05d8fe14f93122f27cf11e654a5ecddc46b22a5dbcf8406262072b652d8695980b8023c9fada93da53d3500dcc4cdf52c9392b4bd3493304bb246707a2002d3efef11cd0ed7c9bd205c6e03771f4752a98e21abd293163a8849fa25b54f514e37c287a7dcfaace747c4119e9b24ef336ac488322b9e685983778319d652cd9513230fa8b03568d18242c79740a65849de84a3209d4ca3abc160ed4956d4892642703f102f98e0846e17544f695f4a4edd2c6f0b7cabb48fc028a83ad3ba584fee8f14e56fe880d8f2a44a5e6a9ce8afc398ec0a49927a558c0db0ff452a9c18193226cd36f927910679a30018c38c3b7e570d5dcd3bfb1aed69f447939813468d473265408548174cbeeaed2fbbe3da8eb061f57fbcabe18722fb76f061b19c2e9b97f58e5a5400ed16f6e3060a7062ccbdeb2d10abf83c3321a472ce66192bf6d5500fa73d5c839e492eda9c4864e4a2c36f89e95cc2c449f19d124536e895c741ac921d600e921362b56d8bf6b88dc88ba851b509786549ceb5fc7ad615c6cb031e0793699ae896a1bf27d04cc456a0dbe881a039c88b01e1c7ff719c876e4ff28d4f89a18f7d8fe08c3a0257c79f7e768d60cf6bded62d257468de5491de52909c6e6428997667fda1c1318725fa28a2555b0741f737d71dd1c78e774ead8c3fc25f18d039c346da5f54b236798c0f1742b66557521b3f0d535a7d29ebba0c8137ec31c670a48fa988cb0511d79a601049ea60b22826d5c2b807a32a428c7c1e0a803467ddb767258485cc49faebd4514452275a10ad4dc048465f5fbf18ca0863b2ded8ad70f21a99485f1c2fb907d0e394b16732ca9de34e2c9dbe82654232b4bf1d0b7bea935bd7e1b83204ad00f9e78861917624c286191835e5404945dab8480f6e371da27ecf92b138db326a5dc7cb3c26a9d6aadd222957e320b445c298f75969f6f8d77ff54f0ec8ff30fc619e5fe29fec17b78a0631795395ff51f61e5a6b6c4316aa4eb40f8dcd97fca2eac2b80ccc722cfdeb1778140f2c491d284b15807013798a9eb5226de6b12d323f605f9bcc7c0b243413a6393b6cbbfc3e37624f55ebb032835cccb9b778b8d67b8ca487f64630cd37e46c755d61c6297505a9d2e19b2acb202112948bca162568285412bebd69b51814d9a05852041dfb2e8b5b4efb2726f0d05109eb8b2d6fd75630eed9e39aeae6623ce06252bd003a362429f97e8f7978c07dd871890115a428246bb8ecf30d8ed2d84369ce333898ef65e2b5a2533bb9692f12b6581cf730f7d8e4079a7a4f56e19e08da64c217ba6d6f0888ba382fc9a7be71bcc7c377a54c82442c3e30ea64824a75f76ec672a903abcfe131ff7a6ce7823831e16e8b0a57d363d3d19ce5603b2ee5a38462ffb0f2662197b508cead12e7c4e855dd1505b9fb5f58fb256b429e36cef554f11fbf7ee9f12b39fbebb06e260df0cadb32799f06de1e3c08d5a6ec2b214b95db5972e9f0dd216cae2e6ef925f39b578a688ec00cfbca296238ace7bf89e3394645e7b731244c71f434047cd70019d4612b60b183e2ad6a2a248a4b4d8af59597bea7b397f76f7e734473a1675ec80cc2cd5a2496e652205452218063981b0e052f20345c9c4960541892049f124e5592848ceb16cff362e01383ffc87ec1cf22156ae3d6a191789c94e89f40aa38937c930b5f2ed63b53482b7de6456d04220a063c54598db006c18cb2564a7c8a947fb05a31753d3605f48593751d77887b374933426731aaf1840bb4f2fc67b0d5feb0c78c3e8ccb6e5fd5e0d66adae59cab9fadfd03654641c2955091ad0fbe264162ae0f5189dd32e175e1f1e789a3f02cd140d40a732134d65789a679e8c93838c62c3ae6cd4f4e6a9945e71d251fe474b2b3a4508d0f43a400fddf55964b006b75b637530d9057a62857baa6026cd5d0af52d2f0e9ce6d9cbd7156f504f3be7c034b5c4b8e4d903bab38d026c4b08e3647c2f40788818ceb84734414ff6221236d4774471b49a3257c3d7ba4f77442739db3084665bb1a89e0e3d509a409ff3ef97b9bc2a0953c6382f7157fb30ce593b6d93f891844caccb0ebebbeb6f60547be2e60c0127ab314505f9a99b43abddd08afc0143adf8941bdfeb287c3df957268311c366ecc1540dafd430bc6dc82eda92e3684c737038e298d9f582792b91440ec30312f93873c37279b07947e74a8fa7649cf32bbdcad4e6d742a196b027b27291447de54be2a3682b89c1d7d2c37f9b8825c7e72581d17ac3dbc057aecf97a6caef3a97834aef69f349e5aeb4c101ae490388e378c3356967db8a6dd48084a4e69a11f15d73333a9ac78309acf17eeed3c297cfafbceaaa45ec3c21c4af6b517dfefc1a1e3c5986c22de0828a8770b248898939d4dd729e9048bbedbe56dd44f36fae3cfe54f142c21600f3991add6bd1383321f0870e7346e6437cfcfa2edeb7015eb38a91cfe315f83d9c50b3467f28afd0982cecbb654feace809dd4259f3b680079dcf9cc5bdb7314992f1badd4c17bdc7e758ba296a4dfd345a5925e9084d0cb01a7f2efc0fc30c5c49acbf509545bde1365503fe8d72079238ee34f32beb86f538b05240c37afba294a24bbe699045e2cfd8c9df398f204cf36becff75e71f27ecd23dfdee0708a192168ca767700449fb4ada0f983c345c713caece1a361a05b1190225487df75c96fa19592e48dcc253ec3eccea13854168d3853419c3f968cb55850491c173e3a690fdaa59685cff1555e4b367c1c91908942e2d42778628eb33763ee49f16f894ac84c0a74010c9416c92b06b112653cda5a4f9330891d0c25ab3a9b75b2324c5f60775e1e2f8a768242d8042565ee60ae8687bdc499646aca84b093209e6212a7d7af5623a2c3b2227a080aab76b3b48d1fb26691eb853045adba14ee9f0fa2", 0x1000) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x9, 0xd26, 0xfff, 0xffffffff, 0xffff, 0x277, 0x8, 0x8]) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000840)="08167faad857a77ae5ad8d52c4e44d49f89c07b6044dee53301442f0f375c964454b9811be83c70356a0bad91798cbb3ce93544aaaeaaf960f65de560f8f4d98a4495f0d66f34e951ef2d6461df4e453bb58b0c9b5fabf5091a0a3b6e73ea9d1ca0fa5cc5851b963c233fbc370e6f0c85dedd3e2696324c3a94a17b5e79381b3395ea6672b5192238830e9ff14d3fe145412a2c2687356dbc32c8558bcc73f3b539cb3659a8521472ce1cbbb6c099275dc3b1d2fd9b1e41c6a6bc0ccdb72adc8f4cbd534d049a03129a7e82a92cdcd376c685c167aaa068c03eeb07bf9361ffca3e5bd1655fdbfd1f4cd2daac2aad1fd194b569fca55cd768f9fb3ddd3791b0475612b0d27e7370c4e15abf7d300a2af691796d4160304d2b34c62aa90fd447f6339de913ab888080676cf5376730dec16de1519557c9af9c82e96aced667c16c3348a0656bb270886f15145ae7761db3c2d03ac2bf9d905d7a59a9ce6c4e7f082b15b51cc6b8b495fa076cf5dc62bec6f3790bbd71b806b72315536611ca118e94dcae4e9e20102247022647a5539656fd0bbe6858a8e1d9eebfe95d3ac0ca884ae52c867480f5111997047c8981bc70a2bce3ee515020d0dc2be27e9663cbcfa0cabd755c016ae7420420aea259178b1619e66d4519127274d7c8f50b8a46dbc403ebbef6e2d2c4d4acba2b41d8c06bef3cb44b52fa94c05821c23e048fc268502ef6d2afaa21cbb629b1b86efbec99310fcb57f32d1e565624cfaaa8b52a97a9a5a558d28fef2c02690203d62cf890263e10b4ea2b8cbd6e4659d58a4980022dd0080e5d52b27f7c72384ff11263bdb0afc5d3433701ca3b2263ff43e6369f2bcd7db04d374beb264f75e80330edf8d8a675f9ebbbebb5da1906a45272b713708494f3e9f1ed60b2c0a6dcf2dcf70ab3e9874cf9878106802c732f3c8eddeaecede22dad41fad0f75321b89b7ffc700357808c22798a1f1b44f5886716ae5d7b0f8268f9f78c54108862f0ed92e99aacdef153a7984c0f88bd62a9e6cd8cbd658c8cab866751958114d90624eccf9805e02a72f464af059d2a3876af358dfa3725965cad676d52ed13d892d73bdd862a232c81e0e170d887b2f768e34b8b2946845ccfe2064fa8c4e8ddfc877c2bf11d6b1d50093b402e070a28a565c5e736fbf7a36090d73ad99038f274829a1b14b787dcad6b34cbac6aba5f6fd1a159b9c071824446b3fbf324fa9fa3f96edcd818890eede08a5270b140f885bc5b371196b1ca21827c3c5322df507de521342504c229ecbd998e605a2d9f8d34c4493a53645ee30f6a1fe02ba4876a954a32a0bb17b091cb3d9f652a91119e070a782795b8644734e71f8416884ac1fb15dda1d686bcf420f0beaf6963fe84bb0f218e774b2d8f73b7ca8301bf0517fd8d1479b923f4e554683130556a6203d6ef651a7d3276af03e975b89c91a6b2085bb620b72b13e7bcce38498edf927ef692fb8e50d79888835bd8b2dcb86199b1fad6a1333cf191e8f488b4809dddd976de57eff5092a1432dc0024cac1257a7e3631d663b042f66b25a792fb5277070455026b43ae6a8c578d0071d61c62ce6bce4a9ab99bc98571650a4217e4a548592406868dbde1d16ddfa654e9c354dea2a4fb6d5fa776a44d1f299a997ca4dab7652362050cd0874f60090ae2826d80afa87209da1937a21a11345b128f93db40dbe95e6e28c7fdc90728c5b4a07924cee50340ce1bb24ff3209cf99d2d2cad34a2395e366b7aa6e60e6161701040f161b209d577fe98171704ce5abf84ee4196db6801679b5192374f39388387230d83d36f7861fdbea9288e08810d921a0dd8a6b9313039940def492248d1f1c07011e03d986d423b4020cf5b61704f5248674eb84c2dcfd888094a9a09c959a402b646666dd02f7c1e78e1e19d5ef347c4b00c30690bfa1ce06dc88894a6d3e54e32e1eb2c9e70305b7dd8558834cd854609e6f7812f166bbb8bb10ddf3af5e12cc4852513e1ab1dfb1cbe0dbd5f1268caa499dbe7650318078b87e8b9d38bf13764d289eae9e1aa3bbc0b1c63b531f24f31f952427b5c6d7e6616045955b2339d3a2db3f1e76d16b8782b87da06bd26357006069a02883d44bc3f73bfc8fdab11ce78d73e1050483830747ebb8f0fad85b5aaec5d39d6e1978126f4e9ff46ef738bd97c1319283d1ccfd6a463c9a5152a17fbfaf530c644f38038121f0948640513b6588fb7ed2db50e9df89bbcc0768b7f337eb4e38ac1bf07eb526d2075575fc57bc8616022a53ce03a7aff743b6d7af22b50e39046de7007fe9a8e3ef5b54020762ce7841fe1c9be961207743952ebe12e603c043708c3a7568b324096673740d0982abe20a844b004758e7d08cf580b2c651a1d1bbf50c72cd2d87e848cd6f0d6704fa7a809733d231ae41c4a93058c774dcd89546e01b8bc7ce28027f05e0d7c941bde44d1ded370682c4dfb0a8cc130b431bfd94e74982e70719d6b8bd8da7b636641793c8a53e5da1d3c7dc85276f1daec4ae0e787a8497f514dfc804d2e37a4b67661890bb8b58207799312305f7527ea4be1160613f89c690442c9e41f2b4cc900e30648241d31bf4c35f5a8b75d048efb328413c3600f68abfdc1d83d7918f6b37ba1d8b3d63611e20eb6fe2b3d8d300cb1b4dc7c29730e86a748f14e51a3b2e15eeff70e008f981058f39df6e9a76d11182dd102e0eee40934a974cc2ec6cd7e3f872992f2b80b71a2eece85f92cc5fa96a8a19f5a1e4ee8111b85ae618a4549992a3832b8ca21dbc6593ce3214f7c49b498674bb5c7b1b80188c5e76793dc4dc9afdbda1e44a1b0056e0a44f4fdb32239f05d8fe14f93122f27cf11e654a5ecddc46b22a5dbcf8406262072b652d8695980b8023c9fada93da53d3500dcc4cdf52c9392b4bd3493304bb246707a2002d3efef11cd0ed7c9bd205c6e03771f4752a98e21abd293163a8849fa25b54f514e37c287a7dcfaace747c4119e9b24ef336ac488322b9e685983778319d652cd9513230fa8b03568d18242c79740a65849de84a3209d4ca3abc160ed4956d4892642703f102f98e0846e17544f695f4a4edd2c6f0b7cabb48fc028a83ad3ba584fee8f14e56fe880d8f2a44a5e6a9ce8afc398ec0a49927a558c0db0ff452a9c18193226cd36f927910679a30018c38c3b7e570d5dcd3bfb1aed69f447939813468d473265408548174cbeeaed2fbbe3da8eb061f57fbcabe18722fb76f061b19c2e9b97f58e5a5400ed16f6e3060a7062ccbdeb2d10abf83c3321a472ce66192bf6d5500fa73d5c839e492eda9c4864e4a2c36f89e95cc2c449f19d124536e895c741ac921d600e921362b56d8bf6b88dc88ba851b509786549ceb5fc7ad615c6cb031e0793699ae896a1bf27d04cc456a0dbe881a039c88b01e1c7ff719c876e4ff28d4f89a18f7d8fe08c3a0257c79f7e768d60cf6bded62d257468de5491de52909c6e6428997667fda1c1318725fa28a2555b0741f737d71dd1c78e774ead8c3fc25f18d039c346da5f54b236798c0f1742b66557521b3f0d535a7d29ebba0c8137ec31c670a48fa988cb0511d79a601049ea60b22826d5c2b807a32a428c7c1e0a803467ddb767258485cc49faebd4514452275a10ad4dc048465f5fbf18ca0863b2ded8ad70f21a99485f1c2fb907d0e394b16732ca9de34e2c9dbe82654232b4bf1d0b7bea935bd7e1b83204ad00f9e78861917624c286191835e5404945dab8480f6e371da27ecf92b138db326a5dc7cb3c26a9d6aadd222957e320b445c298f75969f6f8d77ff54f0ec8ff30fc619e5fe29fec17b78a0631795395ff51f61e5a6b6c4316aa4eb40f8dcd97fca2eac2b80ccc722cfdeb1778140f2c491d284b15807013798a9eb5226de6b12d323f605f9bcc7c0b243413a6393b6cbbfc3e37624f55ebb032835cccb9b778b8d67b8ca487f64630cd37e46c755d61c6297505a9d2e19b2acb202112948bca162568285412bebd69b51814d9a05852041dfb2e8b5b4efb2726f0d05109eb8b2d6fd75630eed9e39aeae6623ce06252bd003a362429f97e8f7978c07dd871890115a428246bb8ecf30d8ed2d84369ce333898ef65e2b5a2533bb9692f12b6581cf730f7d8e4079a7a4f56e19e08da64c217ba6d6f0888ba382fc9a7be71bcc7c377a54c82442c3e30ea64824a75f76ec672a903abcfe131ff7a6ce7823831e16e8b0a57d363d3d19ce5603b2ee5a38462ffb0f2662197b508cead12e7c4e855dd1505b9fb5f58fb256b429e36cef554f11fbf7ee9f12b39fbebb06e260df0cadb32799f06de1e3c08d5a6ec2b214b95db5972e9f0dd216cae2e6ef925f39b578a688ec00cfbca296238ace7bf89e3394645e7b731244c71f434047cd70019d4612b60b183e2ad6a2a248a4b4d8af59597bea7b397f76f7e734473a1675ec80cc2cd5a2496e652205452218063981b0e052f20345c9c4960541892049f124e5592848ceb16cff362e01383ffc87ec1cf22156ae3d6a191789c94e89f40aa38937c930b5f2ed63b53482b7de6456d04220a063c54598db006c18cb2564a7c8a947fb05a31753d3605f48593751d77887b374933426731aaf1840bb4f2fc67b0d5feb0c78c3e8ccb6e5fd5e0d66adae59cab9fadfd03654641c2955091ad0fbe264162ae0f5189dd32e175e1f1e789a3f02cd140d40a732134d65789a679e8c93838c62c3ae6cd4f4e6a9945e71d251fe474b2b3a4508d0f43a400fddf55964b006b75b637530d9057a62857baa6026cd5d0af52d2f0e9ce6d9cbd7156f504f3be7c034b5c4b8e4d903bab38d026c4b08e3647c2f40788818ceb84734414ff6221236d4774471b49a3257c3d7ba4f77442739db3084665bb1a89e0e3d509a409ff3ef97b9bc2a0953c6382f7157fb30ce593b6d93f891844caccb0ebebbeb6f60547be2e60c0127ab314505f9a99b43abddd08afc0143adf8941bdfeb287c3df957268311c366ecc1540dafd430bc6dc82eda92e3684c737038e298d9f582792b91440ec30312f93873c37279b07947e74a8fa7649cf32bbdcad4e6d742a196b027b27291447de54be2a3682b89c1d7d2c37f9b8825c7e72581d17ac3dbc057aecf97a6caef3a97834aef69f349e5aeb4c101ae490388e378c3356967db8a6dd48084a4e69a11f15d73333a9ac78309acf17eeed3c297cfafbceaaa45ec3c21c4af6b517dfefc1a1e3c5986c22de0828a8770b248898939d4dd729e9048bbedbe56dd44f36fae3cfe54f142c21600f3991add6bd1383321f0870e7346e6437cfcfa2edeb7015eb38a91cfe315f83d9c50b3467f28afd0982cecbb654feace809dd4259f3b680079dcf9cc5bdb7314992f1badd4c17bdc7e758ba296a4dfd345a5925e9084d0cb01a7f2efc0fc30c5c49acbf509545bde1365503fe8d72079238ee34f32beb86f538b05240c37afba294a24bbe699045e2cfd8c9df398f204cf36becff75e71f27ecd23dfdee0708a192168ca767700449fb4ada0f983c345c713caece1a361a05b1190225487df75c96fa19592e48dcc253ec3eccea13854168d3853419c3f968cb55850491c173e3a690fdaa59685cff1555e4b367c1c91908942e2d42778628eb33763ee49f16f894ac84c0a74010c9416c92b06b112653cda5a4f9330891d0c25ab3a9b75b2324c5f60775e1e2f8a768242d8042565ee60ae8687bdc499646aca84b093209e6212a7d7af5623a2c3b2227a080aab76b3b48d1fb26691eb853045adba14ee9f0fa2", 0x1000) (async) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) (async) 23:51:07 executing program 1: r0 = eventfd2(0x0, 0x80801) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:07 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="c1c8ff263b1f5086f55f07e3bd8eef6a2c286499db1ffa2289f3554521cdc6cba67275e3065cb5e635f89274873cf4291477579e5ac4a5c78ad5fa5e7625f746562f1b941d6a9cee646c73fd8409086046634f29da76", &(0x7f0000000080)=@tcp=r1, 0x1}, 0x20) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x9, 0xd26, 0xfff, 0xffffffff, 0xffff, 0x277, 0x8, 0x8]) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000840)="08167faad857a77ae5ad8d52c4e44d49f89c07b6044dee53301442f0f375c964454b9811be83c70356a0bad91798cbb3ce93544aaaeaaf960f65de560f8f4d98a4495f0d66f34e951ef2d6461df4e453bb58b0c9b5fabf5091a0a3b6e73ea9d1ca0fa5cc5851b963c233fbc370e6f0c85dedd3e2696324c3a94a17b5e79381b3395ea6672b5192238830e9ff14d3fe145412a2c2687356dbc32c8558bcc73f3b539cb3659a8521472ce1cbbb6c099275dc3b1d2fd9b1e41c6a6bc0ccdb72adc8f4cbd534d049a03129a7e82a92cdcd376c685c167aaa068c03eeb07bf9361ffca3e5bd1655fdbfd1f4cd2daac2aad1fd194b569fca55cd768f9fb3ddd3791b0475612b0d27e7370c4e15abf7d300a2af691796d4160304d2b34c62aa90fd447f6339de913ab888080676cf5376730dec16de1519557c9af9c82e96aced667c16c3348a0656bb270886f15145ae7761db3c2d03ac2bf9d905d7a59a9ce6c4e7f082b15b51cc6b8b495fa076cf5dc62bec6f3790bbd71b806b72315536611ca118e94dcae4e9e20102247022647a5539656fd0bbe6858a8e1d9eebfe95d3ac0ca884ae52c867480f5111997047c8981bc70a2bce3ee515020d0dc2be27e9663cbcfa0cabd755c016ae7420420aea259178b1619e66d4519127274d7c8f50b8a46dbc403ebbef6e2d2c4d4acba2b41d8c06bef3cb44b52fa94c05821c23e048fc268502ef6d2afaa21cbb629b1b86efbec99310fcb57f32d1e565624cfaaa8b52a97a9a5a558d28fef2c02690203d62cf890263e10b4ea2b8cbd6e4659d58a4980022dd0080e5d52b27f7c72384ff11263bdb0afc5d3433701ca3b2263ff43e6369f2bcd7db04d374beb264f75e80330edf8d8a675f9ebbbebb5da1906a45272b713708494f3e9f1ed60b2c0a6dcf2dcf70ab3e9874cf9878106802c732f3c8eddeaecede22dad41fad0f75321b89b7ffc700357808c22798a1f1b44f5886716ae5d7b0f8268f9f78c54108862f0ed92e99aacdef153a7984c0f88bd62a9e6cd8cbd658c8cab866751958114d90624eccf9805e02a72f464af059d2a3876af358dfa3725965cad676d52ed13d892d73bdd862a232c81e0e170d887b2f768e34b8b2946845ccfe2064fa8c4e8ddfc877c2bf11d6b1d50093b402e070a28a565c5e736fbf7a36090d73ad99038f274829a1b14b787dcad6b34cbac6aba5f6fd1a159b9c071824446b3fbf324fa9fa3f96edcd818890eede08a5270b140f885bc5b371196b1ca21827c3c5322df507de521342504c229ecbd998e605a2d9f8d34c4493a53645ee30f6a1fe02ba4876a954a32a0bb17b091cb3d9f652a91119e070a782795b8644734e71f8416884ac1fb15dda1d686bcf420f0beaf6963fe84bb0f218e774b2d8f73b7ca8301bf0517fd8d1479b923f4e554683130556a6203d6ef651a7d3276af03e975b89c91a6b2085bb620b72b13e7bcce38498edf927ef692fb8e50d79888835bd8b2dcb86199b1fad6a1333cf191e8f488b4809dddd976de57eff5092a1432dc0024cac1257a7e3631d663b042f66b25a792fb5277070455026b43ae6a8c578d0071d61c62ce6bce4a9ab99bc98571650a4217e4a548592406868dbde1d16ddfa654e9c354dea2a4fb6d5fa776a44d1f299a997ca4dab7652362050cd0874f60090ae2826d80afa87209da1937a21a11345b128f93db40dbe95e6e28c7fdc90728c5b4a07924cee50340ce1bb24ff3209cf99d2d2cad34a2395e366b7aa6e60e6161701040f161b209d577fe98171704ce5abf84ee4196db6801679b5192374f39388387230d83d36f7861fdbea9288e08810d921a0dd8a6b9313039940def492248d1f1c07011e03d986d423b4020cf5b61704f5248674eb84c2dcfd888094a9a09c959a402b646666dd02f7c1e78e1e19d5ef347c4b00c30690bfa1ce06dc88894a6d3e54e32e1eb2c9e70305b7dd8558834cd854609e6f7812f166bbb8bb10ddf3af5e12cc4852513e1ab1dfb1cbe0dbd5f1268caa499dbe7650318078b87e8b9d38bf13764d289eae9e1aa3bbc0b1c63b531f24f31f952427b5c6d7e6616045955b2339d3a2db3f1e76d16b8782b87da06bd26357006069a02883d44bc3f73bfc8fdab11ce78d73e1050483830747ebb8f0fad85b5aaec5d39d6e1978126f4e9ff46ef738bd97c1319283d1ccfd6a463c9a5152a17fbfaf530c644f38038121f0948640513b6588fb7ed2db50e9df89bbcc0768b7f337eb4e38ac1bf07eb526d2075575fc57bc8616022a53ce03a7aff743b6d7af22b50e39046de7007fe9a8e3ef5b54020762ce7841fe1c9be961207743952ebe12e603c043708c3a7568b324096673740d0982abe20a844b004758e7d08cf580b2c651a1d1bbf50c72cd2d87e848cd6f0d6704fa7a809733d231ae41c4a93058c774dcd89546e01b8bc7ce28027f05e0d7c941bde44d1ded370682c4dfb0a8cc130b431bfd94e74982e70719d6b8bd8da7b636641793c8a53e5da1d3c7dc85276f1daec4ae0e787a8497f514dfc804d2e37a4b67661890bb8b58207799312305f7527ea4be1160613f89c690442c9e41f2b4cc900e30648241d31bf4c35f5a8b75d048efb328413c3600f68abfdc1d83d7918f6b37ba1d8b3d63611e20eb6fe2b3d8d300cb1b4dc7c29730e86a748f14e51a3b2e15eeff70e008f981058f39df6e9a76d11182dd102e0eee40934a974cc2ec6cd7e3f872992f2b80b71a2eece85f92cc5fa96a8a19f5a1e4ee8111b85ae618a4549992a3832b8ca21dbc6593ce3214f7c49b498674bb5c7b1b80188c5e76793dc4dc9afdbda1e44a1b0056e0a44f4fdb32239f05d8fe14f93122f27cf11e654a5ecddc46b22a5dbcf8406262072b652d8695980b8023c9fada93da53d3500dcc4cdf52c9392b4bd3493304bb246707a2002d3efef11cd0ed7c9bd205c6e03771f4752a98e21abd293163a8849fa25b54f514e37c287a7dcfaace747c4119e9b24ef336ac488322b9e685983778319d652cd9513230fa8b03568d18242c79740a65849de84a3209d4ca3abc160ed4956d4892642703f102f98e0846e17544f695f4a4edd2c6f0b7cabb48fc028a83ad3ba584fee8f14e56fe880d8f2a44a5e6a9ce8afc398ec0a49927a558c0db0ff452a9c18193226cd36f927910679a30018c38c3b7e570d5dcd3bfb1aed69f447939813468d473265408548174cbeeaed2fbbe3da8eb061f57fbcabe18722fb76f061b19c2e9b97f58e5a5400ed16f6e3060a7062ccbdeb2d10abf83c3321a472ce66192bf6d5500fa73d5c839e492eda9c4864e4a2c36f89e95cc2c449f19d124536e895c741ac921d600e921362b56d8bf6b88dc88ba851b509786549ceb5fc7ad615c6cb031e0793699ae896a1bf27d04cc456a0dbe881a039c88b01e1c7ff719c876e4ff28d4f89a18f7d8fe08c3a0257c79f7e768d60cf6bded62d257468de5491de52909c6e6428997667fda1c1318725fa28a2555b0741f737d71dd1c78e774ead8c3fc25f18d039c346da5f54b236798c0f1742b66557521b3f0d535a7d29ebba0c8137ec31c670a48fa988cb0511d79a601049ea60b22826d5c2b807a32a428c7c1e0a803467ddb767258485cc49faebd4514452275a10ad4dc048465f5fbf18ca0863b2ded8ad70f21a99485f1c2fb907d0e394b16732ca9de34e2c9dbe82654232b4bf1d0b7bea935bd7e1b83204ad00f9e78861917624c286191835e5404945dab8480f6e371da27ecf92b138db326a5dc7cb3c26a9d6aadd222957e320b445c298f75969f6f8d77ff54f0ec8ff30fc619e5fe29fec17b78a0631795395ff51f61e5a6b6c4316aa4eb40f8dcd97fca2eac2b80ccc722cfdeb1778140f2c491d284b15807013798a9eb5226de6b12d323f605f9bcc7c0b243413a6393b6cbbfc3e37624f55ebb032835cccb9b778b8d67b8ca487f64630cd37e46c755d61c6297505a9d2e19b2acb202112948bca162568285412bebd69b51814d9a05852041dfb2e8b5b4efb2726f0d05109eb8b2d6fd75630eed9e39aeae6623ce06252bd003a362429f97e8f7978c07dd871890115a428246bb8ecf30d8ed2d84369ce333898ef65e2b5a2533bb9692f12b6581cf730f7d8e4079a7a4f56e19e08da64c217ba6d6f0888ba382fc9a7be71bcc7c377a54c82442c3e30ea64824a75f76ec672a903abcfe131ff7a6ce7823831e16e8b0a57d363d3d19ce5603b2ee5a38462ffb0f2662197b508cead12e7c4e855dd1505b9fb5f58fb256b429e36cef554f11fbf7ee9f12b39fbebb06e260df0cadb32799f06de1e3c08d5a6ec2b214b95db5972e9f0dd216cae2e6ef925f39b578a688ec00cfbca296238ace7bf89e3394645e7b731244c71f434047cd70019d4612b60b183e2ad6a2a248a4b4d8af59597bea7b397f76f7e734473a1675ec80cc2cd5a2496e652205452218063981b0e052f20345c9c4960541892049f124e5592848ceb16cff362e01383ffc87ec1cf22156ae3d6a191789c94e89f40aa38937c930b5f2ed63b53482b7de6456d04220a063c54598db006c18cb2564a7c8a947fb05a31753d3605f48593751d77887b374933426731aaf1840bb4f2fc67b0d5feb0c78c3e8ccb6e5fd5e0d66adae59cab9fadfd03654641c2955091ad0fbe264162ae0f5189dd32e175e1f1e789a3f02cd140d40a732134d65789a679e8c93838c62c3ae6cd4f4e6a9945e71d251fe474b2b3a4508d0f43a400fddf55964b006b75b637530d9057a62857baa6026cd5d0af52d2f0e9ce6d9cbd7156f504f3be7c034b5c4b8e4d903bab38d026c4b08e3647c2f40788818ceb84734414ff6221236d4774471b49a3257c3d7ba4f77442739db3084665bb1a89e0e3d509a409ff3ef97b9bc2a0953c6382f7157fb30ce593b6d93f891844caccb0ebebbeb6f60547be2e60c0127ab314505f9a99b43abddd08afc0143adf8941bdfeb287c3df957268311c366ecc1540dafd430bc6dc82eda92e3684c737038e298d9f582792b91440ec30312f93873c37279b07947e74a8fa7649cf32bbdcad4e6d742a196b027b27291447de54be2a3682b89c1d7d2c37f9b8825c7e72581d17ac3dbc057aecf97a6caef3a97834aef69f349e5aeb4c101ae490388e378c3356967db8a6dd48084a4e69a11f15d73333a9ac78309acf17eeed3c297cfafbceaaa45ec3c21c4af6b517dfefc1a1e3c5986c22de0828a8770b248898939d4dd729e9048bbedbe56dd44f36fae3cfe54f142c21600f3991add6bd1383321f0870e7346e6437cfcfa2edeb7015eb38a91cfe315f83d9c50b3467f28afd0982cecbb654feace809dd4259f3b680079dcf9cc5bdb7314992f1badd4c17bdc7e758ba296a4dfd345a5925e9084d0cb01a7f2efc0fc30c5c49acbf509545bde1365503fe8d72079238ee34f32beb86f538b05240c37afba294a24bbe699045e2cfd8c9df398f204cf36becff75e71f27ecd23dfdee0708a192168ca767700449fb4ada0f983c345c713caece1a361a05b1190225487df75c96fa19592e48dcc253ec3eccea13854168d3853419c3f968cb55850491c173e3a690fdaa59685cff1555e4b367c1c91908942e2d42778628eb33763ee49f16f894ac84c0a74010c9416c92b06b112653cda5a4f9330891d0c25ab3a9b75b2324c5f60775e1e2f8a768242d8042565ee60ae8687bdc499646aca84b093209e6212a7d7af5623a2c3b2227a080aab76b3b48d1fb26691eb853045adba14ee9f0fa2", 0x1000) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x9, 0xd26, 0xfff, 0xffffffff, 0xffff, 0x277, 0x8, 0x8]) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) setsockopt$inet6_dccp_buf(r1, 0x21, 0x80, &(0x7f0000000840)="08167faad857a77ae5ad8d52c4e44d49f89c07b6044dee53301442f0f375c964454b9811be83c70356a0bad91798cbb3ce93544aaaeaaf960f65de560f8f4d98a4495f0d66f34e951ef2d6461df4e453bb58b0c9b5fabf5091a0a3b6e73ea9d1ca0fa5cc5851b963c233fbc370e6f0c85dedd3e2696324c3a94a17b5e79381b3395ea6672b5192238830e9ff14d3fe145412a2c2687356dbc32c8558bcc73f3b539cb3659a8521472ce1cbbb6c099275dc3b1d2fd9b1e41c6a6bc0ccdb72adc8f4cbd534d049a03129a7e82a92cdcd376c685c167aaa068c03eeb07bf9361ffca3e5bd1655fdbfd1f4cd2daac2aad1fd194b569fca55cd768f9fb3ddd3791b0475612b0d27e7370c4e15abf7d300a2af691796d4160304d2b34c62aa90fd447f6339de913ab888080676cf5376730dec16de1519557c9af9c82e96aced667c16c3348a0656bb270886f15145ae7761db3c2d03ac2bf9d905d7a59a9ce6c4e7f082b15b51cc6b8b495fa076cf5dc62bec6f3790bbd71b806b72315536611ca118e94dcae4e9e20102247022647a5539656fd0bbe6858a8e1d9eebfe95d3ac0ca884ae52c867480f5111997047c8981bc70a2bce3ee515020d0dc2be27e9663cbcfa0cabd755c016ae7420420aea259178b1619e66d4519127274d7c8f50b8a46dbc403ebbef6e2d2c4d4acba2b41d8c06bef3cb44b52fa94c05821c23e048fc268502ef6d2afaa21cbb629b1b86efbec99310fcb57f32d1e565624cfaaa8b52a97a9a5a558d28fef2c02690203d62cf890263e10b4ea2b8cbd6e4659d58a4980022dd0080e5d52b27f7c72384ff11263bdb0afc5d3433701ca3b2263ff43e6369f2bcd7db04d374beb264f75e80330edf8d8a675f9ebbbebb5da1906a45272b713708494f3e9f1ed60b2c0a6dcf2dcf70ab3e9874cf9878106802c732f3c8eddeaecede22dad41fad0f75321b89b7ffc700357808c22798a1f1b44f5886716ae5d7b0f8268f9f78c54108862f0ed92e99aacdef153a7984c0f88bd62a9e6cd8cbd658c8cab866751958114d90624eccf9805e02a72f464af059d2a3876af358dfa3725965cad676d52ed13d892d73bdd862a232c81e0e170d887b2f768e34b8b2946845ccfe2064fa8c4e8ddfc877c2bf11d6b1d50093b402e070a28a565c5e736fbf7a36090d73ad99038f274829a1b14b787dcad6b34cbac6aba5f6fd1a159b9c071824446b3fbf324fa9fa3f96edcd818890eede08a5270b140f885bc5b371196b1ca21827c3c5322df507de521342504c229ecbd998e605a2d9f8d34c4493a53645ee30f6a1fe02ba4876a954a32a0bb17b091cb3d9f652a91119e070a782795b8644734e71f8416884ac1fb15dda1d686bcf420f0beaf6963fe84bb0f218e774b2d8f73b7ca8301bf0517fd8d1479b923f4e554683130556a6203d6ef651a7d3276af03e975b89c91a6b2085bb620b72b13e7bcce38498edf927ef692fb8e50d79888835bd8b2dcb86199b1fad6a1333cf191e8f488b4809dddd976de57eff5092a1432dc0024cac1257a7e3631d663b042f66b25a792fb5277070455026b43ae6a8c578d0071d61c62ce6bce4a9ab99bc98571650a4217e4a548592406868dbde1d16ddfa654e9c354dea2a4fb6d5fa776a44d1f299a997ca4dab7652362050cd0874f60090ae2826d80afa87209da1937a21a11345b128f93db40dbe95e6e28c7fdc90728c5b4a07924cee50340ce1bb24ff3209cf99d2d2cad34a2395e366b7aa6e60e6161701040f161b209d577fe98171704ce5abf84ee4196db6801679b5192374f39388387230d83d36f7861fdbea9288e08810d921a0dd8a6b9313039940def492248d1f1c07011e03d986d423b4020cf5b61704f5248674eb84c2dcfd888094a9a09c959a402b646666dd02f7c1e78e1e19d5ef347c4b00c30690bfa1ce06dc88894a6d3e54e32e1eb2c9e70305b7dd8558834cd854609e6f7812f166bbb8bb10ddf3af5e12cc4852513e1ab1dfb1cbe0dbd5f1268caa499dbe7650318078b87e8b9d38bf13764d289eae9e1aa3bbc0b1c63b531f24f31f952427b5c6d7e6616045955b2339d3a2db3f1e76d16b8782b87da06bd26357006069a02883d44bc3f73bfc8fdab11ce78d73e1050483830747ebb8f0fad85b5aaec5d39d6e1978126f4e9ff46ef738bd97c1319283d1ccfd6a463c9a5152a17fbfaf530c644f38038121f0948640513b6588fb7ed2db50e9df89bbcc0768b7f337eb4e38ac1bf07eb526d2075575fc57bc8616022a53ce03a7aff743b6d7af22b50e39046de7007fe9a8e3ef5b54020762ce7841fe1c9be961207743952ebe12e603c043708c3a7568b324096673740d0982abe20a844b004758e7d08cf580b2c651a1d1bbf50c72cd2d87e848cd6f0d6704fa7a809733d231ae41c4a93058c774dcd89546e01b8bc7ce28027f05e0d7c941bde44d1ded370682c4dfb0a8cc130b431bfd94e74982e70719d6b8bd8da7b636641793c8a53e5da1d3c7dc85276f1daec4ae0e787a8497f514dfc804d2e37a4b67661890bb8b58207799312305f7527ea4be1160613f89c690442c9e41f2b4cc900e30648241d31bf4c35f5a8b75d048efb328413c3600f68abfdc1d83d7918f6b37ba1d8b3d63611e20eb6fe2b3d8d300cb1b4dc7c29730e86a748f14e51a3b2e15eeff70e008f981058f39df6e9a76d11182dd102e0eee40934a974cc2ec6cd7e3f872992f2b80b71a2eece85f92cc5fa96a8a19f5a1e4ee8111b85ae618a4549992a3832b8ca21dbc6593ce3214f7c49b498674bb5c7b1b80188c5e76793dc4dc9afdbda1e44a1b0056e0a44f4fdb32239f05d8fe14f93122f27cf11e654a5ecddc46b22a5dbcf8406262072b652d8695980b8023c9fada93da53d3500dcc4cdf52c9392b4bd3493304bb246707a2002d3efef11cd0ed7c9bd205c6e03771f4752a98e21abd293163a8849fa25b54f514e37c287a7dcfaace747c4119e9b24ef336ac488322b9e685983778319d652cd9513230fa8b03568d18242c79740a65849de84a3209d4ca3abc160ed4956d4892642703f102f98e0846e17544f695f4a4edd2c6f0b7cabb48fc028a83ad3ba584fee8f14e56fe880d8f2a44a5e6a9ce8afc398ec0a49927a558c0db0ff452a9c18193226cd36f927910679a30018c38c3b7e570d5dcd3bfb1aed69f447939813468d473265408548174cbeeaed2fbbe3da8eb061f57fbcabe18722fb76f061b19c2e9b97f58e5a5400ed16f6e3060a7062ccbdeb2d10abf83c3321a472ce66192bf6d5500fa73d5c839e492eda9c4864e4a2c36f89e95cc2c449f19d124536e895c741ac921d600e921362b56d8bf6b88dc88ba851b509786549ceb5fc7ad615c6cb031e0793699ae896a1bf27d04cc456a0dbe881a039c88b01e1c7ff719c876e4ff28d4f89a18f7d8fe08c3a0257c79f7e768d60cf6bded62d257468de5491de52909c6e6428997667fda1c1318725fa28a2555b0741f737d71dd1c78e774ead8c3fc25f18d039c346da5f54b236798c0f1742b66557521b3f0d535a7d29ebba0c8137ec31c670a48fa988cb0511d79a601049ea60b22826d5c2b807a32a428c7c1e0a803467ddb767258485cc49faebd4514452275a10ad4dc048465f5fbf18ca0863b2ded8ad70f21a99485f1c2fb907d0e394b16732ca9de34e2c9dbe82654232b4bf1d0b7bea935bd7e1b83204ad00f9e78861917624c286191835e5404945dab8480f6e371da27ecf92b138db326a5dc7cb3c26a9d6aadd222957e320b445c298f75969f6f8d77ff54f0ec8ff30fc619e5fe29fec17b78a0631795395ff51f61e5a6b6c4316aa4eb40f8dcd97fca2eac2b80ccc722cfdeb1778140f2c491d284b15807013798a9eb5226de6b12d323f605f9bcc7c0b243413a6393b6cbbfc3e37624f55ebb032835cccb9b778b8d67b8ca487f64630cd37e46c755d61c6297505a9d2e19b2acb202112948bca162568285412bebd69b51814d9a05852041dfb2e8b5b4efb2726f0d05109eb8b2d6fd75630eed9e39aeae6623ce06252bd003a362429f97e8f7978c07dd871890115a428246bb8ecf30d8ed2d84369ce333898ef65e2b5a2533bb9692f12b6581cf730f7d8e4079a7a4f56e19e08da64c217ba6d6f0888ba382fc9a7be71bcc7c377a54c82442c3e30ea64824a75f76ec672a903abcfe131ff7a6ce7823831e16e8b0a57d363d3d19ce5603b2ee5a38462ffb0f2662197b508cead12e7c4e855dd1505b9fb5f58fb256b429e36cef554f11fbf7ee9f12b39fbebb06e260df0cadb32799f06de1e3c08d5a6ec2b214b95db5972e9f0dd216cae2e6ef925f39b578a688ec00cfbca296238ace7bf89e3394645e7b731244c71f434047cd70019d4612b60b183e2ad6a2a248a4b4d8af59597bea7b397f76f7e734473a1675ec80cc2cd5a2496e652205452218063981b0e052f20345c9c4960541892049f124e5592848ceb16cff362e01383ffc87ec1cf22156ae3d6a191789c94e89f40aa38937c930b5f2ed63b53482b7de6456d04220a063c54598db006c18cb2564a7c8a947fb05a31753d3605f48593751d77887b374933426731aaf1840bb4f2fc67b0d5feb0c78c3e8ccb6e5fd5e0d66adae59cab9fadfd03654641c2955091ad0fbe264162ae0f5189dd32e175e1f1e789a3f02cd140d40a732134d65789a679e8c93838c62c3ae6cd4f4e6a9945e71d251fe474b2b3a4508d0f43a400fddf55964b006b75b637530d9057a62857baa6026cd5d0af52d2f0e9ce6d9cbd7156f504f3be7c034b5c4b8e4d903bab38d026c4b08e3647c2f40788818ceb84734414ff6221236d4774471b49a3257c3d7ba4f77442739db3084665bb1a89e0e3d509a409ff3ef97b9bc2a0953c6382f7157fb30ce593b6d93f891844caccb0ebebbeb6f60547be2e60c0127ab314505f9a99b43abddd08afc0143adf8941bdfeb287c3df957268311c366ecc1540dafd430bc6dc82eda92e3684c737038e298d9f582792b91440ec30312f93873c37279b07947e74a8fa7649cf32bbdcad4e6d742a196b027b27291447de54be2a3682b89c1d7d2c37f9b8825c7e72581d17ac3dbc057aecf97a6caef3a97834aef69f349e5aeb4c101ae490388e378c3356967db8a6dd48084a4e69a11f15d73333a9ac78309acf17eeed3c297cfafbceaaa45ec3c21c4af6b517dfefc1a1e3c5986c22de0828a8770b248898939d4dd729e9048bbedbe56dd44f36fae3cfe54f142c21600f3991add6bd1383321f0870e7346e6437cfcfa2edeb7015eb38a91cfe315f83d9c50b3467f28afd0982cecbb654feace809dd4259f3b680079dcf9cc5bdb7314992f1badd4c17bdc7e758ba296a4dfd345a5925e9084d0cb01a7f2efc0fc30c5c49acbf509545bde1365503fe8d72079238ee34f32beb86f538b05240c37afba294a24bbe699045e2cfd8c9df398f204cf36becff75e71f27ecd23dfdee0708a192168ca767700449fb4ada0f983c345c713caece1a361a05b1190225487df75c96fa19592e48dcc253ec3eccea13854168d3853419c3f968cb55850491c173e3a690fdaa59685cff1555e4b367c1c91908942e2d42778628eb33763ee49f16f894ac84c0a74010c9416c92b06b112653cda5a4f9330891d0c25ab3a9b75b2324c5f60775e1e2f8a768242d8042565ee60ae8687bdc499646aca84b093209e6212a7d7af5623a2c3b2227a080aab76b3b48d1fb26691eb853045adba14ee9f0fa2", 0x1000) (async) setsockopt$MRT_DONE(r1, 0x0, 0xc9, 0x0, 0x0) (async) 23:51:07 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:07 executing program 1: read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:07 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:07 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f00000000c0)=""/4096, &(0x7f0000000000)=0x1000) [ 1844.998035] FAULT_INJECTION: forcing a failure. [ 1844.998035] name failslab, interval 1, probability 0, space 0, times 0 [ 1845.016134] CPU: 0 PID: 4793 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1845.023953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1845.033392] Call Trace: [ 1845.035981] dump_stack+0x1b2/0x281 [ 1845.039586] should_fail.cold+0x10a/0x149 [ 1845.043725] should_failslab+0xd6/0x130 [ 1845.047774] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1845.052425] loop_add+0x83/0x830 [ 1845.055775] ? loop_queue_rq+0x280/0x280 [ 1845.059819] ? loop_queue_work+0x21e0/0x21e0 [ 1845.064218] loop_control_ioctl+0x11a/0x3f0 [ 1845.068527] ? loop_lookup+0x190/0x190 [ 1845.072398] ? SyS_write+0x1b7/0x210 [ 1845.076091] ? loop_lookup+0x190/0x190 [ 1845.079959] do_vfs_ioctl+0x75a/0xff0 [ 1845.083748] ? lock_acquire+0x170/0x3f0 [ 1845.087708] ? ioctl_preallocate+0x1a0/0x1a0 [ 1845.092096] ? __fget+0x265/0x3e0 [ 1845.095540] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.099508] ? security_file_ioctl+0x83/0xb0 [ 1845.103902] SyS_ioctl+0x7f/0xb0 [ 1845.107276] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.111239] do_syscall_64+0x1d5/0x640 [ 1845.115122] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1845.120291] RIP: 0033:0x7f57bdb1f209 [ 1845.123989] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1845.131692] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1845.138951] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 23:51:08 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:08 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 1: read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:08 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f00000000c0)=""/4096, &(0x7f0000000000)=0x1000) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="c1c8ff263b1f5086f55f07e3bd8eef6a2c286499db1ffa2289f3554521cdc6cba67275e3065cb5e635f89274873cf4291477579e5ac4a5c78ad5fa5e7625f746562f1b941d6a9cee646c73fd8409086046634f29da76", &(0x7f0000000080)=@tcp=r1, 0x1}, 0x20) [ 1845.146203] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1845.153461] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1845.160718] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:08 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f00000000c0)=""/4096, &(0x7f0000000000)=0x1000) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) getsockopt$inet6_dccp_buf(0xffffffffffffffff, 0x21, 0xc, &(0x7f00000000c0)=""/4096, &(0x7f0000000000)=0x1000) (async) 23:51:08 executing program 5: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) r3 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r3, &(0x7f0000000300)={&(0x7f0000000240), 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r2, 0x203, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @private}]}, 0x1c}}, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) 23:51:08 executing program 1: read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:08 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000000c0)={0xffffffffffffffff, &(0x7f0000000000)="c1c8ff263b1f5086f55f07e3bd8eef6a2c286499db1ffa2289f3554521cdc6cba67275e3065cb5e635f89274873cf4291477579e5ac4a5c78ad5fa5e7625f746562f1b941d6a9cee646c73fd8409086046634f29da76", &(0x7f0000000080)=@tcp=r1, 0x1}, 0x20) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) [ 1845.262783] FAULT_INJECTION: forcing a failure. [ 1845.262783] name failslab, interval 1, probability 0, space 0, times 0 [ 1845.300438] CPU: 1 PID: 4841 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1845.308247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1845.317738] Call Trace: [ 1845.320317] dump_stack+0x1b2/0x281 [ 1845.323929] should_fail.cold+0x10a/0x149 [ 1845.328057] should_failslab+0xd6/0x130 [ 1845.332010] kmem_cache_alloc+0x28e/0x3c0 [ 1845.336167] radix_tree_node_alloc.constprop.0+0x5a/0x2f0 [ 1845.341701] idr_get_free_cmn+0x595/0x8d0 [ 1845.345843] idr_alloc_cmn+0xe8/0x1e0 [ 1845.349639] ? __fprop_inc_percpu_max+0x1d0/0x1d0 [ 1845.354460] ? rcu_lockdep_current_cpu_online+0xed/0x140 [ 1845.359888] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1845.364881] ? kmem_cache_alloc_trace+0x36c/0x3d0 [ 1845.369708] loop_add+0xfb/0x830 [ 1845.373052] ? loop_queue_rq+0x280/0x280 [ 1845.377111] ? loop_queue_work+0x21e0/0x21e0 [ 1845.381510] loop_control_ioctl+0x11a/0x3f0 [ 1845.385820] ? loop_lookup+0x190/0x190 [ 1845.389695] ? SyS_write+0x1b7/0x210 [ 1845.393400] ? loop_lookup+0x190/0x190 [ 1845.397271] do_vfs_ioctl+0x75a/0xff0 [ 1845.401049] ? lock_acquire+0x170/0x3f0 [ 1845.405087] ? ioctl_preallocate+0x1a0/0x1a0 [ 1845.409471] ? __fget+0x265/0x3e0 [ 1845.412911] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.416864] ? security_file_ioctl+0x83/0xb0 [ 1845.421251] SyS_ioctl+0x7f/0xb0 [ 1845.424593] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.428554] do_syscall_64+0x1d5/0x640 [ 1845.432447] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1845.437628] RIP: 0033:0x7f57bdb1f209 [ 1845.441321] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1845.449006] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1845.456272] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 23:51:08 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 1: eventfd2(0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:08 executing program 3: r0 = eventfd2(0x1, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:08 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (fail_nth: 1) 23:51:08 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) r2 = ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) [ 1845.463523] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1845.470771] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1845.478021] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:08 executing program 3: r0 = eventfd2(0x1, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:08 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x3d) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 1: eventfd2(0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) [ 1845.576288] FAULT_INJECTION: forcing a failure. [ 1845.576288] name failslab, interval 1, probability 0, space 0, times 0 [ 1845.605578] CPU: 1 PID: 4867 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1845.613392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1845.622744] Call Trace: 23:51:08 executing program 3: r0 = eventfd2(0x1, 0x1) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:08 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "ac79f571a31d1e5ec7d8d1ec1ff6f6706e58e8d87868022a15cecf40d7410fa0569948c8d243270d7b266dc68825f87d9763c67199fed527374c70a76bba236c"}, 0x48, 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r0) keyctl$setperm(0x5, r0, 0x20) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000000), 0x8) [ 1845.625334] dump_stack+0x1b2/0x281 [ 1845.628964] should_fail.cold+0x10a/0x149 [ 1845.633112] should_failslab+0xd6/0x130 [ 1845.637094] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1845.643424] __kmalloc_node+0x38/0x70 [ 1845.647220] blk_mq_alloc_tag_set+0x30f/0x910 [ 1845.651710] loop_add+0x2a0/0x830 [ 1845.655142] ? loop_queue_rq+0x280/0x280 [ 1845.659178] ? loop_queue_work+0x21e0/0x21e0 [ 1845.663566] loop_control_ioctl+0x11a/0x3f0 [ 1845.667866] ? loop_lookup+0x190/0x190 [ 1845.671737] ? SyS_write+0x1b7/0x210 [ 1845.675447] ? loop_lookup+0x190/0x190 [ 1845.679313] do_vfs_ioctl+0x75a/0xff0 [ 1845.683094] ? lock_acquire+0x170/0x3f0 [ 1845.687055] ? ioctl_preallocate+0x1a0/0x1a0 [ 1845.691441] ? __fget+0x265/0x3e0 [ 1845.694871] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.698833] ? security_file_ioctl+0x83/0xb0 [ 1845.703220] SyS_ioctl+0x7f/0xb0 [ 1845.706562] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.710516] do_syscall_64+0x1d5/0x640 [ 1845.714382] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1845.719547] RIP: 0033:0x7f57bdb1f209 23:51:08 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x3d) (async) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:51:08 executing program 1: eventfd2(0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x425d2a24a01617cb) [ 1845.723234] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1845.730933] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1845.738179] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1845.745428] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1845.752676] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1845.759923] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:08 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x3d) (async) r0 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x8}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000340)={r0, 0xe0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000100)=[0x0], 0x0, 0x8, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}, {}], 0x38, 0x10, &(0x7f0000000180), &(0x7f00000001c0), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000200)}}, 0x10) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) (async) r2 = ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 23:51:08 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x4, 0x7fffffff}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000050038000000000008003b00000000000a000900000000000000000005002a0000000000"], 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r2, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000800) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) 23:51:08 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, 0x0, 0x0) [ 1845.838282] FAULT_INJECTION: forcing a failure. [ 1845.838282] name failslab, interval 1, probability 0, space 0, times 0 [ 1845.876660] CPU: 0 PID: 4892 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:08 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1845.884474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1845.893825] Call Trace: [ 1845.896433] dump_stack+0x1b2/0x281 [ 1845.900060] should_fail.cold+0x10a/0x149 [ 1845.904212] should_failslab+0xd6/0x130 [ 1845.908194] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1845.913310] __kmalloc_node+0x38/0x70 [ 1845.917116] blk_mq_alloc_tag_set+0x30f/0x910 [ 1845.921705] loop_add+0x2a0/0x830 [ 1845.925155] ? loop_queue_rq+0x280/0x280 [ 1845.929208] ? loop_queue_work+0x21e0/0x21e0 [ 1845.933615] loop_control_ioctl+0x11a/0x3f0 [ 1845.937930] ? loop_lookup+0x190/0x190 [ 1845.941811] ? SyS_write+0x1b7/0x210 [ 1845.945525] ? loop_lookup+0x190/0x190 [ 1845.949406] do_vfs_ioctl+0x75a/0xff0 [ 1845.953206] ? lock_acquire+0x170/0x3f0 [ 1845.957189] ? ioctl_preallocate+0x1a0/0x1a0 [ 1845.961592] ? __fget+0x265/0x3e0 [ 1845.965040] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.969001] ? security_file_ioctl+0x83/0xb0 [ 1845.973398] SyS_ioctl+0x7f/0xb0 [ 1845.976748] ? do_vfs_ioctl+0xff0/0xff0 [ 1845.980702] do_syscall_64+0x1d5/0x640 [ 1845.984580] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1845.989753] RIP: 0033:0x7f57bdb1f209 [ 1845.993447] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1846.001139] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1846.008384] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1846.015637] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1846.022901] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1846.030172] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:09 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "ac79f571a31d1e5ec7d8d1ec1ff6f6706e58e8d87868022a15cecf40d7410fa0569948c8d243270d7b266dc68825f87d9763c67199fed527374c70a76bba236c"}, 0x48, 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r0) keyctl$setperm(0x5, r0, 0x20) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000000), 0x8) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "ac79f571a31d1e5ec7d8d1ec1ff6f6706e58e8d87868022a15cecf40d7410fa0569948c8d243270d7b266dc68825f87d9763c67199fed527374c70a76bba236c"}, 0x48, 0xfffffffffffffffb) (async) keyctl$unlink(0x9, 0x0, r0) (async) keyctl$setperm(0x5, r0, 0x20) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) 23:51:09 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x4, 0x7fffffff}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000050038000000000008003b00000000000a000900000000000000000005002a0000000000"], 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r2, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000800) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) (async) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x4, 0x7fffffff}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000050038000000000008003b00000000000a000900000000000000000005002a0000000000"], 0x38}}, 0x0) (async) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r2, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000800) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) (async) 23:51:09 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, 0x0, 0x0) 23:51:09 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 5) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:09 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) (async) r2 = ioctl$LOOP_CTL_ADD(r1, 0x4c80, 0x1) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) (async, rerun: 64) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async, rerun: 64) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) 23:51:09 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, 0x0, 0x0) 23:51:09 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000000)={0xc, 0x4, 0x7fffffff}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) r1 = socket(0x10, 0x2, 0x0) (async) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB, @ANYRES16=r2, @ANYBLOB="010000000000000000000c000000050038000000000008003b00000000000a000900000000000000000005002a0000000000"], 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x54, r2, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x7fff}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1f}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x80000000}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000010}, 0x44000800) (async) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async) sendmsg$BATADV_CMD_GET_ORIGINATORS(r3, &(0x7f0000000240)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x24, r2, 0x200, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x48000}, 0x40000) 23:51:09 executing program 5: socketpair(0x1, 0x2, 0x2, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000100)=0x81, 0x2) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) r1 = eventfd(0x4) read$eventfd(r1, &(0x7f0000000000), 0x8) 23:51:09 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:09 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r5, @ANYRES32=r5], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r6) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:09 executing program 1: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xa}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, 0x0, 0xc04, 0x70bd26, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0x60040895}, 0x20000000) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1846.564462] FAULT_INJECTION: forcing a failure. [ 1846.564462] name failslab, interval 1, probability 0, space 0, times 0 [ 1846.617584] CPU: 0 PID: 4949 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1846.625396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1846.634755] Call Trace: [ 1846.637343] dump_stack+0x1b2/0x281 [ 1846.640976] should_fail.cold+0x10a/0x149 [ 1846.645125] should_failslab+0xd6/0x130 [ 1846.649100] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1846.654193] __kmalloc_node+0x38/0x70 [ 1846.657972] sbitmap_init_node+0x10c/0x3d0 [ 1846.662194] sbitmap_queue_init_node+0x37/0x5d0 [ 1846.666847] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1846.671841] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1846.677096] blk_mq_init_tags+0xf4/0x280 [ 1846.681135] blk_mq_alloc_rq_map+0x90/0x220 [ 1846.685454] __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1846.689927] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1846.694404] loop_add+0x2a0/0x830 [ 1846.697835] ? loop_queue_rq+0x280/0x280 [ 1846.701867] ? loop_queue_work+0x21e0/0x21e0 [ 1846.706250] loop_control_ioctl+0x11a/0x3f0 [ 1846.710546] ? loop_lookup+0x190/0x190 [ 1846.714409] ? SyS_write+0x1b7/0x210 [ 1846.718106] ? loop_lookup+0x190/0x190 [ 1846.721976] do_vfs_ioctl+0x75a/0xff0 [ 1846.725756] ? lock_acquire+0x170/0x3f0 [ 1846.729708] ? ioctl_preallocate+0x1a0/0x1a0 [ 1846.734091] ? __fget+0x265/0x3e0 [ 1846.737564] ? do_vfs_ioctl+0xff0/0xff0 [ 1846.741522] ? security_file_ioctl+0x83/0xb0 [ 1846.745915] SyS_ioctl+0x7f/0xb0 [ 1846.749258] ? do_vfs_ioctl+0xff0/0xff0 [ 1846.753219] do_syscall_64+0x1d5/0x640 [ 1846.757098] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1846.762263] RIP: 0033:0x7f57bdb1f209 [ 1846.765955] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1846.773638] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1846.780881] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1846.788125] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1846.795369] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1846.802621] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1846.821336] blk-mq: reduced tag depth (128 -> 64) 23:51:10 executing program 3: r0 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "ac79f571a31d1e5ec7d8d1ec1ff6f6706e58e8d87868022a15cecf40d7410fa0569948c8d243270d7b266dc68825f87d9763c67199fed527374c70a76bba236c"}, 0x48, 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r0) keyctl$setperm(0x5, r0, 0x20) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000000), 0x8) add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "ac79f571a31d1e5ec7d8d1ec1ff6f6706e58e8d87868022a15cecf40d7410fa0569948c8d243270d7b266dc68825f87d9763c67199fed527374c70a76bba236c"}, 0x48, 0xfffffffffffffffb) (async) keyctl$unlink(0x9, 0x0, r0) (async) keyctl$setperm(0x5, r0, 0x20) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) 23:51:10 executing program 5: socketpair(0x1, 0x2, 0x2, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000100)=0x81, 0x2) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) r1 = eventfd(0x4) read$eventfd(r1, &(0x7f0000000000), 0x8) socketpair(0x1, 0x2, 0x2, &(0x7f00000000c0)) (async) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000100)=0x81, 0x2) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) (async) eventfd(0x4) (async) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:10 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 6) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:10 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r5, @ANYRES32=r5], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r6) (async, rerun: 32) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (rerun: 32) 23:51:10 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (fail_nth: 1) 23:51:10 executing program 1: ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) r0 = eventfd2(0x0, 0x0) r1 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x1000, &(0x7f0000000080), 0x8, r1, 0x7}) eventfd2(0xfffffffd, 0x1801) socketpair(0x9, 0x2, 0xffffffff, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000180)=[0x2, 0x5a9, 0x3, 0xffffffff, 0x1528, 0x80000001, 0xfff, 0x4]) r3 = eventfd2(0x4ec, 0x0) r4 = eventfd(0x0) write$eventfd(r4, &(0x7f0000000000), 0x8) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000100)={r3, 0x10001, 0x3, r4}) r5 = eventfd2(0x6, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r5, 0x1, 0x0, r1}) read$eventfd(r0, &(0x7f0000000000), 0xffffffffffffffae) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:10 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1847.522595] FAULT_INJECTION: forcing a failure. [ 1847.522595] name failslab, interval 1, probability 0, space 0, times 0 [ 1847.535012] CPU: 1 PID: 5021 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1847.542815] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1847.552169] Call Trace: [ 1847.554785] dump_stack+0x1b2/0x281 [ 1847.558407] should_fail.cold+0x10a/0x149 [ 1847.562560] should_failslab+0xd6/0x130 [ 1847.566536] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1847.571646] sbitmap_queue_init_node+0x27f/0x5d0 [ 1847.576410] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1847.581691] blk_mq_init_tags+0xf4/0x280 [ 1847.585770] blk_mq_alloc_rq_map+0x90/0x220 [ 1847.590089] __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1847.594577] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1847.599062] loop_add+0x2a0/0x830 [ 1847.602514] ? loop_queue_rq+0x280/0x280 [ 1847.606561] ? loop_queue_work+0x21e0/0x21e0 [ 1847.610961] loop_control_ioctl+0x11a/0x3f0 [ 1847.615269] ? loop_lookup+0x190/0x190 [ 1847.619255] ? SyS_write+0x1b7/0x210 [ 1847.622947] ? loop_lookup+0x190/0x190 [ 1847.626808] do_vfs_ioctl+0x75a/0xff0 [ 1847.630614] ? lock_acquire+0x170/0x3f0 [ 1847.634566] ? ioctl_preallocate+0x1a0/0x1a0 [ 1847.638952] ? __fget+0x265/0x3e0 [ 1847.642394] ? do_vfs_ioctl+0xff0/0xff0 [ 1847.646353] ? security_file_ioctl+0x83/0xb0 [ 1847.650766] SyS_ioctl+0x7f/0xb0 [ 1847.654124] ? do_vfs_ioctl+0xff0/0xff0 [ 1847.658096] do_syscall_64+0x1d5/0x640 [ 1847.661966] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1847.667144] RIP: 0033:0x7f57bdb1f209 [ 1847.670831] RSP: 002b:00007f57bc473168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1847.678536] RAX: ffffffffffffffda RBX: 00007f57bdc32030 RCX: 00007f57bdb1f209 [ 1847.685809] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1847.693067] RBP: 00007f57bc4731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1847.700416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1847.707687] R13: 00007ffc7af5046f R14: 00007f57bc473300 R15: 0000000000022000 [ 1847.718884] blk-mq: reduced tag depth (128 -> 64) 23:51:11 executing program 1: ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) (async) r0 = eventfd2(0x0, 0x0) (async) r1 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x1000, &(0x7f0000000080), 0x8, r1, 0x7}) (async) eventfd2(0xfffffffd, 0x1801) (async) socketpair(0x9, 0x2, 0xffffffff, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000180)=[0x2, 0x5a9, 0x3, 0xffffffff, 0x1528, 0x80000001, 0xfff, 0x4]) (async) r3 = eventfd2(0x4ec, 0x0) (async) r4 = eventfd(0x0) write$eventfd(r4, &(0x7f0000000000), 0x8) (async) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000100)={r3, 0x10001, 0x3, r4}) (async) r5 = eventfd2(0x6, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r5, 0x1, 0x0, r1}) read$eventfd(r0, &(0x7f0000000000), 0xffffffffffffffae) 23:51:11 executing program 5: socketpair(0x1, 0x2, 0x2, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000100)=0x81, 0x2) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00'}, 0x10) (async) r1 = eventfd(0x4) read$eventfd(r1, &(0x7f0000000000), 0x8) 23:51:11 executing program 3: eventfd2(0x0, 0x0) eventfd(0x73) r0 = eventfd(0x5) r1 = eventfd2(0x8, 0x800) read$eventfd(r1, &(0x7f0000000000), 0x8) r2 = eventfd2(0x9, 0x800) r3 = eventfd(0x0) write$eventfd(r3, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r2, 0x1000, 0x3ff, r3}) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:51:11 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r5, @ANYRES32=r5], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r6 = ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r6) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r4, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r5, @ANYRES32=r5], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r5, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r6) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r6) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:11 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 7) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:11 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:11 executing program 1: ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) r0 = eventfd2(0x0, 0x0) r1 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x1000, &(0x7f0000000080), 0x8, r1, 0x7}) eventfd2(0xfffffffd, 0x1801) socketpair(0x9, 0x2, 0xffffffff, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000180)=[0x2, 0x5a9, 0x3, 0xffffffff, 0x1528, 0x80000001, 0xfff, 0x4]) r3 = eventfd2(0x4ec, 0x0) r4 = eventfd(0x0) write$eventfd(r4, &(0x7f0000000000), 0x8) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000100)={r3, 0x10001, 0x3, r4}) r5 = eventfd2(0x6, 0x1) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r5, 0x1, 0x0, r1}) read$eventfd(r0, &(0x7f0000000000), 0xffffffffffffffae) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x9) (async) eventfd2(0x0, 0x0) (async) eventfd2(0x0, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000000c0)={0x1000, &(0x7f0000000080), 0x8, r1, 0x7}) (async) eventfd2(0xfffffffd, 0x1801) (async) socketpair(0x9, 0x2, 0xffffffff, &(0x7f0000000040)) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000180)=[0x2, 0x5a9, 0x3, 0xffffffff, 0x1528, 0x80000001, 0xfff, 0x4]) (async) eventfd2(0x4ec, 0x0) (async) eventfd(0x0) (async) write$eventfd(r4, &(0x7f0000000000), 0x8) (async) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000140)) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000100)={r3, 0x10001, 0x3, r4}) (async) eventfd2(0x6, 0x1) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f00000001c0)={r5, 0x1, 0x0, r1}) (async) read$eventfd(r0, &(0x7f0000000000), 0xffffffffffffffae) (async) 23:51:11 executing program 5: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30) 23:51:11 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:11 executing program 3: eventfd2(0x0, 0x0) (async, rerun: 32) eventfd(0x73) (rerun: 32) r0 = eventfd(0x5) (async) r1 = eventfd2(0x8, 0x800) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) r2 = eventfd2(0x9, 0x800) r3 = eventfd(0x0) write$eventfd(r3, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r2, 0x1000, 0x3ff, r3}) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:51:11 executing program 5: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30) (async) 23:51:11 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r1, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1848.387632] FAULT_INJECTION: forcing a failure. [ 1848.387632] name failslab, interval 1, probability 0, space 0, times 0 [ 1848.426917] CPU: 1 PID: 5052 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 23:51:11 executing program 3: eventfd2(0x0, 0x0) eventfd(0x73) (async, rerun: 32) r0 = eventfd(0x5) (async, rerun: 32) r1 = eventfd2(0x8, 0x800) read$eventfd(r1, &(0x7f0000000000), 0x8) (async) r2 = eventfd2(0x9, 0x800) (async, rerun: 32) r3 = eventfd(0x0) (rerun: 32) write$eventfd(r3, &(0x7f0000000000), 0x8) (async, rerun: 32) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000080)={r2, 0x1000, 0x3ff, r3}) (async, rerun: 32) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:51:11 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x0, 0x800) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000340)={r0, 0x40, 0x7fff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) read$eventfd(r0, &(0x7f0000000000), 0x8) [ 1848.434735] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1848.444083] Call Trace: [ 1848.446670] dump_stack+0x1b2/0x281 [ 1848.450303] should_fail.cold+0x10a/0x149 [ 1848.454452] should_failslab+0xd6/0x130 [ 1848.458516] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1848.463709] sbitmap_queue_init_node+0x27f/0x5d0 [ 1848.468466] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1848.473748] blk_mq_init_tags+0xf4/0x280 [ 1848.477839] blk_mq_alloc_rq_map+0x90/0x220 [ 1848.482170] __blk_mq_alloc_rq_map+0xa3/0x3a0 23:51:11 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x7) [ 1848.486671] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1848.491173] loop_add+0x2a0/0x830 [ 1848.494627] ? loop_queue_rq+0x280/0x280 [ 1848.498679] ? loop_queue_work+0x21e0/0x21e0 [ 1848.503083] loop_control_ioctl+0x11a/0x3f0 [ 1848.507407] ? loop_lookup+0x190/0x190 [ 1848.511288] ? SyS_write+0x1b7/0x210 [ 1848.514995] ? loop_lookup+0x190/0x190 [ 1848.518874] do_vfs_ioctl+0x75a/0xff0 [ 1848.522667] ? lock_acquire+0x170/0x3f0 [ 1848.526638] ? ioctl_preallocate+0x1a0/0x1a0 [ 1848.531044] ? __fget+0x265/0x3e0 [ 1848.534491] ? do_vfs_ioctl+0xff0/0xff0 [ 1848.538473] ? security_file_ioctl+0x83/0xb0 [ 1848.542884] SyS_ioctl+0x7f/0xb0 [ 1848.546244] ? do_vfs_ioctl+0xff0/0xff0 [ 1848.550216] do_syscall_64+0x1d5/0x640 [ 1848.554104] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1848.559287] RIP: 0033:0x7f57bdb1f209 [ 1848.562983] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1848.570671] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1848.577921] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1848.585169] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1848.592420] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1848.599668] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1848.612466] blk-mq: reduced tag depth (128 -> 64) 23:51:11 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="40463a1904b2"}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x96}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x400}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x50}}, 0x44011) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:11 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) (async) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x7) 23:51:11 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:11 executing program 5: getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000000)=""/48, &(0x7f0000000040)=0x30) (async) 23:51:11 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 8) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:11 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:11 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4) 23:51:11 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x7) 23:51:11 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:11 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="40463a1904b2"}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x96}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x400}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x50}}, 0x44011) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="40463a1904b2"}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x96}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x400}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x50}}, 0x44011) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) [ 1848.788678] FAULT_INJECTION: forcing a failure. [ 1848.788678] name failslab, interval 1, probability 0, space 0, times 0 [ 1848.811544] CPU: 0 PID: 5123 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1848.819396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1848.828748] Call Trace: [ 1848.831336] dump_stack+0x1b2/0x281 [ 1848.834972] should_fail.cold+0x10a/0x149 [ 1848.839146] should_failslab+0xd6/0x130 [ 1848.843118] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1848.848231] sbitmap_queue_init_node+0x27f/0x5d0 [ 1848.852989] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1848.858256] blk_mq_init_tags+0x14b/0x280 [ 1848.862386] blk_mq_alloc_rq_map+0x90/0x220 [ 1848.866683] __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1848.871155] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1848.875631] loop_add+0x2a0/0x830 [ 1848.879068] ? loop_queue_rq+0x280/0x280 [ 1848.883108] ? loop_queue_work+0x21e0/0x21e0 [ 1848.887496] loop_control_ioctl+0x11a/0x3f0 [ 1848.891799] ? loop_lookup+0x190/0x190 [ 1848.895663] ? SyS_write+0x1b7/0x210 [ 1848.899355] ? loop_lookup+0x190/0x190 [ 1848.903222] do_vfs_ioctl+0x75a/0xff0 [ 1848.907152] ? lock_acquire+0x170/0x3f0 [ 1848.911122] ? ioctl_preallocate+0x1a0/0x1a0 [ 1848.915519] ? __fget+0x265/0x3e0 [ 1848.918960] ? do_vfs_ioctl+0xff0/0xff0 [ 1848.922927] ? security_file_ioctl+0x83/0xb0 [ 1848.927312] SyS_ioctl+0x7f/0xb0 [ 1848.930739] ? do_vfs_ioctl+0xff0/0xff0 [ 1848.934703] do_syscall_64+0x1d5/0x640 [ 1848.938600] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1848.943822] RIP: 0033:0x7f57bdb1f209 [ 1848.947578] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1848.955265] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1848.962518] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1848.969798] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1848.977049] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1848.984299] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1848.995710] blk-mq: reduced tag depth (128 -> 64) 23:51:12 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x0, 0x800) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000340)={r0, 0x40, 0x7fff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) read$eventfd(r0, &(0x7f0000000000), 0x8) eventfd2(0x0, 0x0) (async) eventfd2(0x0, 0x800) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000340)={r0, 0x40, 0x7fff}) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) 23:51:12 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd2(0x3, 0x0) write$eventfd(r1, &(0x7f0000000000)=0x9, 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:12 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) (async) setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4) (async) 23:51:12 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:12 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 9) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:12 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="40463a1904b2"}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x96}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x400}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}]}, 0x50}}, 0x44011) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:12 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd2(0x3, 0x0) write$eventfd(r1, &(0x7f0000000000)=0x9, 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) eventfd2(0x3, 0x0) (async) write$eventfd(r1, &(0x7f0000000000)=0x9, 0x8) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:51:12 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:12 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) (async) setsockopt$MRT_PIM(0xffffffffffffffff, 0x0, 0xcf, &(0x7f0000000080)=0x1, 0x4) (async) [ 1849.399460] FAULT_INJECTION: forcing a failure. [ 1849.399460] name failslab, interval 1, probability 0, space 0, times 0 [ 1849.419785] CPU: 1 PID: 5169 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1849.427588] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1849.436942] Call Trace: [ 1849.439534] dump_stack+0x1b2/0x281 [ 1849.443164] should_fail.cold+0x10a/0x149 23:51:12 executing program 3: r0 = eventfd2(0x0, 0x0) r1 = eventfd2(0x3, 0x0) write$eventfd(r1, &(0x7f0000000000)=0x9, 0x8) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) eventfd2(0x3, 0x0) (async) write$eventfd(r1, &(0x7f0000000000)=0x9, 0x8) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:51:12 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000240)=""/145, &(0x7f0000000080)=0x91) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x4}) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) getsockopt$MRT(r2, 0x0, 0xd0, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) setsockopt$MRT_DEL_VIF(r3, 0x0, 0xcb, &(0x7f0000000580)={0x1, 0x0, 0x3f, 0x7, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r4, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x80, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x40090) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000300)=""/229, &(0x7f0000000400)=0xe5) [ 1849.447310] should_failslab+0xd6/0x130 [ 1849.451287] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1849.456393] __kmalloc_node+0x38/0x70 [ 1849.460192] blk_mq_alloc_rq_map+0xd2/0x220 [ 1849.464512] __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1849.469012] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1849.473511] loop_add+0x2a0/0x830 [ 1849.476959] ? loop_queue_rq+0x280/0x280 [ 1849.481012] ? loop_queue_work+0x21e0/0x21e0 [ 1849.485420] loop_control_ioctl+0x11a/0x3f0 [ 1849.489737] ? loop_lookup+0x190/0x190 [ 1849.493617] ? SyS_write+0x1b7/0x210 23:51:12 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async, rerun: 64) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (rerun: 64) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async, rerun: 64) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000240)=""/145, &(0x7f0000000080)=0x91) (async, rerun: 64) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x4}) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) getsockopt$MRT(r2, 0x0, 0xd0, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async, rerun: 64) setsockopt$MRT_DEL_VIF(r3, 0x0, 0xcb, &(0x7f0000000580)={0x1, 0x0, 0x3f, 0x7, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100}, 0x10) (async, rerun: 64) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) (async) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r4, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x80, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x40090) (async) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000300)=""/229, &(0x7f0000000400)=0xe5) [ 1849.497331] ? loop_lookup+0x190/0x190 [ 1849.501214] do_vfs_ioctl+0x75a/0xff0 [ 1849.505009] ? lock_acquire+0x170/0x3f0 [ 1849.508978] ? ioctl_preallocate+0x1a0/0x1a0 [ 1849.513385] ? __fget+0x265/0x3e0 [ 1849.516837] ? do_vfs_ioctl+0xff0/0xff0 [ 1849.520825] ? security_file_ioctl+0x83/0xb0 [ 1849.525233] SyS_ioctl+0x7f/0xb0 [ 1849.528590] ? do_vfs_ioctl+0xff0/0xff0 [ 1849.532559] do_syscall_64+0x1d5/0x640 [ 1849.536449] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1849.541632] RIP: 0033:0x7f57bdb1f209 [ 1849.545334] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1849.553072] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1849.560338] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1849.567600] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1849.574877] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1849.582143] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1849.609498] blk-mq: reduced tag depth (128 -> 64) 23:51:13 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:13 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x0, 0x800) (async) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000340)={r0, 0x40, 0x7fff}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000040)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:51:13 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 10) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:13 executing program 3: r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$unlink(0x9, r0, 0xffffffffffffffff) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) r2 = eventfd2(0x8, 0x800) write$eventfd(r2, &(0x7f0000000000)=0x100000000, 0x8) r3 = eventfd(0x0) write$eventfd(r3, &(0x7f0000000000), 0x8) write$eventfd(r3, &(0x7f0000000140)=0xfffffffffffffffb, 0x8) write$eventfd(r1, &(0x7f0000000040)=0xffffffffffffa292, 0x8) eventfd(0x4) r4 = eventfd2(0xd3e, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x100000, &(0x7f0000000180), 0x5, r4, 0x9}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_PIM(r6, 0x0, 0xcf, &(0x7f0000000100)=0x2, 0x4) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000000c0), 0x2) 23:51:13 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (async) r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) getsockopt$bt_sco_SCO_OPTIONS(r0, 0x11, 0x1, &(0x7f0000000240)=""/145, &(0x7f0000000080)=0x91) r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r1, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f00000000c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0], 0x4}) (rerun: 32) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) getsockopt$MRT(r2, 0x0, 0xd0, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async) setsockopt$MRT_DEL_VIF(r3, 0x0, 0xcb, &(0x7f0000000580)={0x1, 0x0, 0x3f, 0x7, @vifc_lcl_addr=@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100}, 0x10) r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r4, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) (async, rerun: 64) sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r4, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)={0x80, 0x0, 0x300, 0x70bd2c, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @empty}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wlan1\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @remote}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x40090) (async, rerun: 64) getsockopt$bt_sco_SCO_CONNINFO(r2, 0x11, 0x2, &(0x7f0000000300)=""/229, &(0x7f0000000400)=0xe5) 23:51:13 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x185003, 0x0) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:watchdog_device_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="7d6438be2108e1720e4e6dd43c9860c3b48a01", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f00000001c0), 0x2) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:13 executing program 3: r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$unlink(0x9, r0, 0xffffffffffffffff) r1 = eventfd2(0x0, 0x0) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) r2 = eventfd2(0x8, 0x800) write$eventfd(r2, &(0x7f0000000000)=0x100000000, 0x8) r3 = eventfd(0x0) write$eventfd(r3, &(0x7f0000000000), 0x8) write$eventfd(r3, &(0x7f0000000140)=0xfffffffffffffffb, 0x8) write$eventfd(r1, &(0x7f0000000040)=0xffffffffffffa292, 0x8) eventfd(0x4) r4 = eventfd2(0xd3e, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x100000, &(0x7f0000000180), 0x5, r4, 0x9}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r6 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_PIM(r6, 0x0, 0xcf, &(0x7f0000000100)=0x2, 0x4) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000000c0), 0x2) add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) (async) keyctl$unlink(0x9, r0, 0xffffffffffffffff) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) (async) eventfd2(0x8, 0x800) (async) write$eventfd(r2, &(0x7f0000000000)=0x100000000, 0x8) (async) eventfd(0x0) (async) write$eventfd(r3, &(0x7f0000000000), 0x8) (async) write$eventfd(r3, &(0x7f0000000140)=0xfffffffffffffffb, 0x8) (async) write$eventfd(r1, &(0x7f0000000040)=0xffffffffffffa292, 0x8) (async) eventfd(0x4) (async) eventfd2(0xd3e, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x100000, &(0x7f0000000180), 0x5, r4, 0x9}) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) (async) setsockopt$MRT_PIM(r6, 0x0, 0xcf, &(0x7f0000000100)=0x2, 0x4) (async) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, 0x0, 0x0) (async) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000000c0), 0x2) (async) 23:51:13 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1850.294190] FAULT_INJECTION: forcing a failure. [ 1850.294190] name failslab, interval 1, probability 0, space 0, times 0 [ 1850.321176] CPU: 0 PID: 5221 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1850.328993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1850.338346] Call Trace: [ 1850.340938] dump_stack+0x1b2/0x281 [ 1850.344574] should_fail.cold+0x10a/0x149 [ 1850.348724] should_failslab+0xd6/0x130 [ 1850.352703] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1850.357806] __kmalloc_node+0x38/0x70 [ 1850.361692] blk_mq_alloc_rq_map+0x113/0x220 [ 1850.366102] __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1850.370591] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1850.375327] loop_add+0x2a0/0x830 [ 1850.378755] ? loop_queue_rq+0x280/0x280 [ 1850.382797] ? loop_queue_work+0x21e0/0x21e0 [ 1850.387192] loop_control_ioctl+0x11a/0x3f0 [ 1850.391506] ? loop_lookup+0x190/0x190 [ 1850.395375] ? SyS_write+0x1b7/0x210 [ 1850.399066] ? loop_lookup+0x190/0x190 [ 1850.402940] do_vfs_ioctl+0x75a/0xff0 [ 1850.406727] ? lock_acquire+0x170/0x3f0 [ 1850.410688] ? ioctl_preallocate+0x1a0/0x1a0 [ 1850.415074] ? __fget+0x265/0x3e0 [ 1850.418591] ? do_vfs_ioctl+0xff0/0xff0 [ 1850.422552] ? security_file_ioctl+0x83/0xb0 [ 1850.426946] SyS_ioctl+0x7f/0xb0 [ 1850.430289] ? do_vfs_ioctl+0xff0/0xff0 [ 1850.434243] do_syscall_64+0x1d5/0x640 [ 1850.438108] entry_SYSCALL_64_after_hwframe+0x46/0xbb 23:51:13 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:13 executing program 3: r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$unlink(0x9, r0, 0xffffffffffffffff) (async, rerun: 64) r1 = eventfd2(0x0, 0x0) (rerun: 64) read$eventfd(r1, &(0x7f0000000080), 0xfffffffffffffedb) r2 = eventfd2(0x8, 0x800) write$eventfd(r2, &(0x7f0000000000)=0x100000000, 0x8) (async) r3 = eventfd(0x0) write$eventfd(r3, &(0x7f0000000000), 0x8) write$eventfd(r3, &(0x7f0000000140)=0xfffffffffffffffb, 0x8) (async, rerun: 32) write$eventfd(r1, &(0x7f0000000040)=0xffffffffffffa292, 0x8) (rerun: 32) eventfd(0x4) (async, rerun: 32) r4 = eventfd2(0xd3e, 0x0) (rerun: 32) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f00000001c0)={0x100000, &(0x7f0000000180), 0x5, r4, 0x9}) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async, rerun: 32) r6 = socket(0x18, 0x0, 0xa7) (rerun: 32) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r6) setsockopt$MRT_PIM(r6, 0x0, 0xcf, &(0x7f0000000100)=0x2, 0x4) (async) setsockopt$bt_BT_DEFER_SETUP(r5, 0x112, 0x7, 0x0, 0x0) getsockopt$bt_BT_SECURITY(r5, 0x112, 0x4, &(0x7f00000000c0), 0x2) 23:51:13 executing program 5: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1e) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0xd3) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x3) [ 1850.443277] RIP: 0033:0x7f57bdb1f209 [ 1850.446975] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1850.454659] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1850.461911] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1850.469304] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1850.476549] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1850.483800] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1850.513623] blk-mq: reduced tag depth (128 -> 64) 23:51:13 executing program 5: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1e) (async) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0xd3) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async, rerun: 64) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x3) (rerun: 64) 23:51:13 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x185003, 0x0) (async) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:watchdog_device_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="7d6438be2108e1720e4e6dd43c9860c3b48a01", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) (async) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, 0x0, 0x0) (async) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f00000001c0), 0x2) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:14 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x208, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x80000000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7fffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x1040}, 0x10) eventfd2(0xfffffff8, 0x0) 23:51:14 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 11) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:14 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:14 executing program 5: ioctl$UI_SET_MSCBIT(0xffffffffffffffff, 0x40045568, 0x1e) ioctl$UI_SET_KEYBIT(0xffffffffffffffff, 0x40045565, 0xd3) (async, rerun: 64) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async, rerun: 64) ioctl$UI_SET_RELBIT(0xffffffffffffffff, 0x40045566, 0x3) 23:51:14 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f00000002c0), 0x185003, 0x0) setsockopt$MRT_DONE(0xffffffffffffffff, 0x0, 0xc9, 0x0, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, 0x0, 0x100, 0x70bd29, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_SECCTX={0x2b, 0x7, 'system_u:object_r:watchdog_device_t:s0\x00'}]}, 0x40}, 0x1, 0x0, 0x0, 0x4000}, 0x4004000) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=ANY=[@ANYBLOB="7d6438be2108e1720e4e6dd43c9860c3b48a01", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) r4 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r4, 0x112, 0x7, 0x0, 0x0) setsockopt$bt_BT_SNDMTU(r4, 0x112, 0xc, &(0x7f00000001c0), 0x2) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:14 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) 23:51:14 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) r1 = socket(0x10, 0x2, 0x0) (async) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x208, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x80000000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7fffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x1040}, 0x10) (async) eventfd2(0xfffffff8, 0x0) 23:51:14 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1851.262203] FAULT_INJECTION: forcing a failure. [ 1851.262203] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1851.287466] CPU: 1 PID: 5300 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1851.295277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1851.304624] Call Trace: [ 1851.307222] dump_stack+0x1b2/0x281 [ 1851.310851] should_fail.cold+0x10a/0x149 [ 1851.315001] __alloc_pages_nodemask+0x22c/0x2720 [ 1851.319768] ? kasan_kmalloc+0xeb/0x160 [ 1851.323730] ? blk_mq_alloc_rq_map+0x113/0x220 [ 1851.328304] ? __blk_mq_alloc_rq_map+0xa3/0x3a0 [ 1851.332964] ? loop_add+0x2a0/0x830 [ 1851.336577] ? loop_control_ioctl+0x11a/0x3f0 [ 1851.341052] ? do_vfs_ioctl+0x75a/0xff0 [ 1851.345008] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1851.350350] ? __mutex_unlock_slowpath+0x75/0x770 [ 1851.355171] ? fs_reclaim_release+0xd0/0x110 [ 1851.359563] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1851.364390] ? __lockdep_init_map+0x100/0x560 [ 1851.368875] ? _find_next_bit+0xdb/0x100 [ 1851.372930] ? __cpu_to_node+0x7b/0xa0 [ 1851.376809] ? blk_mq_hw_queue_to_node+0x9f/0xf0 [ 1851.381549] blk_mq_alloc_rqs+0x227/0x6d0 [ 1851.385681] ? blk_mq_alloc_rq_map+0x9d/0x220 [ 1851.390168] __blk_mq_alloc_rq_map+0x15b/0x3a0 [ 1851.394759] blk_mq_alloc_tag_set+0x4ac/0x910 [ 1851.399269] loop_add+0x2a0/0x830 [ 1851.402717] ? loop_queue_rq+0x280/0x280 [ 1851.406765] ? loop_queue_work+0x21e0/0x21e0 [ 1851.411156] loop_control_ioctl+0x11a/0x3f0 [ 1851.415475] ? loop_lookup+0x190/0x190 [ 1851.419353] ? SyS_write+0x1b7/0x210 [ 1851.423058] ? loop_lookup+0x190/0x190 [ 1851.426941] do_vfs_ioctl+0x75a/0xff0 [ 1851.430734] ? lock_acquire+0x170/0x3f0 [ 1851.434695] ? ioctl_preallocate+0x1a0/0x1a0 [ 1851.439089] ? __fget+0x265/0x3e0 [ 1851.442550] ? do_vfs_ioctl+0xff0/0xff0 [ 1851.446513] ? security_file_ioctl+0x83/0xb0 [ 1851.450899] SyS_ioctl+0x7f/0xb0 [ 1851.454252] ? do_vfs_ioctl+0xff0/0xff0 [ 1851.458215] do_syscall_64+0x1d5/0x640 [ 1851.462085] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1851.467252] RIP: 0033:0x7f57bdb1f209 [ 1851.470940] RSP: 002b:00007f57bc473168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.478624] RAX: ffffffffffffffda RBX: 00007f57bdc32030 RCX: 00007f57bdb1f209 [ 1851.485933] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1851.493186] RBP: 00007f57bc4731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.500455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:14 executing program 3: r0 = eventfd2(0x0, 0x0) eventfd2(0x0, 0x80000) eventfd2(0x9, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r1 = eventfd(0x0) eventfd2(0x4, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x5}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c050}, 0x20000080) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000180)={0x10, 0x1, {0x55, 0xfff, 0x64ea, {0xff, 0x8001}, {0x401, 0x8e}, @const={0x4, {0x100, 0x7ff, 0x8, 0x6}}}, {0x52, 0x3, 0x2, {0x7, 0x80}, {0xea50, 0xe9}, @ramp={0xfa6, 0x7f, {0x1000, 0x6, 0x5, 0x5}}}}) write$eventfd(r1, &(0x7f0000000000), 0x8) read$eventfd(r0, &(0x7f0000000000), 0xfda0) 23:51:14 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) (async) 23:51:14 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:14 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async, rerun: 32) r1 = socket(0x10, 0x2, 0x0) (async, rerun: 32) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x44, r2, 0x208, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x80000000}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7fffffff}]}, 0x44}, 0x1, 0x0, 0x0, 0x1040}, 0x10) (async, rerun: 64) eventfd2(0xfffffff8, 0x0) (rerun: 64) [ 1851.507707] R13: 00007ffc7af5046f R14: 00007f57bc473300 R15: 0000000000022000 23:51:14 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 12) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:14 executing program 4: r0 = socket(0x2c, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x20}, 0x1, 0x0, 0x0, 0x4084}, 0x4040010) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:14 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:14 executing program 1: r0 = eventfd2(0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r2) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf2504000000080056007f000000050037000000000005003500000000000500290003000000cea475f9c4c4606b6e0e3fb68cb935c12a53f44cfeced87c39c7128a64dd0f8eb2e349edc01ab313f4852d551e0b97149da9d6900330a58716352b57fc5cb9958bc771030381a2888512ba81ce0fc3521b0fa8713b49fa2ab60f293c965351d1605b41d87c163d525f267862c2452c1d7b6242d7f612125ea1b0d6fe51c9269e8869e3c3861b0ddb2887cef1e797973fd57cb6079abc76c3f4bf904ca900bbac6423af19f9d9cacf4f21"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000100) r3 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x100000, &(0x7f0000000080), 0x8, r3, 0x2}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000040)=0xa, 0x4) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000200)={{0x7, 0x1000, 0x8, 0x3}, 'syz1\x00', 0x16}) 23:51:14 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_0\x00'}) (async) 23:51:14 executing program 4: r0 = socket(0x2c, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x20}, 0x1, 0x0, 0x0, 0x4084}, 0x4040010) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) socket(0x2c, 0x0, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x20}, 0x1, 0x0, 0x0, 0x4084}, 0x4040010) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) (async) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:14 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, 0x0, 0x201, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:14 executing program 1: r0 = eventfd2(0x0, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r2) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf2504000000080056007f000000050037000000000005003500000000000500290003000000cea475f9c4c4606b6e0e3fb68cb935c12a53f44cfeced87c39c7128a64dd0f8eb2e349edc01ab313f4852d551e0b97149da9d6900330a58716352b57fc5cb9958bc771030381a2888512ba81ce0fc3521b0fa8713b49fa2ab60f293c965351d1605b41d87c163d525f267862c2452c1d7b6242d7f612125ea1b0d6fe51c9269e8869e3c3861b0ddb2887cef1e797973fd57cb6079abc76c3f4bf904ca900bbac6423af19f9d9cacf4f21"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000100) r3 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x100000, &(0x7f0000000080), 0x8, r3, 0x2}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000040)=0xa, 0x4) (async) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000200)={{0x7, 0x1000, 0x8, 0x3}, 'syz1\x00', 0x16}) [ 1851.712647] FAULT_INJECTION: forcing a failure. [ 1851.712647] name failslab, interval 1, probability 0, space 0, times 0 [ 1851.738612] CPU: 0 PID: 5333 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1851.746427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1851.755783] Call Trace: [ 1851.758369] dump_stack+0x1b2/0x281 [ 1851.761997] should_fail.cold+0x10a/0x149 [ 1851.766146] should_failslab+0xd6/0x130 [ 1851.770120] kmem_cache_alloc_node+0x263/0x410 [ 1851.774702] blk_alloc_queue_node+0x2d/0xb40 [ 1851.779112] blk_mq_init_queue+0x42/0x90 [ 1851.783185] loop_add+0x303/0x830 [ 1851.786636] ? loop_queue_rq+0x280/0x280 [ 1851.790692] ? loop_queue_work+0x21e0/0x21e0 [ 1851.795097] loop_control_ioctl+0x11a/0x3f0 [ 1851.799414] ? loop_lookup+0x190/0x190 [ 1851.803296] ? SyS_write+0x1b7/0x210 [ 1851.807005] ? loop_lookup+0x190/0x190 [ 1851.810891] do_vfs_ioctl+0x75a/0xff0 [ 1851.814693] ? lock_acquire+0x170/0x3f0 [ 1851.818663] ? ioctl_preallocate+0x1a0/0x1a0 [ 1851.823065] ? __fget+0x265/0x3e0 [ 1851.826498] ? do_vfs_ioctl+0xff0/0xff0 [ 1851.830519] ? security_file_ioctl+0x83/0xb0 [ 1851.834909] SyS_ioctl+0x7f/0xb0 [ 1851.838255] ? do_vfs_ioctl+0xff0/0xff0 [ 1851.842210] do_syscall_64+0x1d5/0x640 [ 1851.846078] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1851.851248] RIP: 0033:0x7f57bdb1f209 [ 1851.854938] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1851.862624] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1851.869874] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1851.877122] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1851.884371] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1851.891624] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:15 executing program 3: r0 = eventfd2(0x0, 0x0) (async) eventfd2(0x0, 0x80000) (async) eventfd2(0x9, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r1 = eventfd(0x0) eventfd2(0x4, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x5}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c050}, 0x20000080) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000180)={0x10, 0x1, {0x55, 0xfff, 0x64ea, {0xff, 0x8001}, {0x401, 0x8e}, @const={0x4, {0x100, 0x7ff, 0x8, 0x6}}}, {0x52, 0x3, 0x2, {0x7, 0x80}, {0xea50, 0xe9}, @ramp={0xfa6, 0x7f, {0x1000, 0x6, 0x5, 0x5}}}}) (async) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) read$eventfd(r0, &(0x7f0000000000), 0xfda0) 23:51:15 executing program 4: r0 = socket(0x2c, 0x0, 0x0) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x20}, 0x1, 0x0, 0x0, 0x4084}, 0x4040010) r1 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) socket(0x2c, 0x0, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x0, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @remote}]}, 0x20}, 0x1, 0x0, 0x0, 0x4084}, 0x4040010) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x2) (async) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r1) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:15 executing program 1: r0 = eventfd2(0x0, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000140), r2) (async) sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000125bd7000fcdbdf2504000000080056007f000000050037000000000005003500000000000500290003000000cea475f9c4c4606b6e0e3fb68cb935c12a53f44cfeced87c39c7128a64dd0f8eb2e349edc01ab313f4852d551e0b97149da9d6900330a58716352b57fc5cb9958bc771030381a2888512ba81ce0fc3521b0fa8713b49fa2ab60f293c965351d1605b41d87c163d525f267862c2452c1d7b6242d7f612125ea1b0d6fe51c9269e8869e3c3861b0ddb2887cef1e797973fd57cb6079abc76c3f4bf904ca900bbac6423af19f9d9cacf4f21"], 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000100) (async) r3 = eventfd(0x3) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x100000, &(0x7f0000000080), 0x8, r3, 0x2}) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000040)=0xa, 0x4) (async) ioctl$UI_DEV_SETUP(0xffffffffffffffff, 0x405c5503, &(0x7f0000000200)={{0x7, 0x1000, 0x8, 0x3}, 'syz1\x00', 0x16}) 23:51:15 executing program 5: socketpair(0xb, 0x800, 0xfffffff8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000080), 0x4) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x2, 0x4) 23:51:15 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:15 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 13) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:15 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) write$input_event(0xffffffffffffffff, &(0x7f0000000040)={{0x77359400}, 0x1f, 0x5, 0xffff}, 0x18) 23:51:15 executing program 5: socketpair(0xb, 0x800, 0xfffffff8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000080), 0x4) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x2, 0x4) 23:51:15 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:15 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x200080, 0x0) r1 = socket(0xb, 0x80000, 0x7) getsockopt$inet6_dccp_int(r1, 0x21, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRES16=r3, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) [ 1852.481456] FAULT_INJECTION: forcing a failure. [ 1852.481456] name failslab, interval 1, probability 0, space 0, times 0 [ 1852.504467] CPU: 0 PID: 5384 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1852.512278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1852.521736] Call Trace: [ 1852.524324] dump_stack+0x1b2/0x281 23:51:15 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) write$input_event(0xffffffffffffffff, &(0x7f0000000040)={{0x77359400}, 0x1f, 0x5, 0xffff}, 0x18) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) write$input_event(0xffffffffffffffff, &(0x7f0000000040)={{0x77359400}, 0x1f, 0x5, 0xffff}, 0x18) (async) [ 1852.527954] should_fail.cold+0x10a/0x149 [ 1852.532102] should_failslab+0xd6/0x130 [ 1852.536079] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1852.540751] bioset_create+0x53/0x750 [ 1852.544550] ? kmem_cache_alloc_node+0x38b/0x410 [ 1852.549309] blk_alloc_queue_node+0xa8/0xb40 [ 1852.553727] blk_mq_init_queue+0x42/0x90 [ 1852.557784] loop_add+0x303/0x830 [ 1852.561236] ? loop_queue_rq+0x280/0x280 [ 1852.565289] ? loop_queue_work+0x21e0/0x21e0 [ 1852.569695] loop_control_ioctl+0x11a/0x3f0 [ 1852.574010] ? loop_lookup+0x190/0x190 [ 1852.577893] ? SyS_write+0x1b7/0x210 23:51:15 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) write$input_event(0xffffffffffffffff, &(0x7f0000000040)={{0x77359400}, 0x1f, 0x5, 0xffff}, 0x18) [ 1852.581603] ? loop_lookup+0x190/0x190 [ 1852.585488] do_vfs_ioctl+0x75a/0xff0 [ 1852.589294] ? lock_acquire+0x170/0x3f0 [ 1852.593266] ? ioctl_preallocate+0x1a0/0x1a0 [ 1852.597674] ? __fget+0x265/0x3e0 [ 1852.601124] ? do_vfs_ioctl+0xff0/0xff0 [ 1852.605096] ? security_file_ioctl+0x83/0xb0 [ 1852.609504] SyS_ioctl+0x7f/0xb0 [ 1852.612869] ? do_vfs_ioctl+0xff0/0xff0 [ 1852.616841] do_syscall_64+0x1d5/0x640 [ 1852.620743] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1852.625929] RIP: 0033:0x7f57bdb1f209 [ 1852.629634] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1852.637428] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1852.644714] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1852.651967] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1852.659216] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1852.666462] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:16 executing program 3: r0 = eventfd2(0x0, 0x0) eventfd2(0x0, 0x80000) (async) eventfd2(0x9, 0x0) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) r1 = eventfd(0x0) eventfd2(0x4, 0x0) (async) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, 0x0, 0x800, 0x70bd2b, 0x25dfdbfc, {}, [@NLBL_MGMT_A_IPV6MASK={0x14, 0x6, @remote}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0xa}, @NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}, @NLBL_MGMT_A_CLPDOI={0x8, 0xc, 0x3}, @NLBL_MGMT_A_FAMILY={0x6, 0xb, 0x5}, @NLBL_MGMT_A_CLPDOI={0x8}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c050}, 0x20000080) (async) ioctl$UI_END_FF_UPLOAD(0xffffffffffffffff, 0x406855c9, &(0x7f0000000180)={0x10, 0x1, {0x55, 0xfff, 0x64ea, {0xff, 0x8001}, {0x401, 0x8e}, @const={0x4, {0x100, 0x7ff, 0x8, 0x6}}}, {0x52, 0x3, 0x2, {0x7, 0x80}, {0xea50, 0xe9}, @ramp={0xfa6, 0x7f, {0x1000, 0x6, 0x5, 0x5}}}}) write$eventfd(r1, &(0x7f0000000000), 0x8) (async) read$eventfd(r0, &(0x7f0000000000), 0xfda0) 23:51:16 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x80000020, 0x80001) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x0, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:16 executing program 5: socketpair(0xb, 0x800, 0xfffffff8, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000080), 0x4) (async, rerun: 64) setsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x2, 0x4) (rerun: 64) 23:51:16 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 14) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:16 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x200080, 0x0) r1 = socket(0xb, 0x80000, 0x7) getsockopt$inet6_dccp_int(r1, 0x21, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRES16=r3, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x0, 0x25dfdbfd, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1853.359853] FAULT_INJECTION: forcing a failure. [ 1853.359853] name failslab, interval 1, probability 0, space 0, times 0 [ 1853.373363] CPU: 0 PID: 5419 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1853.381172] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1853.390530] Call Trace: [ 1853.393120] dump_stack+0x1b2/0x281 [ 1853.396755] should_fail.cold+0x10a/0x149 [ 1853.400905] should_failslab+0xd6/0x130 [ 1853.404881] kmem_cache_alloc_node_trace+0x25a/0x400 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0xbc, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:tetex_data_t:s0\x00'}]}, 0xbc}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x94, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}, @NLBL_UNLABEL_A_SECCTX={0x28, 0x7, 'system_u:object_r:setrans_exec_t:s0\x00'}]}, 0x94}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1853.409983] ? mempool_free+0x1d0/0x1d0 [ 1853.413957] mempool_create_node+0x76/0x3e0 [ 1853.418280] ? mempool_kmalloc+0x20/0x20 [ 1853.422341] bioset_create+0x31b/0x750 [ 1853.426229] ? kmem_cache_alloc_node+0x38b/0x410 [ 1853.430986] blk_alloc_queue_node+0xa8/0xb40 [ 1853.435396] blk_mq_init_queue+0x42/0x90 [ 1853.439459] loop_add+0x303/0x830 [ 1853.442909] ? loop_queue_rq+0x280/0x280 [ 1853.446967] ? loop_queue_work+0x21e0/0x21e0 [ 1853.451379] loop_control_ioctl+0x11a/0x3f0 [ 1853.455700] ? loop_lookup+0x190/0x190 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x6c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @private1}]}, 0x6c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1853.459584] ? SyS_write+0x1b7/0x210 [ 1853.463293] ? loop_lookup+0x190/0x190 [ 1853.467176] do_vfs_ioctl+0x75a/0xff0 [ 1853.470975] ? lock_acquire+0x170/0x3f0 [ 1853.474944] ? ioctl_preallocate+0x1a0/0x1a0 [ 1853.479353] ? __fget+0x265/0x3e0 [ 1853.482805] ? do_vfs_ioctl+0xff0/0xff0 [ 1853.486799] ? security_file_ioctl+0x83/0xb0 [ 1853.491204] SyS_ioctl+0x7f/0xb0 [ 1853.494565] ? do_vfs_ioctl+0xff0/0xff0 [ 1853.498538] do_syscall_64+0x1d5/0x640 [ 1853.502427] entry_SYSCALL_64_after_hwframe+0x46/0xbb 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x58, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x58}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:16 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1853.507610] RIP: 0033:0x7f57bdb1f209 [ 1853.511312] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1853.519017] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1853.526278] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1853.533539] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1853.540800] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1853.548063] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:17 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 15) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:17 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380016f9f76b879c91611f4dc900971592c90000", @ANYRES16=0x0, @ANYBLOB="000228bd7000fddbdf250500000008000800ac1414aa14000600200100000000000000000000000000000800020007000000"], 0x38}}, 0x40000) bpf$OBJ_GET_PROG(0x7, &(0x7f00000004c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x20}, 0x10) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000140), &(0x7f0000000340), 0xfffffffffffffd82, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) 23:51:17 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:17 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xffffffffffffffd7, 0x53}, &(0x7f0000001140)=ANY=[@ANYBLOB="dcb4019132cfd99691d0d2ce89aac21cd0150b38a9e8219fbb5c193c8c1098806f17a039933603ff010000a58767cb3af8dff3b81ffa43d657d4e80f70d95f2c43eb64d692ac713981be13d9"], &(0x7f0000000140)="5c88e9321cd1abeb36ba559f36549ab7a35b7ac46d670d4fddcf90c9121aa7c5ac3e2db12f05137cec61844549fa5bb05e48d7148beefbed54232126df2cbd99e9baec9309b46312d05daf8116eb11b0742cb1e2e1b8ec5dc117d9576e76056d4ee2f18cce46f06084da793fd3951852f42e70ac375d8e22079f27a1168b5223b303216b33f4dd779b0ffd245c33568f6f26f5bf292b39c19693bb2728103ccd69c2d81a8192b9cea9fe5b112904de7ceeb94956c01c2c2f93683a2052903235ad4f1f85176d323676b8a6ee83ee1dd965827050888aa8747ade4109aae171fb95d1dfbf7676e21e7f7214619a510cca8d948569f0a5c83972890b093f18a265b93ceeee65c3c5201adc528e72053da33cd4d63933fbeb7a24943970691e8b794cace928a33d4d188663098741b6b47db0b19f0467a78d0907477aaa69a14e1faa3747bf8466ae5995629f0bf24868841071be0c95e8f085c33469b0f46cfd4d6b1e8aee05813d011bfa6b58e398fdc5235e08d82f04b89d5efc8d3007c530ad81bfedbcbf9ba2d61edd0d60ebffdfbd09e0db50b5f0d919cadd83d4a8f0de10cb180f12bda8b186a2df8757c75525dc5c5dd12d5d21146ca1ca83641646190bdc4b088a09fbb1a7408518bc135906491bc28370802bbb5a0e68d8809ba5f37ae8f364ec25392ea128dd19befbd2e8299627e4d3e51d1288bba8c37f5c6043a9895abf51dc5a924d0d103f8b6167c79264b9a9dad2c68f9c3cdf0cffb3966cd335b033085992bf525e8ca3a84b891e5114db9a3b13b6f979aba7adda23cc9416d557c8a5b2d3d42ce37d40c00c374a227c63e3b500488d1abb511e9c88a79dc40df9a3dbde41d3273f18d4a0058e23a0a8e5e3f85513d11bd0abc37d738b5da903511037de4380a5ffe242d72b63768ff558d379aabb88f6fa3f03ec8ca999c978f574e5051803aa777a5f9abfbaa0523d7cfaf0cba906739e7c36f6cdcdc373bf4de9a0744e8298471b0956f92e990e394df740e8981db84667262e47657dba4c3c2eb7655ea357690b8c35b3f13563a1ddb28e185efbc535e30542ce379f52ec6e4265669fecbb8617b9ed843adc3262d3b17f6d098a25b64730911b939d74e1833ec14704fc0654e2cd90edd070d256a501bb9202063a319f964d89bc85b322f49a11b1f5d478ecc008472b2f9621ab5bc0b94b7b0c47b6ee8780d8af9d035f6a524879c669a7f60ee090a1c64ad999e332d6d6c9bbf7bc78883dbe90076f4d910e8635a22b577fda33043327080e5ba35577df6b4c87ed7a8dac79798220c73d1858df58151e599a4bf635f42da93a360209cdf59dc6dee02a5406bd070b70c86b007208ab226d09d51a8ecb92e7d1c82619a42cece094d44b111c2adc1acd2709b7dc8a6f3c9654c8122d2723869a288de3a83f776e34eddf34259202007bb0ef7037cae49ea4bc3bcc98f314fbafbe9ba0877a0c8e85097ccf339e46b97d6b5dbb7b1fb0caaace0443eb22ddb83765f4bfec035f0a6e2d636936e14b58c5ba9126f5c1a42f184a5e921f72e61bdb07c8802fc47e9021b04064a86fd8207c6aac9d13ddc91957f579e8e8a04101bd0944240f0862a586030d93270e997f89cdec8b69961c1a845f20d4c7dce11c4be8cd213c2f1cd7ff2cb456d1c83dde662348074ab39830052d3a99e3c39cff83aaf218a06c73d06f7736d49dd2b93ba2de12e04ba11ddcdfb2802fe22a5daff154c0c01343247bcd308748a5ec759538e200045c25d2ebc3d6ac777492b9d273a1a1b37265806a7b994154bbc6f19b7c0e0d92fbabe9eee894879fefc6e4407c76a1ba193e3d821adbb309995c66d349995e0fee0a1253a98f6076fecdac7f0675ab465499d7f732d0fc4ca969dd29f5651c591d905ac916fa63175b6b44ed367749aa84f187d9131d8d2ccabfc5d28a1e6d2e201b8004a8da9dc49f85a13bf32eea1aa69d027f608787957c85142285fccb8c290b0eb6885494fb6498e1ef258a897e8e70d04dba1bada9914c900411e5f97f1711a708970774e08568e9e93a26dd948357fb4e1e8cae134881c7fc69d5f36cde09146adf5008d89ae8ac531ed5b4e9a90798d95568f03ebfea99aa41ffdaf6633f9ba3560135bb70aefad0398d5adf70a9acbf65508225f0f7b2800f8bf9810c8783da04c78f7749e9702bd27e18db879972c8cf13e88e5cf6d25508e77614c3c560aa8ceff541d52b43389c6fb2023cdaeaa728f5a17da0dbe77aa7102c87d0c3d56d4cfae22a73cdf077528248c49895fe8eb6f62f88a95d6bc09e25e78074698f2c964fe9251fdeba749025bef4a82ca9050e24aad062e53e1fa651e965395768ac4e64cb73b7593e4c877abbb78f89167ce4ebbecadcb0f0a6aab7b17f4032a0e99818adcd1c78686b0bd966284395aec8b9d76c1c4f5e886653e6c4f0714c705243987596b38a838506aefa027441ae9b6dece430e6346835210a601e7fc6211d39753db71ba107e4920f20172580169ad00b570683ae8c60f48295a59308d9b2ed9fe966e98df6362b02a49aee7f58f3523a9b2d4a0224130ae55e647ca576517b4f43cbb8baa6c3a9c9a88a57e8402eda13389b2e4ac17c1b9c740e280fc6ad7dd46c150f59ad5b1c48c49eec512d51078d4e9ef165696c865f1444708283e7233e961e4e8e9ee8363fe001beb1eca9074959838186b2040def35adffbb7f53956e9aa99e0f65459451973dff104e9a7d4ab175dd958333b1a4d4d948e9522d7747031935219d261ef3613570c80bb3062544788ce14bf28a78088644c3994aa3569c0ca1f19a7c943d016a8e74ccd1dacb2ef11bc8ac0981d13b240e83f837ef02e848c8c7248dc0aa89ef8f5013dc38e61fce04aba519ca8c8e3728cc89aea244ecdd6f6d97c687d11619fc8e56f83f9bb232e8b089600c1f6e83a302e937435b123616f65643e8bfce086b157fcbba6b8e03b55265e8c283bf0ccaf38b972f10cea849281afa0a757ce4b7d4ce2bfd00fa5d0dc2dabce715cad1266f2b31199705978761903bea9f3a9cdee24b52fb0bccf31521e3a7cfad53a4c61e5b7899fd8b2eaec5bf4e74c0f27288e962a74836eb3b84868a0c55c0d96801d47e9a9560752542cd0dd6b5fa696d6e47780924a6d0ac77a0e13b4c0574d59ffff4a103f04b64564756db18496db1b3eec9a76f4d27fff1e01040ce7ea33ac1f7211a36a63fe64b5a1434833d89caae2500dc22adccc5f9b96ece44712aca212f39acf5e6b33c476c17b1f230b4d2ccca9542860e603b3bf8d3eaad4bc288656de19a91b43166bc6b358f0f0721e3c4529d5724278bf96a7e2c774e49dd4ece8d32b841f723a9a4bd37f7f7e39ae48de08d5ca286165156d6890e7da01a0fed9187bbcbe767e3eab93fd9013404f806bf8bb0b8507e637e6bb4c44f9aab749b214903b6415533c6a23ed685adbbe48d707838ab8c074d368bd299b9787042daebe8ce1a814e97e07cb54cfb9531e1a6551a5fc5b92e268528e3ff668aac399335c93fd9eff22e9b47bac41e3a1588187b2d0732878ba9fbeb5c73cdeb094b63cb4ef66c6c32415f1609f6c50f5726a49266bba34b10929f65e71c1c7bce8dc5d95716d1b40052772426c701e697e08cc2a6a79a922de340d13a5e401d925fa22afbb7f89666153898221a022cd5746728aeb651fc313fbc66bfa54d2e6974b7604b2c3066bc898d590c7053c18e0cec22d7386c9fe2696b9e61c627554ad60183861bc3b1168f30a08e6386beee9d10e094b9179e4389c6577e1a4f94736505252d0e53ba3ab6a7d97eeadb45f1ef5d5aef526fccc021ed3130418cd712a4a7103085029e189e7c465a7be2e2926b4c5067cd86ef507a95e177125abd6feec8bc1feb8535e55f3f1c2d7b86c71be8243370661dbb3a4529a614aeda3f1ebc58c5cfd2ce51e30343f9768a2293aa57bf24bdc07e56cfda8a9502447a4b99637b646ccebc78c9ab27ffda0c5fea88a442bf42c585182d09771df4d23ea2c8d32d92367b469a86cfe6301d9eb587736e77eb97ac6ae7600e8485c0220ce33c1643e6cce978481e4c7562a5a5f0a7429ef7f4e915da556699ac3b25d16a0d2f5d505e4ca25a9cd98e5e51529d0d946dfbc9323858e78e4659163f01ca9f7e92d94a5ca21c1e847fdd1a7a88e5d7baca03750c4711d2a65892dacf6478555972683da6383e20fcfe7962e555dae5490e0a9b8bab1412e32c7441025dacd2b96ba1e8ed6a77ba18760b467d485bfd5eb676ad546cd73c049963cbf4e17c16323cb6096e3727a772ef01e7687d995b9624ab2dd1fe7b5ed59e198f1692300292d58443a8f2d742cdeeaf573fe2fedaac2d40b995c43187eb9e4fd30afe40960b231cda0cff1cb57747c85132e2130d542be04e5a996903d24482ba43a3ea8abed3d739c5e104189d28bf258e7c85316309e1a9a9a2703488dabdb25d7ec221bf3408774f0bbbcadaa8debdd20227b801edbc1ff706e734877f196098b092ba9ff30f25c4ea31ef4ea37ef2395a04f775f2fa01f913f31950c33b43da1fd613412e8264c03877778f30e5ece73fb839e3665e8b15dfa5dd03666917c3ab7c2f3020108e22a66fc629725c14d066e36bc0567c817da68215fea23c63c49797f071c4bc9bdb62c09276ba403c4adfbcc207219a10f9c0a7f36893dd3217a909706e3accbc5d56001976741a5fe991751295fe22d5aa7679c692478390ce523cbc4a9bf5fcd98149676d4bdd6c00868508b2f348504b721cd7f0bc706f66e0bc532b1084a61e2c67bae6d5887c31cdc67e341693fbf686605be878b35527d3f7d1cbc7854615775fe8fe3401bc8c6addaca96477c8ba1491d3f7e41ffbb1a541ca80d41a4e56724c81bb5666497d3765192e0d6afabd7154184f5c2704b25b66e7348c36e0cee28b3c379d399ee980107e56df26774dd613ccde28dd2112b8aac56940b7bdd7b73941b692c5bb6960b8119d2be942c67b8efd0c83899b169b0661fd99a1d92499c50794dcbcb7eba96f52ba7439c8e2ec3566ea09950fa1c2341634705f404837e1a3f2e1f6c288f28f537f78d657687269e345ebb61dbd95632e7e37e70f3f2130913c9e8d01d92a4f9b73c0484968b0bd4d00d017d24e7d9db74468fcb687731a8fc7f1a4d9ecff3c5277d63e55a4998b3d59ff659e0e62d05953b9593beecdc82d4997d0f23726ada3fe0b811b0a47ff4a864e070cbbcd01e9d0c63e84c7d6ca081ac03652ddc5b295f6602375e8bf761fc63e11a9ed68c124ed064730dcc28af2400e81b680388ccaf01535df823e171416f54f961daca1cfb35e57768208a0ed75bce6b0243970abb32560aec3beecc1c1cff25e6bfc1b5804ac51ae2df76adca18b75c2f51a927b54f79b9aec17b315cbd02097d6c2bdb0813dd8fa015a64c497d0f57c4f5afc177c93fb7420ee14e40a5bf9ba6e0421bf738f07f8fdd7389256a2008784a0002385fab864b5c2372e3379015299711ac05f2f5c24ac29433408410d61b10a3fa4d9de79f5772e668323a424bc82f670aa8c44939baca5b202b1735f4e2f84746657768e04b168935b74cc289e4573e2f73ef4075a9c53af6c9564ba079340d5b3dc18168af7e3aebac58b2f9c329918dea67a0741a1507a5cf54eba4377b3e6f63a80023db73c1d726bf363a98977095892755c4b56e127164818b2db01fb584b332b26128b13dc98d295b898556504f17fcd74b6211040a71827197095d1154a666fa60e1f820fb938c890281d5c02", &(0x7f00000011c0)=""/94) r1 = eventfd2(0x80, 0x1) read$eventfd(r1, &(0x7f0000000040), 0x8) 23:51:17 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x200080, 0x0) r1 = socket(0xb, 0x80000, 0x7) getsockopt$inet6_dccp_int(r1, 0x21, 0x1d, &(0x7f0000000040), &(0x7f0000000080)=0x4) (async) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYRES16=r0, @ANYRES16=r3, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) (async, rerun: 32) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (rerun: 32) 23:51:17 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x80000020, 0x80001) read$eventfd(r0, &(0x7f0000000000), 0x8) eventfd2(0x0, 0x0) (async) eventfd2(0x80000020, 0x80001) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) 23:51:17 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380016f9f76b879c91611f4dc900971592c90000", @ANYRES16=0x0, @ANYBLOB="000228bd7000fddbdf250500000008000800ac1414aa14000600200100000000000000000000000000000800020007000000"], 0x38}}, 0x40000) bpf$OBJ_GET_PROG(0x7, &(0x7f00000004c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x20}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000140), &(0x7f0000000340), 0xfffffffffffffd82, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) 23:51:17 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xffffffffffffffd7, 0x53}, &(0x7f0000001140)=ANY=[@ANYBLOB="dcb4019132cfd99691d0d2ce89aac21cd0150b38a9e8219fbb5c193c8c1098806f17a039933603ff010000a58767cb3af8dff3b81ffa43d657d4e80f70d95f2c43eb64d692ac713981be13d9"], &(0x7f0000000140)="5c88e9321cd1abeb36ba559f36549ab7a35b7ac46d670d4fddcf90c9121aa7c5ac3e2db12f05137cec61844549fa5bb05e48d7148beefbed54232126df2cbd99e9baec9309b46312d05daf8116eb11b0742cb1e2e1b8ec5dc117d9576e76056d4ee2f18cce46f06084da793fd3951852f42e70ac375d8e22079f27a1168b5223b303216b33f4dd779b0ffd245c33568f6f26f5bf292b39c19693bb2728103ccd69c2d81a8192b9cea9fe5b112904de7ceeb94956c01c2c2f93683a2052903235ad4f1f85176d323676b8a6ee83ee1dd965827050888aa8747ade4109aae171fb95d1dfbf7676e21e7f7214619a510cca8d948569f0a5c83972890b093f18a265b93ceeee65c3c5201adc528e72053da33cd4d63933fbeb7a24943970691e8b794cace928a33d4d188663098741b6b47db0b19f0467a78d0907477aaa69a14e1faa3747bf8466ae5995629f0bf24868841071be0c95e8f085c33469b0f46cfd4d6b1e8aee05813d011bfa6b58e398fdc5235e08d82f04b89d5efc8d3007c530ad81bfedbcbf9ba2d61edd0d60ebffdfbd09e0db50b5f0d919cadd83d4a8f0de10cb180f12bda8b186a2df8757c75525dc5c5dd12d5d21146ca1ca83641646190bdc4b088a09fbb1a7408518bc135906491bc28370802bbb5a0e68d8809ba5f37ae8f364ec25392ea128dd19befbd2e8299627e4d3e51d1288bba8c37f5c6043a9895abf51dc5a924d0d103f8b6167c79264b9a9dad2c68f9c3cdf0cffb3966cd335b033085992bf525e8ca3a84b891e5114db9a3b13b6f979aba7adda23cc9416d557c8a5b2d3d42ce37d40c00c374a227c63e3b500488d1abb511e9c88a79dc40df9a3dbde41d3273f18d4a0058e23a0a8e5e3f85513d11bd0abc37d738b5da903511037de4380a5ffe242d72b63768ff558d379aabb88f6fa3f03ec8ca999c978f574e5051803aa777a5f9abfbaa0523d7cfaf0cba906739e7c36f6cdcdc373bf4de9a0744e8298471b0956f92e990e394df740e8981db84667262e47657dba4c3c2eb7655ea357690b8c35b3f13563a1ddb28e185efbc535e30542ce379f52ec6e4265669fecbb8617b9ed843adc3262d3b17f6d098a25b64730911b939d74e1833ec14704fc0654e2cd90edd070d256a501bb9202063a319f964d89bc85b322f49a11b1f5d478ecc008472b2f9621ab5bc0b94b7b0c47b6ee8780d8af9d035f6a524879c669a7f60ee090a1c64ad999e332d6d6c9bbf7bc78883dbe90076f4d910e8635a22b577fda33043327080e5ba35577df6b4c87ed7a8dac79798220c73d1858df58151e599a4bf635f42da93a360209cdf59dc6dee02a5406bd070b70c86b007208ab226d09d51a8ecb92e7d1c82619a42cece094d44b111c2adc1acd2709b7dc8a6f3c9654c8122d2723869a288de3a83f776e34eddf34259202007bb0ef7037cae49ea4bc3bcc98f314fbafbe9ba0877a0c8e85097ccf339e46b97d6b5dbb7b1fb0caaace0443eb22ddb83765f4bfec035f0a6e2d636936e14b58c5ba9126f5c1a42f184a5e921f72e61bdb07c8802fc47e9021b04064a86fd8207c6aac9d13ddc91957f579e8e8a04101bd0944240f0862a586030d93270e997f89cdec8b69961c1a845f20d4c7dce11c4be8cd213c2f1cd7ff2cb456d1c83dde662348074ab39830052d3a99e3c39cff83aaf218a06c73d06f7736d49dd2b93ba2de12e04ba11ddcdfb2802fe22a5daff154c0c01343247bcd308748a5ec759538e200045c25d2ebc3d6ac777492b9d273a1a1b37265806a7b994154bbc6f19b7c0e0d92fbabe9eee894879fefc6e4407c76a1ba193e3d821adbb309995c66d349995e0fee0a1253a98f6076fecdac7f0675ab465499d7f732d0fc4ca969dd29f5651c591d905ac916fa63175b6b44ed367749aa84f187d9131d8d2ccabfc5d28a1e6d2e201b8004a8da9dc49f85a13bf32eea1aa69d027f608787957c85142285fccb8c290b0eb6885494fb6498e1ef258a897e8e70d04dba1bada9914c900411e5f97f1711a708970774e08568e9e93a26dd948357fb4e1e8cae134881c7fc69d5f36cde09146adf5008d89ae8ac531ed5b4e9a90798d95568f03ebfea99aa41ffdaf6633f9ba3560135bb70aefad0398d5adf70a9acbf65508225f0f7b2800f8bf9810c8783da04c78f7749e9702bd27e18db879972c8cf13e88e5cf6d25508e77614c3c560aa8ceff541d52b43389c6fb2023cdaeaa728f5a17da0dbe77aa7102c87d0c3d56d4cfae22a73cdf077528248c49895fe8eb6f62f88a95d6bc09e25e78074698f2c964fe9251fdeba749025bef4a82ca9050e24aad062e53e1fa651e965395768ac4e64cb73b7593e4c877abbb78f89167ce4ebbecadcb0f0a6aab7b17f4032a0e99818adcd1c78686b0bd966284395aec8b9d76c1c4f5e886653e6c4f0714c705243987596b38a838506aefa027441ae9b6dece430e6346835210a601e7fc6211d39753db71ba107e4920f20172580169ad00b570683ae8c60f48295a59308d9b2ed9fe966e98df6362b02a49aee7f58f3523a9b2d4a0224130ae55e647ca576517b4f43cbb8baa6c3a9c9a88a57e8402eda13389b2e4ac17c1b9c740e280fc6ad7dd46c150f59ad5b1c48c49eec512d51078d4e9ef165696c865f1444708283e7233e961e4e8e9ee8363fe001beb1eca9074959838186b2040def35adffbb7f53956e9aa99e0f65459451973dff104e9a7d4ab175dd958333b1a4d4d948e9522d7747031935219d261ef3613570c80bb3062544788ce14bf28a78088644c3994aa3569c0ca1f19a7c943d016a8e74ccd1dacb2ef11bc8ac0981d13b240e83f837ef02e848c8c7248dc0aa89ef8f5013dc38e61fce04aba519ca8c8e3728cc89aea244ecdd6f6d97c687d11619fc8e56f83f9bb232e8b089600c1f6e83a302e937435b123616f65643e8bfce086b157fcbba6b8e03b55265e8c283bf0ccaf38b972f10cea849281afa0a757ce4b7d4ce2bfd00fa5d0dc2dabce715cad1266f2b31199705978761903bea9f3a9cdee24b52fb0bccf31521e3a7cfad53a4c61e5b7899fd8b2eaec5bf4e74c0f27288e962a74836eb3b84868a0c55c0d96801d47e9a9560752542cd0dd6b5fa696d6e47780924a6d0ac77a0e13b4c0574d59ffff4a103f04b64564756db18496db1b3eec9a76f4d27fff1e01040ce7ea33ac1f7211a36a63fe64b5a1434833d89caae2500dc22adccc5f9b96ece44712aca212f39acf5e6b33c476c17b1f230b4d2ccca9542860e603b3bf8d3eaad4bc288656de19a91b43166bc6b358f0f0721e3c4529d5724278bf96a7e2c774e49dd4ece8d32b841f723a9a4bd37f7f7e39ae48de08d5ca286165156d6890e7da01a0fed9187bbcbe767e3eab93fd9013404f806bf8bb0b8507e637e6bb4c44f9aab749b214903b6415533c6a23ed685adbbe48d707838ab8c074d368bd299b9787042daebe8ce1a814e97e07cb54cfb9531e1a6551a5fc5b92e268528e3ff668aac399335c93fd9eff22e9b47bac41e3a1588187b2d0732878ba9fbeb5c73cdeb094b63cb4ef66c6c32415f1609f6c50f5726a49266bba34b10929f65e71c1c7bce8dc5d95716d1b40052772426c701e697e08cc2a6a79a922de340d13a5e401d925fa22afbb7f89666153898221a022cd5746728aeb651fc313fbc66bfa54d2e6974b7604b2c3066bc898d590c7053c18e0cec22d7386c9fe2696b9e61c627554ad60183861bc3b1168f30a08e6386beee9d10e094b9179e4389c6577e1a4f94736505252d0e53ba3ab6a7d97eeadb45f1ef5d5aef526fccc021ed3130418cd712a4a7103085029e189e7c465a7be2e2926b4c5067cd86ef507a95e177125abd6feec8bc1feb8535e55f3f1c2d7b86c71be8243370661dbb3a4529a614aeda3f1ebc58c5cfd2ce51e30343f9768a2293aa57bf24bdc07e56cfda8a9502447a4b99637b646ccebc78c9ab27ffda0c5fea88a442bf42c585182d09771df4d23ea2c8d32d92367b469a86cfe6301d9eb587736e77eb97ac6ae7600e8485c0220ce33c1643e6cce978481e4c7562a5a5f0a7429ef7f4e915da556699ac3b25d16a0d2f5d505e4ca25a9cd98e5e51529d0d946dfbc9323858e78e4659163f01ca9f7e92d94a5ca21c1e847fdd1a7a88e5d7baca03750c4711d2a65892dacf6478555972683da6383e20fcfe7962e555dae5490e0a9b8bab1412e32c7441025dacd2b96ba1e8ed6a77ba18760b467d485bfd5eb676ad546cd73c049963cbf4e17c16323cb6096e3727a772ef01e7687d995b9624ab2dd1fe7b5ed59e198f1692300292d58443a8f2d742cdeeaf573fe2fedaac2d40b995c43187eb9e4fd30afe40960b231cda0cff1cb57747c85132e2130d542be04e5a996903d24482ba43a3ea8abed3d739c5e104189d28bf258e7c85316309e1a9a9a2703488dabdb25d7ec221bf3408774f0bbbcadaa8debdd20227b801edbc1ff706e734877f196098b092ba9ff30f25c4ea31ef4ea37ef2395a04f775f2fa01f913f31950c33b43da1fd613412e8264c03877778f30e5ece73fb839e3665e8b15dfa5dd03666917c3ab7c2f3020108e22a66fc629725c14d066e36bc0567c817da68215fea23c63c49797f071c4bc9bdb62c09276ba403c4adfbcc207219a10f9c0a7f36893dd3217a909706e3accbc5d56001976741a5fe991751295fe22d5aa7679c692478390ce523cbc4a9bf5fcd98149676d4bdd6c00868508b2f348504b721cd7f0bc706f66e0bc532b1084a61e2c67bae6d5887c31cdc67e341693fbf686605be878b35527d3f7d1cbc7854615775fe8fe3401bc8c6addaca96477c8ba1491d3f7e41ffbb1a541ca80d41a4e56724c81bb5666497d3765192e0d6afabd7154184f5c2704b25b66e7348c36e0cee28b3c379d399ee980107e56df26774dd613ccde28dd2112b8aac56940b7bdd7b73941b692c5bb6960b8119d2be942c67b8efd0c83899b169b0661fd99a1d92499c50794dcbcb7eba96f52ba7439c8e2ec3566ea09950fa1c2341634705f404837e1a3f2e1f6c288f28f537f78d657687269e345ebb61dbd95632e7e37e70f3f2130913c9e8d01d92a4f9b73c0484968b0bd4d00d017d24e7d9db74468fcb687731a8fc7f1a4d9ecff3c5277d63e55a4998b3d59ff659e0e62d05953b9593beecdc82d4997d0f23726ada3fe0b811b0a47ff4a864e070cbbcd01e9d0c63e84c7d6ca081ac03652ddc5b295f6602375e8bf761fc63e11a9ed68c124ed064730dcc28af2400e81b680388ccaf01535df823e171416f54f961daca1cfb35e57768208a0ed75bce6b0243970abb32560aec3beecc1c1cff25e6bfc1b5804ac51ae2df76adca18b75c2f51a927b54f79b9aec17b315cbd02097d6c2bdb0813dd8fa015a64c497d0f57c4f5afc177c93fb7420ee14e40a5bf9ba6e0421bf738f07f8fdd7389256a2008784a0002385fab864b5c2372e3379015299711ac05f2f5c24ac29433408410d61b10a3fa4d9de79f5772e668323a424bc82f670aa8c44939baca5b202b1735f4e2f84746657768e04b168935b74cc289e4573e2f73ef4075a9c53af6c9564ba079340d5b3dc18168af7e3aebac58b2f9c329918dea67a0741a1507a5cf54eba4377b3e6f63a80023db73c1d726bf363a98977095892755c4b56e127164818b2db01fb584b332b26128b13dc98d295b898556504f17fcd74b6211040a71827197095d1154a666fa60e1f820fb938c890281d5c02", &(0x7f00000011c0)=""/94) (async) r1 = eventfd2(0x80, 0x1) read$eventfd(r1, &(0x7f0000000040), 0x8) 23:51:17 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1854.316685] FAULT_INJECTION: forcing a failure. [ 1854.316685] name failslab, interval 1, probability 0, space 0, times 0 [ 1854.342833] CPU: 1 PID: 5460 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1854.350645] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1854.359992] Call Trace: [ 1854.362580] dump_stack+0x1b2/0x281 23:51:17 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000003c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="380016f9f76b879c91611f4dc900971592c90000", @ANYRES16=0x0, @ANYBLOB="000228bd7000fddbdf250500000008000800ac1414aa14000600200100000000000000000000000000000800020007000000"], 0x38}}, 0x40000) bpf$OBJ_GET_PROG(0x7, &(0x7f00000004c0)={&(0x7f0000000380)='./file0\x00', 0x0, 0x20}, 0x10) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000300)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x9, 0x1, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0], 0x0, 0x8, &(0x7f0000000100)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000140), &(0x7f0000000340), 0xfffffffffffffd82, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) 23:51:17 executing program 5: setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x76, 0x400, @vifc_lcl_addr=@broadcast, @empty}, 0x10) [ 1854.366210] should_fail.cold+0x10a/0x149 [ 1854.370364] should_failslab+0xd6/0x130 [ 1854.374341] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1854.379445] ? mempool_free+0x1d0/0x1d0 [ 1854.383445] __kmalloc_node+0x38/0x70 [ 1854.387248] mempool_create_node+0xb1/0x3e0 [ 1854.391566] ? mempool_kmalloc+0x20/0x20 [ 1854.395629] bioset_create+0x31b/0x750 [ 1854.399524] ? kmem_cache_alloc_node+0x38b/0x410 [ 1854.404276] blk_alloc_queue_node+0xa8/0xb40 [ 1854.408685] blk_mq_init_queue+0x42/0x90 [ 1854.412743] loop_add+0x303/0x830 23:51:17 executing program 5: setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x76, 0x400, @vifc_lcl_addr=@broadcast, @empty}, 0x10) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x76, 0x400, @vifc_lcl_addr=@broadcast, @empty}, 0x10) (async) [ 1854.416194] ? loop_queue_rq+0x280/0x280 [ 1854.420250] ? loop_queue_work+0x21e0/0x21e0 [ 1854.424658] loop_control_ioctl+0x11a/0x3f0 [ 1854.428976] ? loop_lookup+0x190/0x190 [ 1854.432866] ? SyS_write+0x1b7/0x210 [ 1854.436575] ? loop_lookup+0x190/0x190 [ 1854.440462] do_vfs_ioctl+0x75a/0xff0 [ 1854.444260] ? lock_acquire+0x170/0x3f0 [ 1854.448231] ? ioctl_preallocate+0x1a0/0x1a0 [ 1854.452637] ? __fget+0x265/0x3e0 [ 1854.456089] ? do_vfs_ioctl+0xff0/0xff0 [ 1854.460061] ? security_file_ioctl+0x83/0xb0 [ 1854.464561] SyS_ioctl+0x7f/0xb0 [ 1854.467924] ? do_vfs_ioctl+0xff0/0xff0 [ 1854.471906] do_syscall_64+0x1d5/0x640 [ 1854.475794] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1854.480977] RIP: 0033:0x7f57bdb1f209 [ 1854.484678] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.492382] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1854.499643] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1854.506894] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:17 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 16) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:17 executing program 5: setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x76, 0x400, @vifc_lcl_addr=@broadcast, @empty}, 0x10) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x0, 0x76, 0x400, @vifc_lcl_addr=@broadcast, @empty}, 0x10) (async) 23:51:17 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:17 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) keyctl$KEYCTL_PKEY_SIGN(0x1b, &(0x7f0000000000)={0x0, 0xffffffffffffffd7, 0x53}, &(0x7f0000001140)=ANY=[@ANYBLOB="dcb4019132cfd99691d0d2ce89aac21cd0150b38a9e8219fbb5c193c8c1098806f17a039933603ff010000a58767cb3af8dff3b81ffa43d657d4e80f70d95f2c43eb64d692ac713981be13d9"], &(0x7f0000000140)="5c88e9321cd1abeb36ba559f36549ab7a35b7ac46d670d4fddcf90c9121aa7c5ac3e2db12f05137cec61844549fa5bb05e48d7148beefbed54232126df2cbd99e9baec9309b46312d05daf8116eb11b0742cb1e2e1b8ec5dc117d9576e76056d4ee2f18cce46f06084da793fd3951852f42e70ac375d8e22079f27a1168b5223b303216b33f4dd779b0ffd245c33568f6f26f5bf292b39c19693bb2728103ccd69c2d81a8192b9cea9fe5b112904de7ceeb94956c01c2c2f93683a2052903235ad4f1f85176d323676b8a6ee83ee1dd965827050888aa8747ade4109aae171fb95d1dfbf7676e21e7f7214619a510cca8d948569f0a5c83972890b093f18a265b93ceeee65c3c5201adc528e72053da33cd4d63933fbeb7a24943970691e8b794cace928a33d4d188663098741b6b47db0b19f0467a78d0907477aaa69a14e1faa3747bf8466ae5995629f0bf24868841071be0c95e8f085c33469b0f46cfd4d6b1e8aee05813d011bfa6b58e398fdc5235e08d82f04b89d5efc8d3007c530ad81bfedbcbf9ba2d61edd0d60ebffdfbd09e0db50b5f0d919cadd83d4a8f0de10cb180f12bda8b186a2df8757c75525dc5c5dd12d5d21146ca1ca83641646190bdc4b088a09fbb1a7408518bc135906491bc28370802bbb5a0e68d8809ba5f37ae8f364ec25392ea128dd19befbd2e8299627e4d3e51d1288bba8c37f5c6043a9895abf51dc5a924d0d103f8b6167c79264b9a9dad2c68f9c3cdf0cffb3966cd335b033085992bf525e8ca3a84b891e5114db9a3b13b6f979aba7adda23cc9416d557c8a5b2d3d42ce37d40c00c374a227c63e3b500488d1abb511e9c88a79dc40df9a3dbde41d3273f18d4a0058e23a0a8e5e3f85513d11bd0abc37d738b5da903511037de4380a5ffe242d72b63768ff558d379aabb88f6fa3f03ec8ca999c978f574e5051803aa777a5f9abfbaa0523d7cfaf0cba906739e7c36f6cdcdc373bf4de9a0744e8298471b0956f92e990e394df740e8981db84667262e47657dba4c3c2eb7655ea357690b8c35b3f13563a1ddb28e185efbc535e30542ce379f52ec6e4265669fecbb8617b9ed843adc3262d3b17f6d098a25b64730911b939d74e1833ec14704fc0654e2cd90edd070d256a501bb9202063a319f964d89bc85b322f49a11b1f5d478ecc008472b2f9621ab5bc0b94b7b0c47b6ee8780d8af9d035f6a524879c669a7f60ee090a1c64ad999e332d6d6c9bbf7bc78883dbe90076f4d910e8635a22b577fda33043327080e5ba35577df6b4c87ed7a8dac79798220c73d1858df58151e599a4bf635f42da93a360209cdf59dc6dee02a5406bd070b70c86b007208ab226d09d51a8ecb92e7d1c82619a42cece094d44b111c2adc1acd2709b7dc8a6f3c9654c8122d2723869a288de3a83f776e34eddf34259202007bb0ef7037cae49ea4bc3bcc98f314fbafbe9ba0877a0c8e85097ccf339e46b97d6b5dbb7b1fb0caaace0443eb22ddb83765f4bfec035f0a6e2d636936e14b58c5ba9126f5c1a42f184a5e921f72e61bdb07c8802fc47e9021b04064a86fd8207c6aac9d13ddc91957f579e8e8a04101bd0944240f0862a586030d93270e997f89cdec8b69961c1a845f20d4c7dce11c4be8cd213c2f1cd7ff2cb456d1c83dde662348074ab39830052d3a99e3c39cff83aaf218a06c73d06f7736d49dd2b93ba2de12e04ba11ddcdfb2802fe22a5daff154c0c01343247bcd308748a5ec759538e200045c25d2ebc3d6ac777492b9d273a1a1b37265806a7b994154bbc6f19b7c0e0d92fbabe9eee894879fefc6e4407c76a1ba193e3d821adbb309995c66d349995e0fee0a1253a98f6076fecdac7f0675ab465499d7f732d0fc4ca969dd29f5651c591d905ac916fa63175b6b44ed367749aa84f187d9131d8d2ccabfc5d28a1e6d2e201b8004a8da9dc49f85a13bf32eea1aa69d027f608787957c85142285fccb8c290b0eb6885494fb6498e1ef258a897e8e70d04dba1bada9914c900411e5f97f1711a708970774e08568e9e93a26dd948357fb4e1e8cae134881c7fc69d5f36cde09146adf5008d89ae8ac531ed5b4e9a90798d95568f03ebfea99aa41ffdaf6633f9ba3560135bb70aefad0398d5adf70a9acbf65508225f0f7b2800f8bf9810c8783da04c78f7749e9702bd27e18db879972c8cf13e88e5cf6d25508e77614c3c560aa8ceff541d52b43389c6fb2023cdaeaa728f5a17da0dbe77aa7102c87d0c3d56d4cfae22a73cdf077528248c49895fe8eb6f62f88a95d6bc09e25e78074698f2c964fe9251fdeba749025bef4a82ca9050e24aad062e53e1fa651e965395768ac4e64cb73b7593e4c877abbb78f89167ce4ebbecadcb0f0a6aab7b17f4032a0e99818adcd1c78686b0bd966284395aec8b9d76c1c4f5e886653e6c4f0714c705243987596b38a838506aefa027441ae9b6dece430e6346835210a601e7fc6211d39753db71ba107e4920f20172580169ad00b570683ae8c60f48295a59308d9b2ed9fe966e98df6362b02a49aee7f58f3523a9b2d4a0224130ae55e647ca576517b4f43cbb8baa6c3a9c9a88a57e8402eda13389b2e4ac17c1b9c740e280fc6ad7dd46c150f59ad5b1c48c49eec512d51078d4e9ef165696c865f1444708283e7233e961e4e8e9ee8363fe001beb1eca9074959838186b2040def35adffbb7f53956e9aa99e0f65459451973dff104e9a7d4ab175dd958333b1a4d4d948e9522d7747031935219d261ef3613570c80bb3062544788ce14bf28a78088644c3994aa3569c0ca1f19a7c943d016a8e74ccd1dacb2ef11bc8ac0981d13b240e83f837ef02e848c8c7248dc0aa89ef8f5013dc38e61fce04aba519ca8c8e3728cc89aea244ecdd6f6d97c687d11619fc8e56f83f9bb232e8b089600c1f6e83a302e937435b123616f65643e8bfce086b157fcbba6b8e03b55265e8c283bf0ccaf38b972f10cea849281afa0a757ce4b7d4ce2bfd00fa5d0dc2dabce715cad1266f2b31199705978761903bea9f3a9cdee24b52fb0bccf31521e3a7cfad53a4c61e5b7899fd8b2eaec5bf4e74c0f27288e962a74836eb3b84868a0c55c0d96801d47e9a9560752542cd0dd6b5fa696d6e47780924a6d0ac77a0e13b4c0574d59ffff4a103f04b64564756db18496db1b3eec9a76f4d27fff1e01040ce7ea33ac1f7211a36a63fe64b5a1434833d89caae2500dc22adccc5f9b96ece44712aca212f39acf5e6b33c476c17b1f230b4d2ccca9542860e603b3bf8d3eaad4bc288656de19a91b43166bc6b358f0f0721e3c4529d5724278bf96a7e2c774e49dd4ece8d32b841f723a9a4bd37f7f7e39ae48de08d5ca286165156d6890e7da01a0fed9187bbcbe767e3eab93fd9013404f806bf8bb0b8507e637e6bb4c44f9aab749b214903b6415533c6a23ed685adbbe48d707838ab8c074d368bd299b9787042daebe8ce1a814e97e07cb54cfb9531e1a6551a5fc5b92e268528e3ff668aac399335c93fd9eff22e9b47bac41e3a1588187b2d0732878ba9fbeb5c73cdeb094b63cb4ef66c6c32415f1609f6c50f5726a49266bba34b10929f65e71c1c7bce8dc5d95716d1b40052772426c701e697e08cc2a6a79a922de340d13a5e401d925fa22afbb7f89666153898221a022cd5746728aeb651fc313fbc66bfa54d2e6974b7604b2c3066bc898d590c7053c18e0cec22d7386c9fe2696b9e61c627554ad60183861bc3b1168f30a08e6386beee9d10e094b9179e4389c6577e1a4f94736505252d0e53ba3ab6a7d97eeadb45f1ef5d5aef526fccc021ed3130418cd712a4a7103085029e189e7c465a7be2e2926b4c5067cd86ef507a95e177125abd6feec8bc1feb8535e55f3f1c2d7b86c71be8243370661dbb3a4529a614aeda3f1ebc58c5cfd2ce51e30343f9768a2293aa57bf24bdc07e56cfda8a9502447a4b99637b646ccebc78c9ab27ffda0c5fea88a442bf42c585182d09771df4d23ea2c8d32d92367b469a86cfe6301d9eb587736e77eb97ac6ae7600e8485c0220ce33c1643e6cce978481e4c7562a5a5f0a7429ef7f4e915da556699ac3b25d16a0d2f5d505e4ca25a9cd98e5e51529d0d946dfbc9323858e78e4659163f01ca9f7e92d94a5ca21c1e847fdd1a7a88e5d7baca03750c4711d2a65892dacf6478555972683da6383e20fcfe7962e555dae5490e0a9b8bab1412e32c7441025dacd2b96ba1e8ed6a77ba18760b467d485bfd5eb676ad546cd73c049963cbf4e17c16323cb6096e3727a772ef01e7687d995b9624ab2dd1fe7b5ed59e198f1692300292d58443a8f2d742cdeeaf573fe2fedaac2d40b995c43187eb9e4fd30afe40960b231cda0cff1cb57747c85132e2130d542be04e5a996903d24482ba43a3ea8abed3d739c5e104189d28bf258e7c85316309e1a9a9a2703488dabdb25d7ec221bf3408774f0bbbcadaa8debdd20227b801edbc1ff706e734877f196098b092ba9ff30f25c4ea31ef4ea37ef2395a04f775f2fa01f913f31950c33b43da1fd613412e8264c03877778f30e5ece73fb839e3665e8b15dfa5dd03666917c3ab7c2f3020108e22a66fc629725c14d066e36bc0567c817da68215fea23c63c49797f071c4bc9bdb62c09276ba403c4adfbcc207219a10f9c0a7f36893dd3217a909706e3accbc5d56001976741a5fe991751295fe22d5aa7679c692478390ce523cbc4a9bf5fcd98149676d4bdd6c00868508b2f348504b721cd7f0bc706f66e0bc532b1084a61e2c67bae6d5887c31cdc67e341693fbf686605be878b35527d3f7d1cbc7854615775fe8fe3401bc8c6addaca96477c8ba1491d3f7e41ffbb1a541ca80d41a4e56724c81bb5666497d3765192e0d6afabd7154184f5c2704b25b66e7348c36e0cee28b3c379d399ee980107e56df26774dd613ccde28dd2112b8aac56940b7bdd7b73941b692c5bb6960b8119d2be942c67b8efd0c83899b169b0661fd99a1d92499c50794dcbcb7eba96f52ba7439c8e2ec3566ea09950fa1c2341634705f404837e1a3f2e1f6c288f28f537f78d657687269e345ebb61dbd95632e7e37e70f3f2130913c9e8d01d92a4f9b73c0484968b0bd4d00d017d24e7d9db74468fcb687731a8fc7f1a4d9ecff3c5277d63e55a4998b3d59ff659e0e62d05953b9593beecdc82d4997d0f23726ada3fe0b811b0a47ff4a864e070cbbcd01e9d0c63e84c7d6ca081ac03652ddc5b295f6602375e8bf761fc63e11a9ed68c124ed064730dcc28af2400e81b680388ccaf01535df823e171416f54f961daca1cfb35e57768208a0ed75bce6b0243970abb32560aec3beecc1c1cff25e6bfc1b5804ac51ae2df76adca18b75c2f51a927b54f79b9aec17b315cbd02097d6c2bdb0813dd8fa015a64c497d0f57c4f5afc177c93fb7420ee14e40a5bf9ba6e0421bf738f07f8fdd7389256a2008784a0002385fab864b5c2372e3379015299711ac05f2f5c24ac29433408410d61b10a3fa4d9de79f5772e668323a424bc82f670aa8c44939baca5b202b1735f4e2f84746657768e04b168935b74cc289e4573e2f73ef4075a9c53af6c9564ba079340d5b3dc18168af7e3aebac58b2f9c329918dea67a0741a1507a5cf54eba4377b3e6f63a80023db73c1d726bf363a98977095892755c4b56e127164818b2db01fb584b332b26128b13dc98d295b898556504f17fcd74b6211040a71827197095d1154a666fa60e1f820fb938c890281d5c02", &(0x7f00000011c0)=""/94) (async, rerun: 64) r1 = eventfd2(0x80, 0x1) (rerun: 64) read$eventfd(r1, &(0x7f0000000040), 0x8) [ 1854.514156] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.521432] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:17 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x73f8c0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) [ 1854.646151] FAULT_INJECTION: forcing a failure. [ 1854.646151] name failslab, interval 1, probability 0, space 0, times 0 [ 1854.657861] CPU: 0 PID: 5499 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1854.665656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1854.675101] Call Trace: [ 1854.677692] dump_stack+0x1b2/0x281 [ 1854.681328] should_fail.cold+0x10a/0x149 [ 1854.685466] should_failslab+0xd6/0x130 [ 1854.689437] kmem_cache_alloc+0x28e/0x3c0 [ 1854.693574] ? mempool_free+0x1d0/0x1d0 [ 1854.697532] mempool_create_node+0x2d2/0x3e0 [ 1854.701933] bioset_create+0x31b/0x750 [ 1854.705803] ? kmem_cache_alloc_node+0x38b/0x410 [ 1854.710558] blk_alloc_queue_node+0xa8/0xb40 [ 1854.714970] blk_mq_init_queue+0x42/0x90 [ 1854.719038] loop_add+0x303/0x830 [ 1854.722479] ? loop_queue_rq+0x280/0x280 [ 1854.726527] ? loop_queue_work+0x21e0/0x21e0 [ 1854.730923] loop_control_ioctl+0x11a/0x3f0 [ 1854.735227] ? loop_lookup+0x190/0x190 [ 1854.739185] ? SyS_write+0x1b7/0x210 [ 1854.742885] ? loop_lookup+0x190/0x190 [ 1854.746763] do_vfs_ioctl+0x75a/0xff0 [ 1854.750557] ? lock_acquire+0x170/0x3f0 [ 1854.754517] ? ioctl_preallocate+0x1a0/0x1a0 [ 1854.758913] ? __fget+0x265/0x3e0 [ 1854.762366] ? do_vfs_ioctl+0xff0/0xff0 [ 1854.766322] ? security_file_ioctl+0x83/0xb0 [ 1854.770711] SyS_ioctl+0x7f/0xb0 [ 1854.774057] ? do_vfs_ioctl+0xff0/0xff0 [ 1854.778015] do_syscall_64+0x1d5/0x640 [ 1854.781885] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1854.787057] RIP: 0033:0x7f57bdb1f209 [ 1854.790761] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1854.798517] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1854.805774] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1854.814262] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1854.821512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1854.828762] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:18 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0x80000020, 0x80001) (async) read$eventfd(r0, &(0x7f0000000000), 0x8) 23:51:18 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x2}, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x2) 23:51:18 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x73f8c0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x73f8c0, 0x0) (async) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x2) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) (async) 23:51:18 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000000)={@private=0xa010102, @private=0xa010100, 0x0, "5c37b9514c9ebe250e16c50cc62890a2ea948fb348ff23d0656ac5c28275dc8e", 0x7, 0x1, 0x5, 0x1}, 0x3c) 23:51:18 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:18 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 17) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:18 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x2}, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x2) 23:51:18 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000000)={@private=0xa010102, @private=0xa010100, 0x0, "5c37b9514c9ebe250e16c50cc62890a2ea948fb348ff23d0656ac5c28275dc8e", 0x7, 0x1, 0x5, 0x1}, 0x3c) 23:51:18 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:18 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x73f8c0, 0x0) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x2) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x73f8c0, 0x0) (async) getsockopt$bt_BT_SNDMTU(0xffffffffffffffff, 0x112, 0xc, &(0x7f0000000040)=0x7f, &(0x7f0000000080)=0x2) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) (async) [ 1855.214324] FAULT_INJECTION: forcing a failure. [ 1855.214324] name failslab, interval 1, probability 0, space 0, times 0 [ 1855.242902] CPU: 0 PID: 5516 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1855.250720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1855.260071] Call Trace: 23:51:18 executing program 5: socket$inet6_icmp_raw(0xa, 0x3, 0x3a) (async) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f0000000000)={0x2}, 0x4) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_SET_SNDBIT(r1, 0x4004556a, 0x2) [ 1855.262685] dump_stack+0x1b2/0x281 [ 1855.266312] should_fail.cold+0x10a/0x149 [ 1855.270472] should_failslab+0xd6/0x130 [ 1855.274446] kmem_cache_alloc+0x28e/0x3c0 [ 1855.278591] ? mempool_free+0x1d0/0x1d0 [ 1855.282567] mempool_create_node+0x2d2/0x3e0 [ 1855.286978] bioset_create+0x31b/0x750 [ 1855.290869] ? kmem_cache_alloc_node+0x38b/0x410 [ 1855.295626] blk_alloc_queue_node+0xa8/0xb40 [ 1855.300066] blk_mq_init_queue+0x42/0x90 [ 1855.304134] loop_add+0x303/0x830 [ 1855.307592] ? loop_queue_rq+0x280/0x280 23:51:18 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x50, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1855.311736] ? loop_queue_work+0x21e0/0x21e0 [ 1855.316148] loop_control_ioctl+0x11a/0x3f0 [ 1855.320494] ? loop_lookup+0x190/0x190 [ 1855.324385] ? SyS_write+0x1b7/0x210 [ 1855.328109] ? loop_lookup+0x190/0x190 [ 1855.331991] do_vfs_ioctl+0x75a/0xff0 [ 1855.335787] ? lock_acquire+0x170/0x3f0 [ 1855.339760] ? ioctl_preallocate+0x1a0/0x1a0 [ 1855.344174] ? __fget+0x265/0x3e0 [ 1855.347623] ? do_vfs_ioctl+0xff0/0xff0 [ 1855.351592] ? security_file_ioctl+0x83/0xb0 [ 1855.355994] SyS_ioctl+0x7f/0xb0 [ 1855.359353] ? do_vfs_ioctl+0xff0/0xff0 [ 1855.363332] do_syscall_64+0x1d5/0x640 [ 1855.367216] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1855.372399] RIP: 0033:0x7f57bdb1f209 [ 1855.376105] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1855.383814] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1855.391081] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1855.398337] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1855.405591] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1855.412848] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:18 executing program 1: semctl$SETVAL(0xffffffffffffffff, 0x4, 0x10, &(0x7f0000000040)=0x2a8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) 23:51:18 executing program 5: setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000340)=0x2, 0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000300)={0x3}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) 23:51:18 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x50, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x50}}, 0x10) 23:51:18 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x185100, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x24002, 0x0) 23:51:18 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000000)={@private=0xa010102, @private=0xa010100, 0x0, "5c37b9514c9ebe250e16c50cc62890a2ea948fb348ff23d0656ac5c28275dc8e", 0x7, 0x1, 0x5, 0x1}, 0x3c) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) setsockopt$MRT_DEL_MFC_PROXY(0xffffffffffffffff, 0x0, 0xd3, &(0x7f0000000000)={@private=0xa010102, @private=0xa010100, 0x0, "5c37b9514c9ebe250e16c50cc62890a2ea948fb348ff23d0656ac5c28275dc8e", 0x7, 0x1, 0x5, 0x1}, 0x3c) (async) 23:51:18 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 18) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x50, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x50}}, 0x0) 23:51:19 executing program 5: setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000340)=0x2, 0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000300)={0x3}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000340)=0x2, 0x4) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000300)={0x3}, 0x8) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) (async) [ 1856.116902] FAULT_INJECTION: forcing a failure. [ 1856.116902] name failslab, interval 1, probability 0, space 0, times 0 [ 1856.134372] CPU: 0 PID: 5547 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1856.142187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1856.151831] Call Trace: [ 1856.154449] dump_stack+0x1b2/0x281 [ 1856.158100] should_fail.cold+0x10a/0x149 [ 1856.162250] should_failslab+0xd6/0x130 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 5: setsockopt$MRT_FLUSH(0xffffffffffffffff, 0x0, 0xd4, &(0x7f0000000340)=0x2, 0x4) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) r0 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000000)={0xffffffffffffffff}, 0x4) (async) bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000300)={0x3}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000100)={r0, 0xe0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x3, &(0x7f0000000080)=[0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000100), 0x0, 0x10, &(0x7f0000000140), &(0x7f0000000180), 0x8, 0x10, 0x8, 0x8, &(0x7f00000001c0)}}, 0x10) [ 1856.166229] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1856.171340] ? mempool_free+0x1d0/0x1d0 [ 1856.175317] mempool_create_node+0x76/0x3e0 [ 1856.179647] ? mempool_kmalloc+0x20/0x20 [ 1856.183710] bioset_create+0x506/0x750 [ 1856.187598] ? kmem_cache_alloc_node+0x38b/0x410 [ 1856.192357] blk_alloc_queue_node+0xa8/0xb40 [ 1856.196782] blk_mq_init_queue+0x42/0x90 [ 1856.200869] loop_add+0x303/0x830 [ 1856.204317] ? loop_queue_rq+0x280/0x280 [ 1856.208372] ? loop_queue_work+0x21e0/0x21e0 [ 1856.212803] loop_control_ioctl+0x11a/0x3f0 23:51:19 executing program 1: semctl$SETVAL(0xffffffffffffffff, 0x4, 0x10, &(0x7f0000000040)=0x2a8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) semctl$SETVAL(0xffffffffffffffff, 0x4, 0x10, &(0x7f0000000040)=0x2a8) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) (async) [ 1856.217124] ? loop_lookup+0x190/0x190 [ 1856.221009] ? SyS_write+0x1b7/0x210 [ 1856.224895] ? loop_lookup+0x190/0x190 [ 1856.228784] do_vfs_ioctl+0x75a/0xff0 [ 1856.232581] ? lock_acquire+0x170/0x3f0 [ 1856.236548] ? ioctl_preallocate+0x1a0/0x1a0 [ 1856.240953] ? __fget+0x265/0x3e0 [ 1856.244400] ? do_vfs_ioctl+0xff0/0xff0 [ 1856.248385] ? security_file_ioctl+0x83/0xb0 [ 1856.252797] SyS_ioctl+0x7f/0xb0 [ 1856.256159] ? do_vfs_ioctl+0xff0/0xff0 [ 1856.260129] do_syscall_64+0x1d5/0x640 23:51:19 executing program 1: semctl$SETVAL(0xffffffffffffffff, 0x4, 0x10, &(0x7f0000000040)=0x2a8) r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) socket$inet_smc(0x2b, 0x1, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) semctl$SETVAL(0xffffffffffffffff, 0x4, 0x10, &(0x7f0000000040)=0x2a8) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) (async) 23:51:19 executing program 5: getrusage(0xffffffffffffffff, &(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:19 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x5) socket$bt_bnep(0x1f, 0x3, 0x4) [ 1856.264024] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1856.269205] RIP: 0033:0x7f57bdb1f209 [ 1856.272920] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1856.280626] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1856.287888] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1856.295158] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1856.302430] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1856.309781] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x185100, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x24002, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x185100, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x24002, 0x0) (async) 23:51:19 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x5) socket$bt_bnep(0x1f, 0x3, 0x4) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000040), 0x5) (async) socket$bt_bnep(0x1f, 0x3, 0x4) (async) 23:51:19 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 19) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:19 executing program 5: getrusage(0xffffffffffffffff, &(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 1: eventfd2(0x0, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) r1 = eventfd(0x0) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x39) write$eventfd(r2, &(0x7f0000000000), 0xfffffe43) read$eventfd(r1, &(0x7f0000000080), 0xffffffffffffff08) [ 1856.473727] FAULT_INJECTION: forcing a failure. [ 1856.473727] name failslab, interval 1, probability 0, space 0, times 0 [ 1856.492028] CPU: 1 PID: 5610 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1856.499842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1856.509280] Call Trace: [ 1856.511869] dump_stack+0x1b2/0x281 [ 1856.515500] should_fail.cold+0x10a/0x149 [ 1856.519652] should_failslab+0xd6/0x130 [ 1856.523625] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1856.528724] ? mempool_free+0x1d0/0x1d0 [ 1856.532699] __kmalloc_node+0x38/0x70 [ 1856.536497] mempool_create_node+0xb1/0x3e0 [ 1856.540818] ? mempool_kmalloc+0x20/0x20 [ 1856.544884] bioset_create+0x506/0x750 [ 1856.548769] ? kmem_cache_alloc_node+0x38b/0x410 [ 1856.553524] blk_alloc_queue_node+0xa8/0xb40 [ 1856.557933] blk_mq_init_queue+0x42/0x90 [ 1856.561993] loop_add+0x303/0x830 [ 1856.565441] ? loop_queue_rq+0x280/0x280 [ 1856.569497] ? loop_queue_work+0x21e0/0x21e0 [ 1856.573910] loop_control_ioctl+0x11a/0x3f0 [ 1856.578226] ? loop_lookup+0x190/0x190 [ 1856.582109] ? SyS_write+0x1b7/0x210 [ 1856.585819] ? loop_lookup+0x190/0x190 [ 1856.589726] do_vfs_ioctl+0x75a/0xff0 [ 1856.593524] ? lock_acquire+0x170/0x3f0 [ 1856.597493] ? ioctl_preallocate+0x1a0/0x1a0 [ 1856.601907] ? __fget+0x265/0x3e0 [ 1856.605360] ? do_vfs_ioctl+0xff0/0xff0 [ 1856.609594] ? security_file_ioctl+0x83/0xb0 [ 1856.613998] SyS_ioctl+0x7f/0xb0 [ 1856.617365] ? do_vfs_ioctl+0xff0/0xff0 23:51:19 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x185100, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x24002, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x185100, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x24002, 0x0) (async) 23:51:19 executing program 3: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000040), 0x5) (async) socket$bt_bnep(0x1f, 0x3, 0x4) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 1: eventfd2(0x0, 0x0) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) r1 = eventfd(0x0) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x39) (async) write$eventfd(r2, &(0x7f0000000000), 0xfffffe43) (async) read$eventfd(r1, &(0x7f0000000080), 0xffffffffffffff08) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1856.621336] do_syscall_64+0x1d5/0x640 [ 1856.625223] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1856.630398] RIP: 0033:0x7f57bdb1f209 [ 1856.634274] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1856.641980] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1856.649250] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1856.656515] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1856.663781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:19 executing program 5: getrusage(0xffffffffffffffff, &(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getrusage(0xffffffffffffffff, &(0x7f0000000000)) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) 23:51:19 executing program 1: eventfd2(0x0, 0x0) (async) r0 = eventfd(0x0) write$eventfd(r0, &(0x7f0000000000), 0x8) (async) r1 = eventfd(0x0) (async, rerun: 32) r2 = eventfd(0x0) (rerun: 32) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$UI_SET_FFBIT(0xffffffffffffffff, 0x4004556b, 0x39) write$eventfd(r2, &(0x7f0000000000), 0xfffffe43) (async, rerun: 64) read$eventfd(r1, &(0x7f0000000080), 0xffffffffffffff08) (rerun: 64) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1856.671044] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:19 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 20) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:19 executing program 3: r0 = eventfd2(0x56fe, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x80000000, 0x8, 0x0, 0xf8000000, 0x4, 0x7f, 0xd3e, 0xffff]) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:19 executing program 1: eventfd2(0x0, 0x0) eventfd(0x2) r0 = eventfd2(0x6, 0x1) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:51:19 executing program 5: r0 = geteuid() getresgid(&(0x7f0000000000)=0x0, &(0x7f0000000040), &(0x7f00000001c0)=0x0) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f0000000200)) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', 0x0, 0x2f, 0xb9, 0x63, 0x101, 0x40, @mcast1, @remote, 0x1, 0x8, 0x8, 0x7}}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c8434975155bd88cd58", @ANYRES16=r4, @ANYBLOB="040028d8b08be317a3cb702ee749d8c7be826e2f7ba18e82b42c52f8e145900832bece8a91cd7d00080008010100", @ANYRES16, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000007000000000000000000050003000b000000080004000800000008000700000000e307000100f091f3255115df5e14bf6f3e5c409052082e9643802adeb9538c02cc52e89e1cbe92e3ac547843c901e999", @ANYRES32=r6, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000006c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d80)={&(0x7f0000000440)={0xe4, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [{{0x63, 0x1, r6}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0xab}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r9}, {0x4}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x814}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000e80)={&(0x7f00000009c0)={0x4bc, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x33ca11a5}}}]}}, {{0x8, 0x1, r5}, {0x178, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x0, 0x2}, {0x40, 0x86, 0x9, 0x5}, {0x8000, 0x5, 0x40, 0x5}, {0xae8e, 0x3, 0x20, 0x4}, {0x0, 0x7, 0x47, 0x537a2738}, {0xffff, 0x1, 0x40, 0xe2}, {0xffff, 0x40, 0x4, 0x9}, {0x8001, 0x7f, 0xa, 0x4}, {0x2, 0x0, 0x6, 0x2}, {0x401, 0x5, 0x0, 0x7fffffff}]}}}]}}, {{0x8}, {0x214, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x200}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0xfffffffffffffd88}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x707}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r9}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xb7}}, {0x8, 0x6, r11}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x3, 0xee01, r2, r0, r3, 0x98, 0x100}, 0x5, 0xef, 0x0, 0x0, 0x0, 0x0, 0x2006}) r12 = geteuid() semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000240)={{0x2, r12, r1, r0, r4, 0xd, 0x6}, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1000}) geteuid() bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:19 executing program 3: r0 = eventfd2(0x56fe, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x80000000, 0x8, 0x0, 0xf8000000, 0x4, 0x7f, 0xd3e, 0xffff]) 23:51:19 executing program 5: r0 = geteuid() (async) getresgid(&(0x7f0000000000)=0x0, &(0x7f0000000040), &(0x7f00000001c0)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f0000000200)) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', 0x0, 0x2f, 0xb9, 0x63, 0x101, 0x40, @mcast1, @remote, 0x1, 0x8, 0x8, 0x7}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c8434975155bd88cd58", @ANYRES16=r4, @ANYBLOB="040028d8b08be317a3cb702ee749d8c7be826e2f7ba18e82b42c52f8e145900832bece8a91cd7d00080008010100", @ANYRES16, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000007000000000000000000050003000b000000080004000800000008000700000000e307000100f091f3255115df5e14bf6f3e5c409052082e9643802adeb9538c02cc52e89e1cbe92e3ac547843c901e999", @ANYRES32=r6, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', 0x0}) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000006c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d80)={&(0x7f0000000440)={0xe4, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [{{0x63, 0x1, r6}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0xab}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r9}, {0x4}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x814}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000e80)={&(0x7f00000009c0)={0x4bc, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x33ca11a5}}}]}}, {{0x8, 0x1, r5}, {0x178, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x0, 0x2}, {0x40, 0x86, 0x9, 0x5}, {0x8000, 0x5, 0x40, 0x5}, {0xae8e, 0x3, 0x20, 0x4}, {0x0, 0x7, 0x47, 0x537a2738}, {0xffff, 0x1, 0x40, 0xe2}, {0xffff, 0x40, 0x4, 0x9}, {0x8001, 0x7f, 0xa, 0x4}, {0x2, 0x0, 0x6, 0x2}, {0x401, 0x5, 0x0, 0x7fffffff}]}}}]}}, {{0x8}, {0x214, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x200}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0xfffffffffffffd88}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x707}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r9}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xb7}}, {0x8, 0x6, r11}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x3, 0xee01, r2, r0, r3, 0x98, 0x100}, 0x5, 0xef, 0x0, 0x0, 0x0, 0x0, 0x2006}) r12 = geteuid() semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000240)={{0x2, r12, r1, r0, r4, 0xd, 0x6}, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1000}) (async) geteuid() (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:19 executing program 1: eventfd2(0x0, 0x0) eventfd(0x2) r0 = eventfd2(0x6, 0x1) read$eventfd(r0, &(0x7f0000000040), 0x8) eventfd2(0x0, 0x0) (async) eventfd(0x2) (async) eventfd2(0x6, 0x1) (async) read$eventfd(r0, &(0x7f0000000040), 0x8) (async) [ 1856.877443] FAULT_INJECTION: forcing a failure. [ 1856.877443] name failslab, interval 1, probability 0, space 0, times 0 [ 1856.905422] CPU: 0 PID: 5658 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1856.913271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1856.922623] Call Trace: [ 1856.925213] dump_stack+0x1b2/0x281 [ 1856.928846] should_fail.cold+0x10a/0x149 [ 1856.932998] should_failslab+0xd6/0x130 [ 1856.936975] kmem_cache_alloc+0x28e/0x3c0 [ 1856.941134] ? mempool_free+0x1d0/0x1d0 [ 1856.945120] mempool_create_node+0x2d2/0x3e0 [ 1856.949533] bioset_create+0x506/0x750 [ 1856.953874] ? kmem_cache_alloc_node+0x38b/0x410 [ 1856.958632] blk_alloc_queue_node+0xa8/0xb40 [ 1856.963049] blk_mq_init_queue+0x42/0x90 [ 1856.967111] loop_add+0x303/0x830 [ 1856.970565] ? loop_queue_rq+0x280/0x280 23:51:19 executing program 5: r0 = geteuid() getresgid(&(0x7f0000000000)=0x0, &(0x7f0000000040), &(0x7f00000001c0)=0x0) (async) getresgid(&(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0, &(0x7f0000000200)) (async) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000640)={'ip6_vti0\x00', &(0x7f00000005c0)={'syztnl2\x00', 0x0, 0x2f, 0xb9, 0x63, 0x101, 0x40, @mcast1, @remote, 0x1, 0x8, 0x8, 0x7}}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f00000002c0)=ANY=[@ANYBLOB="7c8434975155bd88cd58", @ANYRES16=r4, @ANYBLOB="040028d8b08be317a3cb702ee749d8c7be826e2f7ba18e82b42c52f8e145900832bece8a91cd7d00080008010100", @ANYRES16, @ANYBLOB="4400028040000100240001006c625f686173685f737461747300000000000000000007000000000000000000050003000b000000080004000800000008000700000000e307000100f091f3255115df5e14bf6f3e5c409052082e9643802adeb9538c02cc52e89e1cbe92e3ac547843c901e999", @ANYRES32=r6, @ANYBLOB="04000280"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000680)={'batadv_slave_0\x00', 0x0}) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000980)={0xffffffffffffffff, 0xe0, &(0x7f0000000880)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f00000006c0)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000740)=[0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f0000000780)=[{}, {}, {}, {}, {}], 0x28, 0x10, &(0x7f00000007c0), &(0x7f0000000800), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000840)}}, 0x10) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000d80)={&(0x7f0000000440)={0xe4, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [{{0x63, 0x1, r6}, {0xbc, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0xab}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}]}}, {{0x8, 0x1, r9}, {0x4}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x814}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r10}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r11}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000ec0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000e80)={&(0x7f00000009c0)={0x4bc, 0x0, 0x200, 0x70bd25, 0x25dfdbfe, {}, [{{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x33ca11a5}}}]}}, {{0x8, 0x1, r5}, {0x178, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10001}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8, 0x6, r6}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}, {0x84, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x54, 0x4, [{0xffff, 0x9, 0x0, 0x2}, {0x40, 0x86, 0x9, 0x5}, {0x8000, 0x5, 0x40, 0x5}, {0xae8e, 0x3, 0x20, 0x4}, {0x0, 0x7, 0x47, 0x537a2738}, {0xffff, 0x1, 0x40, 0xe2}, {0xffff, 0x40, 0x4, 0x9}, {0x8001, 0x7f, 0xa, 0x4}, {0x2, 0x0, 0x6, 0x2}, {0x401, 0x5, 0x0, 0x7fffffff}]}}}]}}, {{0x8}, {0x214, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x200}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0xfffffffffffffd88}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x707}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r9}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x10000}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xb7}}, {0x8, 0x6, r11}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0x74, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}]}}]}, 0x4bc}, 0x1, 0x0, 0x0, 0x4000}, 0x20000000) (async) semctl$IPC_SET(0x0, 0x0, 0x1, &(0x7f00000000c0)={{0x3, 0xee01, r2, r0, r3, 0x98, 0x100}, 0x5, 0xef, 0x0, 0x0, 0x0, 0x0, 0x2006}) (async) r12 = geteuid() semctl$IPC_SET(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000240)={{0x2, r12, r1, r0, r4, 0xd, 0x6}, 0xfff, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x1000}) (async) geteuid() bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:19 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1856.974625] ? loop_queue_work+0x21e0/0x21e0 [ 1856.979035] loop_control_ioctl+0x11a/0x3f0 [ 1856.983352] ? loop_lookup+0x190/0x190 [ 1856.987240] ? SyS_write+0x1b7/0x210 [ 1856.990951] ? loop_lookup+0x190/0x190 [ 1856.994835] do_vfs_ioctl+0x75a/0xff0 [ 1856.998638] ? lock_acquire+0x170/0x3f0 [ 1857.002611] ? ioctl_preallocate+0x1a0/0x1a0 [ 1857.007016] ? __fget+0x265/0x3e0 [ 1857.010467] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.014445] ? security_file_ioctl+0x83/0xb0 [ 1857.018854] SyS_ioctl+0x7f/0xb0 [ 1857.022214] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.026172] do_syscall_64+0x1d5/0x640 [ 1857.030039] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1857.035209] RIP: 0033:0x7f57bdb1f209 [ 1857.038898] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1857.046584] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1857.053837] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1857.061088] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1857.068338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1857.075587] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:20 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 21) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:20 executing program 5: ptrace(0x8, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = gettid() sched_rr_get_interval(r0, &(0x7f0000000000)) 23:51:20 executing program 1: eventfd2(0x0, 0x0) eventfd(0x2) r0 = eventfd2(0x6, 0x1) read$eventfd(r0, &(0x7f0000000040), 0x8) 23:51:20 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) (async) socket$inet_smc(0x2b, 0x1, 0x0) (async) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:20 executing program 3: r0 = eventfd2(0x56fe, 0x0) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) ioctl$X86_IOC_RDMSR_REGS(0xffffffffffffffff, 0xc02063a0, &(0x7f0000000000)=[0x80000000, 0x8, 0x0, 0xf8000000, 0x4, 0x7f, 0xd3e, 0xffff]) 23:51:20 executing program 5: ptrace(0x8, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = gettid() sched_rr_get_interval(r0, &(0x7f0000000000)) ptrace(0x8, 0x0) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) gettid() (async) sched_rr_get_interval(r0, &(0x7f0000000000)) (async) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1857.223402] FAULT_INJECTION: forcing a failure. [ 1857.223402] name failslab, interval 1, probability 0, space 0, times 0 [ 1857.262164] CPU: 1 PID: 5703 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1857.269980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1857.279338] Call Trace: [ 1857.281930] dump_stack+0x1b2/0x281 [ 1857.285565] should_fail.cold+0x10a/0x149 [ 1857.289721] should_failslab+0xd6/0x130 [ 1857.293703] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1857.298806] bdi_alloc_node+0x5d/0x2e0 [ 1857.302699] blk_alloc_queue_node+0xe2/0xb40 [ 1857.307110] blk_mq_init_queue+0x42/0x90 [ 1857.311171] loop_add+0x303/0x830 [ 1857.314629] ? loop_queue_rq+0x280/0x280 [ 1857.318690] ? loop_queue_work+0x21e0/0x21e0 23:51:20 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r0, 0x4}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) 23:51:20 executing program 5: ptrace(0x8, 0x0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r0 = gettid() sched_rr_get_interval(r0, &(0x7f0000000000)) 23:51:20 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r0, 0x4}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r0, 0x4}) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:51:20 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbd8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) [ 1857.323100] loop_control_ioctl+0x11a/0x3f0 [ 1857.327420] ? loop_lookup+0x190/0x190 [ 1857.331307] ? SyS_write+0x1b7/0x210 [ 1857.335020] ? loop_lookup+0x190/0x190 [ 1857.339023] do_vfs_ioctl+0x75a/0xff0 [ 1857.342821] ? lock_acquire+0x170/0x3f0 [ 1857.346791] ? ioctl_preallocate+0x1a0/0x1a0 [ 1857.351199] ? __fget+0x265/0x3e0 [ 1857.354654] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.358633] ? security_file_ioctl+0x83/0xb0 [ 1857.363044] SyS_ioctl+0x7f/0xb0 [ 1857.366406] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.370380] do_syscall_64+0x1d5/0x640 [ 1857.374273] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1857.379458] RIP: 0033:0x7f57bdb1f209 [ 1857.383159] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1857.390865] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1857.398130] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1857.405398] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1857.412666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:20 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 22) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x8) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6000, &(0x7f0000000040), 0x4, r0, 0x8}) eventfd2(0x5, 0x0) 23:51:20 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbd8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbd8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) [ 1857.419934] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:20 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) (async, rerun: 32) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) (rerun: 32) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) (async) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:20 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r0, 0x4}) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) eventfd2(0x0, 0x0) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000040)={0x10000, &(0x7f0000000000), 0x1, r0, 0x4}) (async) read$eventfd(r0, &(0x7f0000000080), 0xfffffffffffffedb) (async) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6000, &(0x7f0000000040), 0x4, r0, 0x8}) (async) eventfd2(0x5, 0x0) 23:51:20 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbd8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) sendmsg$BATADV_CMD_GET_DAT_CACHE(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x0, 0x70bd25, 0x25dfdbfb, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x80}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xbd8}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x3}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x40) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) [ 1857.541199] FAULT_INJECTION: forcing a failure. [ 1857.541199] name failslab, interval 1, probability 0, space 0, times 0 [ 1857.575655] CPU: 0 PID: 5751 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1857.583474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1857.592832] Call Trace: [ 1857.595423] dump_stack+0x1b2/0x281 [ 1857.599056] should_fail.cold+0x10a/0x149 [ 1857.603211] should_failslab+0xd6/0x130 [ 1857.607189] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1857.611866] wb_congested_get_create+0x15b/0x360 [ 1857.616629] wb_init+0x4f6/0x7c0 [ 1857.620007] ? __raw_spin_lock_init+0x28/0x100 [ 1857.624588] cgwb_bdi_init+0xe2/0x1e0 [ 1857.628392] bdi_alloc_node+0x224/0x2e0 [ 1857.632368] blk_alloc_queue_node+0xe2/0xb40 [ 1857.636777] blk_mq_init_queue+0x42/0x90 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x800) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x6000, &(0x7f0000000040), 0x4, r0, 0x8}) (async) eventfd2(0x5, 0x0) 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x3000, &(0x7f0000000080), 0x1, r0, 0xa}) [ 1857.640835] loop_add+0x303/0x830 [ 1857.644290] ? loop_queue_rq+0x280/0x280 [ 1857.648352] ? loop_queue_work+0x21e0/0x21e0 [ 1857.652766] loop_control_ioctl+0x11a/0x3f0 [ 1857.657085] ? loop_lookup+0x190/0x190 [ 1857.660970] ? SyS_write+0x1b7/0x210 [ 1857.664687] ? loop_lookup+0x190/0x190 [ 1857.668575] do_vfs_ioctl+0x75a/0xff0 [ 1857.672372] ? lock_acquire+0x170/0x3f0 [ 1857.676361] ? ioctl_preallocate+0x1a0/0x1a0 [ 1857.680751] ? __fget+0x265/0x3e0 [ 1857.684208] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.688169] ? security_file_ioctl+0x83/0xb0 [ 1857.692581] SyS_ioctl+0x7f/0xb0 [ 1857.695936] ? do_vfs_ioctl+0xff0/0xff0 [ 1857.699894] do_syscall_64+0x1d5/0x640 [ 1857.703771] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1857.708938] RIP: 0033:0x7f57bdb1f209 [ 1857.712628] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1857.720318] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1857.727569] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1857.734824] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:20 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:20 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x3, 0x80000000, 0x8, 0x240, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0xe}, 0x48) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getrusage(0x1, &(0x7f0000000080)) 23:51:20 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 23) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:20 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) [ 1857.742076] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1857.749359] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x3000, &(0x7f0000000080), 0x1, r0, 0xa}) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x3000, &(0x7f0000000080), 0x1, r0, 0xa}) (async) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:20 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x3, 0x80000000, 0x8, 0x240, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0xe}, 0x48) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getrusage(0x1, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x3, 0x80000000, 0x8, 0x240, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0xe}, 0x48) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getrusage(0x1, &(0x7f0000000080)) (async) 23:51:20 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) (async) 23:51:20 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x3000, &(0x7f0000000080), 0x1, r0, 0xa}) 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1857.943899] FAULT_INJECTION: forcing a failure. [ 1857.943899] name failslab, interval 1, probability 0, space 0, times 0 [ 1857.964900] CPU: 0 PID: 5792 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1857.972715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1857.982066] Call Trace: [ 1857.984660] dump_stack+0x1b2/0x281 [ 1857.988418] should_fail.cold+0x10a/0x149 23:51:20 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1857.992569] should_failslab+0xd6/0x130 [ 1857.996554] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1858.001231] wb_congested_get_create+0x15b/0x360 [ 1858.005995] wb_init+0x4f6/0x7c0 [ 1858.009367] ? __raw_spin_lock_init+0x28/0x100 [ 1858.013954] cgwb_bdi_init+0xe2/0x1e0 [ 1858.017764] bdi_alloc_node+0x224/0x2e0 [ 1858.021744] blk_alloc_queue_node+0xe2/0xb40 [ 1858.026166] blk_mq_init_queue+0x42/0x90 [ 1858.030232] loop_add+0x303/0x830 [ 1858.033686] ? loop_queue_rq+0x280/0x280 [ 1858.037745] ? loop_queue_work+0x21e0/0x21e0 [ 1858.042163] loop_control_ioctl+0x11a/0x3f0 [ 1858.046490] ? loop_lookup+0x190/0x190 [ 1858.050383] ? SyS_write+0x1b7/0x210 [ 1858.054150] ? loop_lookup+0x190/0x190 [ 1858.058044] do_vfs_ioctl+0x75a/0xff0 [ 1858.061862] ? lock_acquire+0x170/0x3f0 [ 1858.065828] ? ioctl_preallocate+0x1a0/0x1a0 [ 1858.070228] ? __fget+0x265/0x3e0 [ 1858.073669] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.077623] ? security_file_ioctl+0x83/0xb0 [ 1858.082014] SyS_ioctl+0x7f/0xb0 [ 1858.085367] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.089331] do_syscall_64+0x1d5/0x640 [ 1858.093208] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1858.098379] RIP: 0033:0x7f57bdb1f209 [ 1858.102071] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1858.109769] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1858.117043] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1858.124297] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1858.131642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:21 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1858.138903] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:21 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 24) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:21 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x17, 0x0, 0x0, 0x6, 0x804, 0x1, 0x54000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f00000000c0)="a60f61cf09d4fc8edf7c8a7eaa8fd7e1659d7260498900a5aa5dab256ac40f94da7f5125021fcd18145ca053386286d240bc6d403c48186c0336447fd9f1", &(0x7f0000000100)=@udp}, 0x20) r1 = eventfd2(0x0, 0x1) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:21 executing program 5: bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x3, 0x80000000, 0x8, 0x240, 0x1, 0x9, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x3, 0x5, 0xe}, 0x48) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getrusage(0x1, &(0x7f0000000080)) 23:51:21 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) 23:51:21 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x20}, 0x10) 23:51:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, r1) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r3, @ANYRES32=r3], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r3, 0x4c82) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r4) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x2800, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, r4) r6 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r6, 0x6, 0x14, &(0x7f0000000000), 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:21 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x20}, 0x10) 23:51:21 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x17, 0x0, 0x0, 0x6, 0x804, 0x1, 0x54000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f00000000c0)="a60f61cf09d4fc8edf7c8a7eaa8fd7e1659d7260498900a5aa5dab256ac40f94da7f5125021fcd18145ca053386286d240bc6d403c48186c0336447fd9f1", &(0x7f0000000100)=@udp}, 0x20) r1 = eventfd2(0x0, 0x1) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x17, 0x0, 0x0, 0x6, 0x804, 0x1, 0x54000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4}, 0x48) (async) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f00000000c0)="a60f61cf09d4fc8edf7c8a7eaa8fd7e1659d7260498900a5aa5dab256ac40f94da7f5125021fcd18145ca053386286d240bc6d403c48186c0336447fd9f1", &(0x7f0000000100)=@udp}, 0x20) (async) eventfd2(0x0, 0x1) (async) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) (async) 23:51:21 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x20}, 0x10) [ 1858.314157] FAULT_INJECTION: forcing a failure. [ 1858.314157] name failslab, interval 1, probability 0, space 0, times 0 [ 1858.339014] CPU: 0 PID: 5848 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1858.346831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1858.356181] Call Trace: [ 1858.358767] dump_stack+0x1b2/0x281 23:51:21 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1858.362397] should_fail.cold+0x10a/0x149 [ 1858.366636] should_failslab+0xd6/0x130 [ 1858.370616] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1858.375293] blk_alloc_queue_stats+0x3c/0x100 [ 1858.379787] blk_alloc_queue_node+0x125/0xb40 [ 1858.384284] blk_mq_init_queue+0x42/0x90 [ 1858.388345] loop_add+0x303/0x830 [ 1858.391798] ? loop_queue_rq+0x280/0x280 [ 1858.396029] ? loop_queue_work+0x21e0/0x21e0 [ 1858.400437] loop_control_ioctl+0x11a/0x3f0 [ 1858.404761] ? loop_lookup+0x190/0x190 [ 1858.408646] ? SyS_write+0x1b7/0x210 [ 1858.412363] ? loop_lookup+0x190/0x190 [ 1858.416324] do_vfs_ioctl+0x75a/0xff0 [ 1858.420123] ? lock_acquire+0x170/0x3f0 [ 1858.424094] ? ioctl_preallocate+0x1a0/0x1a0 [ 1858.428503] ? __fget+0x265/0x3e0 [ 1858.431962] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.435935] ? security_file_ioctl+0x83/0xb0 [ 1858.440340] SyS_ioctl+0x7f/0xb0 [ 1858.443816] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.447786] do_syscall_64+0x1d5/0x640 [ 1858.451658] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1858.456828] RIP: 0033:0x7f57bdb1f209 23:51:21 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 25) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:21 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x17, 0x0, 0x0, 0x6, 0x804, 0x1, 0x54000000, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x4}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f00000000c0)="a60f61cf09d4fc8edf7c8a7eaa8fd7e1659d7260498900a5aa5dab256ac40f94da7f5125021fcd18145ca053386286d240bc6d403c48186c0336447fd9f1", &(0x7f0000000100)=@udp}, 0x20) (async) r1 = eventfd2(0x0, 0x1) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:21 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x806, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x3d4, 0x0, 0x0, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x24c, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x3, 0x38, 0x3}, {0x6, 0x1f, 0x2, 0x8000}, {0xfff, 0x5, 0x4, 0x6}, {0x6f2d, 0xff, 0x5, 0x81}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x164, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}]}}]}, 0x3d4}, 0x1, 0x0, 0x0, 0x40044}, 0x4000044) [ 1858.460517] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1858.468203] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1858.475452] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1858.482697] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1858.489945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1858.497313] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:21 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0xa) r5 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xffffffffffffff73) 23:51:21 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:21 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 1: r0 = eventfd2(0x1000000, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000000c0)={0x2, r0, 0x1}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = eventfd(0x1) write$eventfd(r1, &(0x7f0000000080)=0x1ff, 0x8) 23:51:21 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 1: r0 = eventfd2(0x1000000, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000000c0)={0x2, r0, 0x1}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = eventfd(0x1) write$eventfd(r1, &(0x7f0000000080)=0x1ff, 0x8) eventfd2(0x1000000, 0x0) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000000c0)={0x2, r0, 0x1}) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) (async) eventfd(0x1) (async) write$eventfd(r1, &(0x7f0000000080)=0x1ff, 0x8) (async) [ 1858.692480] FAULT_INJECTION: forcing a failure. [ 1858.692480] name failslab, interval 1, probability 0, space 0, times 0 [ 1858.716963] CPU: 0 PID: 5893 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1858.724780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1858.734133] Call Trace: [ 1858.736726] dump_stack+0x1b2/0x281 23:51:21 executing program 1: r0 = eventfd2(0x1000000, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000000c0)={0x2, r0, 0x1}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) (async) r1 = eventfd(0x1) write$eventfd(r1, &(0x7f0000000080)=0x1ff, 0x8) [ 1858.740358] should_fail.cold+0x10a/0x149 [ 1858.744514] should_failslab+0xd6/0x130 [ 1858.748487] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1858.753593] blkg_alloc+0x92/0x5c0 [ 1858.757145] blkcg_init_queue+0x23/0x410 [ 1858.761222] blk_alloc_queue_node+0x826/0xb40 [ 1858.765722] blk_mq_init_queue+0x42/0x90 [ 1858.769782] loop_add+0x303/0x830 [ 1858.773237] ? loop_queue_rq+0x280/0x280 [ 1858.777301] ? loop_queue_work+0x21e0/0x21e0 [ 1858.781735] loop_control_ioctl+0x11a/0x3f0 [ 1858.786056] ? loop_lookup+0x190/0x190 [ 1858.789937] ? SyS_write+0x1b7/0x210 [ 1858.793656] ? loop_lookup+0x190/0x190 [ 1858.797547] do_vfs_ioctl+0x75a/0xff0 [ 1858.801349] ? lock_acquire+0x170/0x3f0 [ 1858.805319] ? ioctl_preallocate+0x1a0/0x1a0 [ 1858.809714] ? __fget+0x265/0x3e0 [ 1858.813162] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.817122] ? security_file_ioctl+0x83/0xb0 [ 1858.821511] SyS_ioctl+0x7f/0xb0 [ 1858.824855] ? do_vfs_ioctl+0xff0/0xff0 [ 1858.828816] do_syscall_64+0x1d5/0x640 [ 1858.832685] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1858.837853] RIP: 0033:0x7f57bdb1f209 [ 1858.841540] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1858.849227] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1858.856499] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1858.863752] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1858.871003] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1858.878264] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:21 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 26) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:21 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x3}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:21 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:21 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:21 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0xa) r5 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) (async, rerun: 32) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) (async, rerun: 32) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (async, rerun: 64) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xffffffffffffff73) (rerun: 64) 23:51:21 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x806, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x3d4, 0x0, 0x0, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x24c, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x3, 0x38, 0x3}, {0x6, 0x1f, 0x2, 0x8000}, {0xfff, 0x5, 0x4, 0x6}, {0x6f2d, 0xff, 0x5, 0x81}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x164, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}]}}]}, 0x3d4}, 0x1, 0x0, 0x0, 0x40044}, 0x4000044) [ 1858.991946] FAULT_INJECTION: forcing a failure. [ 1858.991946] name failslab, interval 1, probability 0, space 0, times 0 [ 1859.004823] CPU: 1 PID: 5933 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1859.012625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1859.021984] Call Trace: [ 1859.024569] dump_stack+0x1b2/0x281 [ 1859.028205] should_fail.cold+0x10a/0x149 [ 1859.032358] should_failslab+0xd6/0x130 [ 1859.036335] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1859.041428] blk_throtl_init+0x7a/0x590 [ 1859.045392] blkcg_init_queue+0x18f/0x410 [ 1859.049528] blk_alloc_queue_node+0x826/0xb40 [ 1859.054022] blk_mq_init_queue+0x42/0x90 [ 1859.058068] loop_add+0x303/0x830 [ 1859.061565] ? loop_queue_rq+0x280/0x280 [ 1859.065633] ? loop_queue_work+0x21e0/0x21e0 [ 1859.070020] loop_control_ioctl+0x11a/0x3f0 [ 1859.074431] ? loop_lookup+0x190/0x190 [ 1859.078308] ? SyS_write+0x1b7/0x210 [ 1859.082012] ? loop_lookup+0x190/0x190 [ 1859.085894] do_vfs_ioctl+0x75a/0xff0 [ 1859.089708] ? lock_acquire+0x170/0x3f0 [ 1859.093662] ? ioctl_preallocate+0x1a0/0x1a0 [ 1859.098051] ? __fget+0x265/0x3e0 [ 1859.101490] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.105452] ? security_file_ioctl+0x83/0xb0 [ 1859.109853] SyS_ioctl+0x7f/0xb0 [ 1859.113197] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.117151] do_syscall_64+0x1d5/0x640 [ 1859.121038] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1859.126205] RIP: 0033:0x7f57bdb1f209 [ 1859.129891] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 23:51:22 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x3}) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) eventfd2(0x0, 0x0) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x3}) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:22 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 27) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.137579] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1859.144834] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1859.152090] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1859.159338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.166588] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:22 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x806, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r3}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', 0x0}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000240)={0x3d4, 0x0, 0x0, 0x70bd2d, 0x25dfdbff, {}, [{{0x8}, {0x24c, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x9, 0x3, 0x38, 0x3}, {0x6, 0x1f, 0x2, 0x8000}, {0xfff, 0x5, 0x4, 0x6}, {0x6f2d, 0xff, 0x5, 0x81}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x3f}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r2}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x6, r3}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x164, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r5}}, {0x8}}}]}}]}, 0x3d4}, 0x1, 0x0, 0x0, 0x40044}, 0x4000044) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 5: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000300), 0x20000, 0x0) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) r4 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, 0xa) (async) r5 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_ADD(r4, 0x4c80, r5) (async) ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000000)=[0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x5, &(0x7f0000000040)=[0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}, {}, {}], 0x20, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xffffffffffffff73) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f0000000040)={0x3}) (async, rerun: 32) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (rerun: 32) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.330652] FAULT_INJECTION: forcing a failure. [ 1859.330652] name failslab, interval 1, probability 0, space 0, times 0 [ 1859.367044] CPU: 0 PID: 5965 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 23:51:22 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.374960] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1859.384313] Call Trace: [ 1859.386904] dump_stack+0x1b2/0x281 [ 1859.390536] should_fail.cold+0x10a/0x149 [ 1859.394686] should_failslab+0xd6/0x130 [ 1859.398668] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1859.403778] throtl_pd_alloc+0x59/0x990 [ 1859.407754] ? throtl_add_bio_tg+0x1e0/0x1e0 [ 1859.412159] blkcg_activate_policy+0x115/0x5c0 [ 1859.416750] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1859.421767] blk_throtl_init+0x408/0x590 [ 1859.425828] blkcg_init_queue+0x18f/0x410 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.429976] blk_alloc_queue_node+0x826/0xb40 [ 1859.434482] blk_mq_init_queue+0x42/0x90 [ 1859.438631] loop_add+0x303/0x830 [ 1859.442080] ? loop_queue_rq+0x280/0x280 [ 1859.446489] ? loop_queue_work+0x21e0/0x21e0 [ 1859.450900] loop_control_ioctl+0x11a/0x3f0 [ 1859.455228] ? loop_lookup+0x190/0x190 [ 1859.459111] ? SyS_write+0x1b7/0x210 [ 1859.462824] ? loop_lookup+0x190/0x190 [ 1859.466707] do_vfs_ioctl+0x75a/0xff0 [ 1859.470524] ? lock_acquire+0x170/0x3f0 [ 1859.474499] ? ioctl_preallocate+0x1a0/0x1a0 [ 1859.478908] ? __fget+0x265/0x3e0 [ 1859.482363] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.486335] ? security_file_ioctl+0x83/0xb0 [ 1859.490741] SyS_ioctl+0x7f/0xb0 [ 1859.494107] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.498085] do_syscall_64+0x1d5/0x640 [ 1859.501976] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1859.507147] RIP: 0033:0x7f57bdb1f209 [ 1859.510840] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1859.518538] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 23:51:22 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 28) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.525789] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1859.533055] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1859.540302] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.547554] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) socketpair(0xf, 0xa, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x40800) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x2, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:22 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r6, &(0x7f0000000000), 0x8) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.749938] FAULT_INJECTION: forcing a failure. [ 1859.749938] name failslab, interval 1, probability 0, space 0, times 0 [ 1859.761390] CPU: 1 PID: 6023 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1859.769183] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1859.778532] Call Trace: [ 1859.781122] dump_stack+0x1b2/0x281 [ 1859.784757] should_fail.cold+0x10a/0x149 [ 1859.788920] should_failslab+0xd6/0x130 [ 1859.792897] kmem_cache_alloc_node_trace+0x58/0x400 23:51:22 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) socketpair(0xf, 0xa, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x40800) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x2, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) (async) socketpair(0xf, 0xa, 0x3, &(0x7f0000000000)) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) (async) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x40800) (async) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x2, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) (async) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1859.797918] throtl_pd_alloc+0x59/0x990 [ 1859.801897] ? throtl_add_bio_tg+0x1e0/0x1e0 [ 1859.806307] blkcg_activate_policy+0x23e/0x5c0 [ 1859.810901] blk_throtl_init+0x408/0x590 [ 1859.814962] blkcg_init_queue+0x18f/0x410 [ 1859.819108] blk_alloc_queue_node+0x826/0xb40 [ 1859.823608] blk_mq_init_queue+0x42/0x90 [ 1859.827667] loop_add+0x303/0x830 [ 1859.831130] ? loop_queue_rq+0x280/0x280 [ 1859.835184] ? loop_queue_work+0x21e0/0x21e0 [ 1859.839752] loop_control_ioctl+0x11a/0x3f0 [ 1859.844073] ? loop_lookup+0x190/0x190 [ 1859.847959] ? SyS_write+0x1b7/0x210 [ 1859.851677] ? loop_lookup+0x190/0x190 [ 1859.855570] do_vfs_ioctl+0x75a/0xff0 [ 1859.859371] ? lock_acquire+0x170/0x3f0 [ 1859.863345] ? ioctl_preallocate+0x1a0/0x1a0 [ 1859.867755] ? __fget+0x265/0x3e0 [ 1859.871207] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.875173] ? security_file_ioctl+0x83/0xb0 [ 1859.879561] SyS_ioctl+0x7f/0xb0 [ 1859.882907] ? do_vfs_ioctl+0xff0/0xff0 [ 1859.886865] do_syscall_64+0x1d5/0x640 [ 1859.890732] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1859.895901] RIP: 0033:0x7f57bdb1f209 23:51:22 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 29) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:22 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) socketpair(0xf, 0xa, 0x3, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x40800) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x2, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={r0, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000140)=[0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000001c0)=[{}], 0x8, 0x10, &(0x7f0000000200), &(0x7f0000000240), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) (async) socketpair(0xf, 0xa, 0x3, &(0x7f0000000000)) (async) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) (async) setsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, 0x0, 0x0) (async) accept4$bt_l2cap(r2, &(0x7f0000000080)={0x1f, 0x0, @none}, &(0x7f00000000c0)=0xe, 0x40800) (async) setsockopt$MRT_ADD_VIF(r1, 0x0, 0xca, &(0x7f0000000040)={0x0, 0x4, 0x9, 0x2, @vifc_lcl_addr=@loopback, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) (async) 23:51:22 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:22 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) (async, rerun: 32) r5 = socket$igmp(0x2, 0x3, 0x2) (rerun: 32) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) (async) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) (async) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) (async) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) (async) read$eventfd(r6, &(0x7f0000000000), 0x8) (async) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) (async, rerun: 32) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) (rerun: 32) [ 1859.899596] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1859.907281] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1859.914527] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1859.921775] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1859.929026] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1859.936273] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:22 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) (async) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:22 executing program 1: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) (async) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 64) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) (async, rerun: 64) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) (async) r4 = socket$igmp(0x2, 0x3, 0x2) (async) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) (async) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) (async) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) (async) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) (async) read$eventfd(r6, &(0x7f0000000000), 0x8) (async) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) (async) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) 23:51:22 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1860.083469] FAULT_INJECTION: forcing a failure. [ 1860.083469] name failslab, interval 1, probability 0, space 0, times 0 [ 1860.114807] CPU: 0 PID: 6068 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1860.122627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1860.131986] Call Trace: [ 1860.134574] dump_stack+0x1b2/0x281 [ 1860.138208] should_fail.cold+0x10a/0x149 [ 1860.142359] should_failslab+0xd6/0x130 [ 1860.146343] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1860.151011] ? blk_mq_can_queue+0x40/0x40 [ 1860.155156] ? queue_set_hctx_shared+0x210/0x210 [ 1860.159911] blk_stat_alloc_callback+0x54/0x2f0 [ 1860.164582] blk_mq_init_allocated_queue+0x80/0xfd0 [ 1860.169598] ? blkcg_init_queue+0x19f/0x410 [ 1860.173911] ? blk_alloc_queue_node+0x82f/0xb40 [ 1860.178572] blk_mq_init_queue+0x5a/0x90 23:51:23 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x7, 0x4, 0x0, 0x9, 0x8}, 0xfffffffffffffd0d) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:23 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2a) [ 1860.182631] loop_add+0x303/0x830 [ 1860.186084] ? loop_queue_rq+0x280/0x280 [ 1860.190142] ? loop_queue_work+0x21e0/0x21e0 [ 1860.194554] loop_control_ioctl+0x11a/0x3f0 [ 1860.198872] ? loop_lookup+0x190/0x190 [ 1860.202750] ? SyS_write+0x1b7/0x210 [ 1860.206448] ? loop_lookup+0x190/0x190 [ 1860.210313] do_vfs_ioctl+0x75a/0xff0 [ 1860.214094] ? lock_acquire+0x170/0x3f0 [ 1860.218050] ? ioctl_preallocate+0x1a0/0x1a0 [ 1860.222448] ? __fget+0x265/0x3e0 [ 1860.225881] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.229836] ? security_file_ioctl+0x83/0xb0 [ 1860.234224] SyS_ioctl+0x7f/0xb0 [ 1860.237628] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.241586] do_syscall_64+0x1d5/0x640 [ 1860.245465] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1860.250640] RIP: 0033:0x7f57bdb1f209 [ 1860.254340] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1860.262046] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1860.269302] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1860.276550] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:23 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 30) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:23 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2a) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async, rerun: 32) r1 = socket$inet_tcp(0x2, 0x1, 0x0) (rerun: 32) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x7, 0x4, 0x0, 0x9, 0x8}, 0xfffffffffffffd0d) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:23 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0]}) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="28010000", @ANYRES16=r2, @ANYBLOB="000325bd7000fedbdf250300000008000100", @ANYRES32=0x0, @ANYBLOB="8400028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400ffff000008000600", @ANYRES32=r5, @ANYBLOB="070001003f39e27760629d50a48d348d9a5a899d7948a50bfa001f67056d21c6ea796eea7f96c95e2b512bd210734f926ccad54b0900000000000000c37db0b8463b487500"/81, @ANYRES32=0x0, @ANYBLOB="8000028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB], 0x128}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040800) [ 1860.283798] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1860.291060] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:23 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2a) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0]}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="28010000", @ANYRES16=r2, @ANYBLOB="000325bd7000fedbdf250300000008000100", @ANYRES32=0x0, @ANYBLOB="8400028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400ffff000008000600", @ANYRES32=r5, @ANYBLOB="070001003f39e27760629d50a48d348d9a5a899d7948a50bfa001f67056d21c6ea796eea7f96c95e2b512bd210734f926ccad54b0900000000000000c37db0b8463b487500"/81, @ANYRES32=0x0, @ANYBLOB="8000028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB], 0x128}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040800) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x44, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x7, 0x4, 0x0, 0x9, 0x8}, 0xfffffffffffffd0d) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) socket$inet_tcp(0x2, 0x1, 0x0) (async) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r1, 0x6, 0x14, &(0x7f0000000000)=0x2, 0x4) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(r1, 0x6, 0x1d, &(0x7f0000000040)={0x7, 0x4, 0x0, 0x9, 0x8}, 0xfffffffffffffd0d) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000080)='bic\x00', 0x4) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) [ 1860.407669] FAULT_INJECTION: forcing a failure. [ 1860.407669] name failslab, interval 1, probability 0, space 0, times 0 23:51:23 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x4}, 0x4) r1 = request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)=')\\#\x00', 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r1) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) [ 1860.448175] CPU: 1 PID: 6115 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1860.455992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1860.465430] Call Trace: [ 1860.468019] dump_stack+0x1b2/0x281 [ 1860.471649] should_fail.cold+0x10a/0x149 [ 1860.475796] should_failslab+0xd6/0x130 [ 1860.479776] __kmalloc+0x2c1/0x400 [ 1860.483319] ? blk_stat_alloc_callback+0x81/0x2f0 [ 1860.488165] ? blk_mq_can_queue+0x40/0x40 [ 1860.492314] ? queue_set_hctx_shared+0x210/0x210 [ 1860.497073] blk_stat_alloc_callback+0x81/0x2f0 [ 1860.501745] blk_mq_init_allocated_queue+0x80/0xfd0 [ 1860.506761] ? blkcg_init_queue+0x19f/0x410 [ 1860.512389] ? blk_alloc_queue_node+0x82f/0xb40 [ 1860.517098] blk_mq_init_queue+0x5a/0x90 [ 1860.521162] loop_add+0x303/0x830 [ 1860.524613] ? loop_queue_rq+0x280/0x280 [ 1860.528665] ? loop_queue_work+0x21e0/0x21e0 [ 1860.533084] loop_control_ioctl+0x11a/0x3f0 [ 1860.537403] ? loop_lookup+0x190/0x190 [ 1860.541287] ? SyS_write+0x1b7/0x210 [ 1860.544996] ? loop_lookup+0x190/0x190 [ 1860.548891] do_vfs_ioctl+0x75a/0xff0 [ 1860.552701] ? lock_acquire+0x170/0x3f0 [ 1860.556678] ? ioctl_preallocate+0x1a0/0x1a0 [ 1860.561129] ? __fget+0x265/0x3e0 [ 1860.564572] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.568533] ? security_file_ioctl+0x83/0xb0 [ 1860.572920] SyS_ioctl+0x7f/0xb0 [ 1860.576275] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.580240] do_syscall_64+0x1d5/0x640 [ 1860.584123] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1860.589316] RIP: 0033:0x7f57bdb1f209 23:51:23 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 31) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:23 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x4}, 0x4) (async) r1 = request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)=')\\#\x00', 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r1) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:23 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) (async) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000080), 0xffffffffffffffff) (async) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async, rerun: 32) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, &(0x7f00000002c0)={&(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x8}) (rerun: 32) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000340)={r4, 0x0, 0x0, 0x0, 0x0, 0x4, &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0]}) (async) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_NOOP(0xffffffffffffffff, &(0x7f0000000dc0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0x6c, 0x0, 0x4, 0x70bd28, 0x25dfdbfc, {}, [{{0x8}, {0x44, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8, 0x1, r5}, {0x4}}]}, 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x804) (async) sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="28010000", @ANYRES16=r2, @ANYBLOB="000325bd7000fedbdf250300000008000100", @ANYRES32=0x0, @ANYBLOB="8400028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e00000008000400ffff000008000600", @ANYRES32=r5, @ANYBLOB="070001003f39e27760629d50a48d348d9a5a899d7948a50bfa001f67056d21c6ea796eea7f96c95e2b512bd210734f926ccad54b0900000000000000c37db0b8463b487500"/81, @ANYRES32=0x0, @ANYBLOB="8000028040000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="08000700000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB], 0x128}, 0x1, 0x0, 0x0, 0x4040000}, 0x4040800) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(0x0, r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152", @ANYRES64=r0, @ANYRES32=r2, @ANYRESHEX], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) [ 1860.593009] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1860.600714] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1860.607968] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1860.615224] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1860.622482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1860.629740] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1860.739189] FAULT_INJECTION: forcing a failure. [ 1860.739189] name failslab, interval 1, probability 0, space 0, times 0 [ 1860.770659] CPU: 0 PID: 6152 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1860.778479] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1860.787834] Call Trace: [ 1860.790423] dump_stack+0x1b2/0x281 [ 1860.794073] should_fail.cold+0x10a/0x149 [ 1860.798224] should_failslab+0xd6/0x130 [ 1860.802206] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1860.807315] __kmalloc_node+0x38/0x70 [ 1860.811213] blk_mq_init_allocated_queue+0x17b/0xfd0 [ 1860.816318] ? blkcg_init_queue+0x19f/0x410 [ 1860.820649] ? blk_alloc_queue_node+0x82f/0xb40 [ 1860.825324] blk_mq_init_queue+0x5a/0x90 [ 1860.829394] loop_add+0x303/0x830 [ 1860.832850] ? loop_queue_rq+0x280/0x280 23:51:23 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x4}, 0x4) r1 = request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)=')\\#\x00', 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r1) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x4}, 0x4) (async) request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)=')\\#\x00', 0xfffffffffffffffb) (async) keyctl$unlink(0x9, 0x0, r1) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) 23:51:23 executing program 1: r0 = eventfd2(0x3, 0x1) eventfd2(0x8, 0x1) read$eventfd(r0, &(0x7f0000000000), 0x8) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x0, &(0x7f0000000040), 0x8, r0, 0xa}) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x3c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1860.836910] ? loop_queue_work+0x21e0/0x21e0 [ 1860.841356] loop_control_ioctl+0x11a/0x3f0 [ 1860.845769] ? loop_lookup+0x190/0x190 [ 1860.849664] ? SyS_write+0x1b7/0x210 [ 1860.853389] ? loop_lookup+0x190/0x190 [ 1860.857274] do_vfs_ioctl+0x75a/0xff0 [ 1860.861078] ? lock_acquire+0x170/0x3f0 [ 1860.865061] ? ioctl_preallocate+0x1a0/0x1a0 [ 1860.869474] ? __fget+0x265/0x3e0 [ 1860.872930] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.876902] ? security_file_ioctl+0x83/0xb0 [ 1860.881309] SyS_ioctl+0x7f/0xb0 [ 1860.884677] ? do_vfs_ioctl+0xff0/0xff0 [ 1860.888657] do_syscall_64+0x1d5/0x640 [ 1860.892662] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1860.897831] RIP: 0033:0x7f57bdb1f209 [ 1860.901607] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1860.909290] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1860.916535] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1860.923782] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1860.931050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:23 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 32) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x3c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x3c}}, 0x10) 23:51:23 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000100)=0x4) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) 23:51:23 executing program 1: r0 = eventfd2(0x3, 0x1) eventfd2(0x8, 0x1) (async, rerun: 64) read$eventfd(r0, &(0x7f0000000000), 0x8) (async, rerun: 64) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x0, &(0x7f0000000040), 0x8, r0, 0xa}) 23:51:23 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1860.938329] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:23 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152", @ANYRES64=r0, @ANYRES32=r2, @ANYRESHEX], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) socket$inet_smc(0x2b, 0x1, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:23 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000100)=0x4) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), 0xffffffffffffffff) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000100)=0x4) (async) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), 0xffffffffffffffff) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) (async) 23:51:23 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x3c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_SECCTX={0x26, 0x7, 'system_u:object_r:crond_exec_t:s0\x00'}]}, 0x3c}}, 0x0) 23:51:24 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:24 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152", @ANYRES64=r0, @ANYRES32=r2, @ANYRESHEX], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:24 executing program 3: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:24 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f00000000c0)=0x100, &(0x7f0000000100)=0x4) (async) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000000), 0xffffffffffffffff) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000040)='./file0\x00', 0x0, 0x18}, 0x10) [ 1861.160663] FAULT_INJECTION: forcing a failure. [ 1861.160663] name failslab, interval 1, probability 0, space 0, times 0 [ 1861.172339] CPU: 0 PID: 6211 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1861.180141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1861.189494] Call Trace: [ 1861.192085] dump_stack+0x1b2/0x281 [ 1861.195711] should_fail.cold+0x10a/0x149 [ 1861.199863] should_failslab+0xd6/0x130 [ 1861.203984] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1861.209086] __kmalloc_node+0x38/0x70 [ 1861.212872] blk_mq_realloc_hw_ctxs+0x1a5/0xe00 [ 1861.217528] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1861.222536] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1861.227800] blk_mq_init_allocated_queue+0x20c/0xfd0 [ 1861.232891] ? blkcg_init_queue+0x19f/0x410 [ 1861.237215] ? blk_alloc_queue_node+0x82f/0xb40 [ 1861.241871] blk_mq_init_queue+0x5a/0x90 [ 1861.245912] loop_add+0x303/0x830 [ 1861.249360] ? loop_queue_rq+0x280/0x280 [ 1861.253405] ? loop_queue_work+0x21e0/0x21e0 [ 1861.257800] loop_control_ioctl+0x11a/0x3f0 [ 1861.262106] ? loop_lookup+0x190/0x190 [ 1861.265975] ? SyS_write+0x1b7/0x210 [ 1861.269672] ? loop_lookup+0x190/0x190 [ 1861.273541] do_vfs_ioctl+0x75a/0xff0 [ 1861.277323] ? lock_acquire+0x170/0x3f0 [ 1861.281283] ? ioctl_preallocate+0x1a0/0x1a0 [ 1861.285670] ? __fget+0x265/0x3e0 [ 1861.289105] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.293059] ? security_file_ioctl+0x83/0xb0 [ 1861.297449] SyS_ioctl+0x7f/0xb0 [ 1861.300792] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.304748] do_syscall_64+0x1d5/0x640 [ 1861.308626] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.313794] RIP: 0033:0x7f57bdb1f209 [ 1861.317486] RSP: 002b:00007f57bc473168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1861.325373] RAX: ffffffffffffffda RBX: 00007f57bdc32030 RCX: 00007f57bdb1f209 [ 1861.332634] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1861.339895] RBP: 00007f57bc4731d0 R08: 0000000000000000 R09: 0000000000000000 [ 1861.347162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1861.354411] R13: 00007ffc7af5046f R14: 00007f57bc473300 R15: 0000000000022000 23:51:24 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 33) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:24 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152", @ANYRES64=r0, @ANYRES32=r2, @ANYRESHEX], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) socket$inet_smc(0x2b, 0x1, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:24 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x29) [ 1861.477891] FAULT_INJECTION: forcing a failure. [ 1861.477891] name failslab, interval 1, probability 0, space 0, times 0 [ 1861.490780] CPU: 0 PID: 6239 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1861.498585] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1861.508018] Call Trace: [ 1861.510614] dump_stack+0x1b2/0x281 [ 1861.514226] should_fail.cold+0x10a/0x149 [ 1861.518371] should_failslab+0xd6/0x130 [ 1861.522324] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1861.527414] __kmalloc_node+0x38/0x70 [ 1861.531212] blk_mq_realloc_hw_ctxs+0x528/0xe00 [ 1861.535866] blk_mq_init_allocated_queue+0x20c/0xfd0 [ 1861.540953] ? blkcg_init_queue+0x19f/0x410 [ 1861.545277] ? blk_alloc_queue_node+0x82f/0xb40 [ 1861.549927] blk_mq_init_queue+0x5a/0x90 [ 1861.553968] loop_add+0x303/0x830 [ 1861.557415] ? loop_queue_rq+0x280/0x280 [ 1861.561461] ? loop_queue_work+0x21e0/0x21e0 [ 1861.565855] loop_control_ioctl+0x11a/0x3f0 [ 1861.570157] ? loop_lookup+0x190/0x190 [ 1861.574030] ? SyS_write+0x1b7/0x210 [ 1861.577725] ? loop_lookup+0x190/0x190 [ 1861.581592] do_vfs_ioctl+0x75a/0xff0 [ 1861.585388] ? lock_acquire+0x170/0x3f0 [ 1861.589342] ? ioctl_preallocate+0x1a0/0x1a0 [ 1861.593730] ? __fget+0x265/0x3e0 [ 1861.597163] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.601120] ? security_file_ioctl+0x83/0xb0 [ 1861.605512] SyS_ioctl+0x7f/0xb0 [ 1861.608862] ? do_vfs_ioctl+0xff0/0xff0 [ 1861.612813] do_syscall_64+0x1d5/0x640 [ 1861.616681] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1861.621852] RIP: 0033:0x7f57bdb1f209 [ 1861.625539] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1861.633331] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1861.640588] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1861.647837] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1861.655096] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1861.662374] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:24 executing program 1: r0 = eventfd2(0x3, 0x1) eventfd2(0x8, 0x1) read$eventfd(r0, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000080)={0x0, &(0x7f0000000040), 0x8, r0, 0xa}) 23:51:24 executing program 3: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:24 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x29) 23:51:24 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:24 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 34) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:24 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:24 executing program 3: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:24 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x29) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x29) (async) 23:51:24 executing program 1: r0 = gettid() getpgid(r0) tgkill(r0, 0x0, 0x40) eventfd2(0x0, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000080)="9cfdb298b025af46a2a2ac25982161508f1683f3b251de6b0791777404aaa715b4e7007c56145a8303eef81082c319b4b53f05f8621e5e3c48d9de5d5b619f9d87e2dfc348324f5e8964635f11d6885f0a95830fcd7edb3bceed5c", 0x5b) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x4, 0x40, 0x80000000, @vifc_lcl_addr=@multicast2, @local}, 0x10) 23:51:24 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c3b4f152", @ANYRES64=r0, @ANYRES32=r2, @ANYRESHEX], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r3) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) [ 1861.941197] FAULT_INJECTION: forcing a failure. [ 1861.941197] name failslab, interval 1, probability 0, space 0, times 0 [ 1861.967881] CPU: 0 PID: 6250 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1861.975701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1861.985053] Call Trace: [ 1861.987643] dump_stack+0x1b2/0x281 23:51:24 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:24 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r0, &(0x7f0000000080)=""/164, 0xa4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) [ 1861.991283] should_fail.cold+0x10a/0x149 [ 1861.995435] should_failslab+0xd6/0x130 [ 1861.999413] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1862.004522] __kmalloc_node+0x38/0x70 [ 1862.008320] sbitmap_init_node+0x10c/0x3d0 [ 1862.012554] blk_mq_realloc_hw_ctxs+0x59b/0xe00 [ 1862.017236] blk_mq_init_allocated_queue+0x20c/0xfd0 [ 1862.022343] ? blkcg_init_queue+0x19f/0x410 [ 1862.026700] ? blk_alloc_queue_node+0x82f/0xb40 [ 1862.031371] blk_mq_init_queue+0x5a/0x90 [ 1862.037429] loop_add+0x303/0x830 [ 1862.040883] ? loop_queue_rq+0x280/0x280 [ 1862.044944] ? loop_queue_work+0x21e0/0x21e0 [ 1862.049355] loop_control_ioctl+0x11a/0x3f0 [ 1862.053672] ? loop_lookup+0x190/0x190 [ 1862.057558] ? SyS_write+0x1b7/0x210 [ 1862.061270] ? loop_lookup+0x190/0x190 [ 1862.065158] do_vfs_ioctl+0x75a/0xff0 [ 1862.068958] ? lock_acquire+0x170/0x3f0 [ 1862.072933] ? ioctl_preallocate+0x1a0/0x1a0 [ 1862.077333] ? __fget+0x265/0x3e0 [ 1862.080777] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.084733] ? security_file_ioctl+0x83/0xb0 [ 1862.089135] SyS_ioctl+0x7f/0xb0 [ 1862.092486] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.096447] do_syscall_64+0x1d5/0x640 [ 1862.100323] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1862.105494] RIP: 0033:0x7f57bdb1f209 [ 1862.109189] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1862.116876] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1862.124134] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1862.131401] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:25 executing program 1: r0 = gettid() getpgid(r0) (async) tgkill(r0, 0x0, 0x40) eventfd2(0x0, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000080)="9cfdb298b025af46a2a2ac25982161508f1683f3b251de6b0791777404aaa715b4e7007c56145a8303eef81082c319b4b53f05f8621e5e3c48d9de5d5b619f9d87e2dfc348324f5e8964635f11d6885f0a95830fcd7edb3bceed5c", 0x5b) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x4, 0x40, 0x80000000, @vifc_lcl_addr=@multicast2, @local}, 0x10) 23:51:25 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r0, &(0x7f0000000080)=""/164, 0xa4) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) [ 1862.138658] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.145911] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:25 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:25 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 35) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:25 executing program 1: r0 = gettid() getpgid(r0) (async) tgkill(r0, 0x0, 0x40) (async) eventfd2(0x0, 0x0) setsockopt$inet_tcp_buf(0xffffffffffffffff, 0x6, 0xb, &(0x7f0000000080)="9cfdb298b025af46a2a2ac25982161508f1683f3b251de6b0791777404aaa715b4e7007c56145a8303eef81082c319b4b53f05f8621e5e3c48d9de5d5b619f9d87e2dfc348324f5e8964635f11d6885f0a95830fcd7edb3bceed5c", 0x5b) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) setsockopt$MRT_DEL_VIF(0xffffffffffffffff, 0x0, 0xcb, &(0x7f0000000000)={0xffffffffffffffff, 0x4, 0x40, 0x80000000, @vifc_lcl_addr=@multicast2, @local}, 0x10) 23:51:25 executing program 5: r0 = syz_open_dev$MSR(&(0x7f0000000040), 0x0, 0x0) ioctl$X86_IOC_RDMSR_REGS(r0, 0xc02063a0, &(0x7f0000000080)=[0x0, 0xfffffff8]) read$msr(r0, &(0x7f0000000080)=""/164, 0xa4) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async, rerun: 64) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) (rerun: 64) 23:51:25 executing program 2: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) setsockopt$inet6_icmp_ICMP_FILTER(r0, 0x1, 0x1, &(0x7f00000000c0)={0x4}, 0x4) r1 = request_key(&(0x7f0000000000)='logon\x00', &(0x7f0000000040)={'syz', 0x3}, &(0x7f0000000080)=')\\#\x00', 0xfffffffffffffffb) keyctl$unlink(0x9, 0x0, r1) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) 23:51:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x1ff, 0x7f, 0x329, 0x96b8}, 'syz1\x00', 0x3c}) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x0) ioctl$UI_DEV_DESTROY(r2, 0x5502) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) ioctl$UI_SET_SNDBIT(r4, 0x4004556a, 0x2) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0xb) 23:51:25 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x10000, 0xfff00000, 0x7c, 0x7, 0x7}, 0x14) 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, 0x0, 0x10) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1862.329651] FAULT_INJECTION: forcing a failure. [ 1862.329651] name failslab, interval 1, probability 0, space 0, times 0 [ 1862.366222] CPU: 1 PID: 6299 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1862.374038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1862.383399] Call Trace: [ 1862.385991] dump_stack+0x1b2/0x281 [ 1862.389624] should_fail.cold+0x10a/0x149 [ 1862.393779] should_failslab+0xd6/0x130 [ 1862.397758] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1862.402869] blk_alloc_flush_queue+0x4f/0x2b0 [ 1862.407375] blk_mq_realloc_hw_ctxs+0x6ab/0xe00 [ 1862.412057] blk_mq_init_allocated_queue+0x20c/0xfd0 [ 1862.417196] ? blkcg_init_queue+0x19f/0x410 [ 1862.421516] ? blk_alloc_queue_node+0x82f/0xb40 [ 1862.426193] blk_mq_init_queue+0x5a/0x90 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r1, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1862.430254] loop_add+0x303/0x830 [ 1862.433711] ? loop_queue_rq+0x280/0x280 [ 1862.437769] ? loop_queue_work+0x21e0/0x21e0 [ 1862.442179] loop_control_ioctl+0x11a/0x3f0 [ 1862.446500] ? loop_lookup+0x190/0x190 [ 1862.450386] ? SyS_write+0x1b7/0x210 [ 1862.454102] ? loop_lookup+0x190/0x190 [ 1862.457998] do_vfs_ioctl+0x75a/0xff0 [ 1862.461800] ? lock_acquire+0x170/0x3f0 [ 1862.465770] ? ioctl_preallocate+0x1a0/0x1a0 [ 1862.470179] ? __fget+0x265/0x3e0 [ 1862.473633] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.477610] ? security_file_ioctl+0x83/0xb0 [ 1862.482026] SyS_ioctl+0x7f/0xb0 [ 1862.485389] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.489454] do_syscall_64+0x1d5/0x640 [ 1862.493344] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1862.498526] RIP: 0033:0x7f57bdb1f209 [ 1862.502331] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1862.510238] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1862.517490] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 23:51:25 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:25 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 36) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r0) 23:51:25 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x10000, 0xfff00000, 0x7c, 0x7, 0x7}, 0x14) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x10000, 0xfff00000, 0x7c, 0x7, 0x7}, 0x14) (async) 23:51:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x1ff, 0x7f, 0x329, 0x96b8}, 'syz1\x00', 0x3c}) (async, rerun: 64) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (rerun: 64) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x0) ioctl$UI_DEV_DESTROY(r2, 0x5502) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) ioctl$UI_SET_SNDBIT(r4, 0x4004556a, 0x2) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0xb) [ 1862.524740] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1862.531995] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.539254] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:25 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 23:51:25 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r1, 0xed3d1ab90b5e038f, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x20048044) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x60041, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000140)='syz1\x00') 23:51:25 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0xa) (async) ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{0x1ff, 0x7f, 0x329, 0x96b8}, 'syz1\x00', 0x3c}) (async) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r2, 0x40045566, 0x0) (async) ioctl$UI_DEV_DESTROY(r2, 0x5502) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) (async) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r4, 0x40045566, 0x0) (async) ioctl$UI_SET_SNDBIT(r4, 0x4004556a, 0x2) ioctl$UI_SET_LEDBIT(r3, 0x40045569, 0xb) 23:51:25 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) setsockopt$inet_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000040)={0x10000, 0xfff00000, 0x7c, 0x7, 0x7}, 0x14) [ 1862.655442] FAULT_INJECTION: forcing a failure. [ 1862.655442] name failslab, interval 1, probability 0, space 0, times 0 [ 1862.683417] CPU: 0 PID: 6334 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1862.691322] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1862.700764] Call Trace: [ 1862.703354] dump_stack+0x1b2/0x281 [ 1862.706985] should_fail.cold+0x10a/0x149 [ 1862.711139] should_failslab+0xd6/0x130 [ 1862.715120] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1862.720226] __kmalloc_node+0x38/0x70 [ 1862.724030] blk_alloc_flush_queue+0xf7/0x2b0 [ 1862.728527] blk_mq_realloc_hw_ctxs+0x6ab/0xe00 [ 1862.733210] blk_mq_init_allocated_queue+0x20c/0xfd0 [ 1862.738310] ? blkcg_init_queue+0x19f/0x410 [ 1862.742641] ? blk_alloc_queue_node+0x82f/0xb40 [ 1862.747313] blk_mq_init_queue+0x5a/0x90 [ 1862.751372] loop_add+0x303/0x830 [ 1862.754824] ? loop_queue_rq+0x280/0x280 [ 1862.758888] ? loop_queue_work+0x21e0/0x21e0 [ 1862.763306] loop_control_ioctl+0x11a/0x3f0 [ 1862.767620] ? loop_lookup+0x190/0x190 [ 1862.771503] ? SyS_write+0x1b7/0x210 [ 1862.775214] ? loop_lookup+0x190/0x190 [ 1862.779098] do_vfs_ioctl+0x75a/0xff0 [ 1862.782898] ? lock_acquire+0x170/0x3f0 [ 1862.786882] ? ioctl_preallocate+0x1a0/0x1a0 [ 1862.791305] ? __fget+0x265/0x3e0 [ 1862.794760] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.798734] ? security_file_ioctl+0x83/0xb0 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1862.803138] SyS_ioctl+0x7f/0xb0 [ 1862.806495] ? do_vfs_ioctl+0xff0/0xff0 [ 1862.810469] do_syscall_64+0x1d5/0x640 [ 1862.814360] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1862.819545] RIP: 0033:0x7f57bdb1f209 [ 1862.823249] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1862.831083] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1862.838349] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1862.845613] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:25 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 37) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:25 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 1: r0 = eventfd2(0x7ff, 0x80801) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:25 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x13) 23:51:25 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), r0) (async) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) (async) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r1, 0xed3d1ab90b5e038f, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x20048044) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x60041, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000140)='syz1\x00') [ 1862.852921] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1862.860190] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:25 executing program 1: r0 = eventfd2(0x7ff, 0x80801) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0) 23:51:25 executing program 4: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f00000001c0), r0) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NLBL_UNLABEL_C_STATICREMOVE(r2, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={0x0}}, 0x1) sendmsg$NLBL_MGMT_C_LISTALL(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)={0x14, r1, 0xed3d1ab90b5e038f, 0x0, 0x3}, 0x14}}, 0x0) sendmsg$NLBL_MGMT_C_REMOVEDEF(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r1, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@NLBL_MGMT_A_IPV4MASK={0x8, 0x8, @loopback}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4002}, 0x20048044) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x60041, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$UI_SET_PHYS(r4, 0x4008556c, &(0x7f0000000140)='syz1\x00') 23:51:25 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x13) 23:51:25 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={0x0}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:25 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0) [ 1862.981433] FAULT_INJECTION: forcing a failure. [ 1862.981433] name failslab, interval 1, probability 0, space 0, times 0 [ 1863.037042] CPU: 1 PID: 6370 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1863.044987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1863.054349] Call Trace: [ 1863.056930] dump_stack+0x1b2/0x281 [ 1863.061082] should_fail.cold+0x10a/0x149 [ 1863.065222] should_failslab+0xd6/0x130 [ 1863.069198] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1863.074296] blk_mq_init_tags+0x5e/0x280 [ 1863.078360] blk_mq_alloc_rq_map+0x90/0x220 [ 1863.082688] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1863.087362] blk_mq_init_sched+0x18d/0x4a0 [ 1863.091576] ? _raw_spin_unlock+0x29/0x40 [ 1863.095715] elevator_init+0x2ee/0x410 [ 1863.099583] blk_mq_sched_init+0x28/0x40 [ 1863.103753] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1863.108856] blk_mq_init_queue+0x5a/0x90 [ 1863.112914] loop_add+0x303/0x830 [ 1863.116372] ? loop_queue_rq+0x280/0x280 [ 1863.120414] ? loop_queue_work+0x21e0/0x21e0 [ 1863.124809] loop_control_ioctl+0x11a/0x3f0 [ 1863.129109] ? loop_lookup+0x190/0x190 [ 1863.132980] ? SyS_write+0x1b7/0x210 [ 1863.136679] ? loop_lookup+0x190/0x190 [ 1863.140559] do_vfs_ioctl+0x75a/0xff0 [ 1863.144447] ? lock_acquire+0x170/0x3f0 [ 1863.148433] ? ioctl_preallocate+0x1a0/0x1a0 [ 1863.152832] ? __fget+0x265/0x3e0 [ 1863.156269] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.160233] ? security_file_ioctl+0x83/0xb0 [ 1863.164619] SyS_ioctl+0x7f/0xb0 [ 1863.167978] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.171933] do_syscall_64+0x1d5/0x640 [ 1863.175806] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1863.180973] RIP: 0033:0x7f57bdb1f209 23:51:26 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 38) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:26 executing program 1: r0 = eventfd2(0x7ff, 0x80801) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:26 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(0x0, r0) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:26 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x13) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x13) (async) [ 1863.184659] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1863.192344] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1863.199592] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1863.206848] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1863.214116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1863.221368] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:26 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:26 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) 23:51:26 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) 23:51:26 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async, rerun: 64) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 64) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) (async) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:26 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000000)={0xffff}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2fb76a1b923b79de) socketpair(0x2b, 0x5, 0x7f, &(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$igmp(0x2, 0x3, 0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x1, 0x1, 0x1, 0x5, @vifc_lcl_ifindex=r3, @private=0xa010102}, 0x10) setsockopt$MRT_DEL_MFC_PROXY(r1, 0x0, 0xd3, &(0x7f0000000080)={@rand_addr=0x64010102, @empty, 0xffffffffffffffff, "1cffffffff0000000000f5ac25eca2db00", 0x80000002, 0x4, 0xb5b, 0x5}, 0x3c) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1863.336384] FAULT_INJECTION: forcing a failure. [ 1863.336384] name failslab, interval 1, probability 0, space 0, times 0 [ 1863.385611] CPU: 0 PID: 6395 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1863.393687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1863.403036] Call Trace: [ 1863.405637] dump_stack+0x1b2/0x281 [ 1863.409276] should_fail.cold+0x10a/0x149 [ 1863.413435] should_failslab+0xd6/0x130 [ 1863.417411] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1863.422521] __kmalloc_node+0x38/0x70 [ 1863.426321] sbitmap_init_node+0x10c/0x3d0 [ 1863.430560] sbitmap_queue_init_node+0x37/0x5d0 [ 1863.435231] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 1863.440366] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1863.445625] blk_mq_init_tags+0xf4/0x280 [ 1863.449674] blk_mq_alloc_rq_map+0x90/0x220 [ 1863.453992] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1863.458773] blk_mq_init_sched+0x18d/0x4a0 [ 1863.463001] ? _raw_spin_unlock+0x29/0x40 [ 1863.467145] elevator_init+0x2ee/0x410 [ 1863.471030] blk_mq_sched_init+0x28/0x40 [ 1863.475084] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1863.480243] blk_mq_init_queue+0x5a/0x90 [ 1863.484303] loop_add+0x303/0x830 [ 1863.487830] ? loop_queue_rq+0x280/0x280 [ 1863.491876] ? loop_queue_work+0x21e0/0x21e0 [ 1863.496268] loop_control_ioctl+0x11a/0x3f0 [ 1863.500582] ? loop_lookup+0x190/0x190 [ 1863.504449] ? SyS_write+0x1b7/0x210 [ 1863.508147] ? loop_lookup+0x190/0x190 [ 1863.512012] do_vfs_ioctl+0x75a/0xff0 [ 1863.515796] ? lock_acquire+0x170/0x3f0 [ 1863.519749] ? ioctl_preallocate+0x1a0/0x1a0 [ 1863.524149] ? __fget+0x265/0x3e0 [ 1863.527580] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.531532] ? security_file_ioctl+0x83/0xb0 [ 1863.535932] SyS_ioctl+0x7f/0xb0 [ 1863.539278] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.543235] do_syscall_64+0x1d5/0x640 [ 1863.547385] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1863.552551] RIP: 0033:0x7f57bdb1f209 [ 1863.556252] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1863.563946] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1863.571192] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1863.578450] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 23:51:26 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) 23:51:26 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) (async) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) socket(0x10, 0x2, 0x0) (async) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) (async) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:26 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) eventfd2(0x7ff, 0x1) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) (async) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) (async) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) (async) 23:51:26 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 39) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:26 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000000)={0xffff}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2fb76a1b923b79de) (async) socketpair(0x2b, 0x5, 0x7f, &(0x7f0000000040)={0xffffffffffffffff}) r2 = socket$igmp(0x2, 0x3, 0x2) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x1, 0x1, 0x1, 0x5, @vifc_lcl_ifindex=r3, @private=0xa010102}, 0x10) (async) setsockopt$MRT_DEL_MFC_PROXY(r1, 0x0, 0xd3, &(0x7f0000000080)={@rand_addr=0x64010102, @empty, 0xffffffffffffffff, "1cffffffff0000000000f5ac25eca2db00", 0x80000002, 0x4, 0xb5b, 0x5}, 0x3c) [ 1863.585701] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1863.592953] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:26 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xf) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38d4447ba5c5aed876b7483c00b40a494b1f8e302bd4af39b92b0f3c275159a148d056fd43647d67d59cc91d104c9244e109d3a7f8b16e2dd8ced37f49a85c855473e15d30060f3e141c697cb012533653e38672bf0b936dacf406f63970708431aa2fce051a6e8b84c73631d70b482fafc815f6052f596e2a81a90477df6ae0c6a4bd6d38a384e4eea61b51d053b54051e2aba90fbac38623de5de8574a011d0885cfe948a3193898a2eaa2935bdb20a16b75efe2c4ae20fbb296665bf3838857ab201f1a", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) 23:51:26 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) (async) ioctl$SIOCGETVIFCNT(r0, 0x89e0, &(0x7f0000000000)={0xffff}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x2fb76a1b923b79de) (async, rerun: 64) socketpair(0x2b, 0x5, 0x7f, &(0x7f0000000040)={0xffffffffffffffff}) (rerun: 64) r2 = socket$igmp(0x2, 0x3, 0x2) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) setsockopt$MRT_DEL_VIF(r2, 0x0, 0xcb, &(0x7f0000000100)={0x1, 0x1, 0x1, 0x5, @vifc_lcl_ifindex=r3, @private=0xa010102}, 0x10) setsockopt$MRT_DEL_MFC_PROXY(r1, 0x0, 0xd3, &(0x7f0000000080)={@rand_addr=0x64010102, @empty, 0xffffffffffffffff, "1cffffffff0000000000f5ac25eca2db00", 0x80000002, 0x4, 0xb5b, 0x5}, 0x3c) 23:51:26 executing program 2: syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), 0xffffffffffffffff) 23:51:26 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async) eventfd2(0x7ff, 0x1) (async) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) (async) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) (async) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) (async) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1863.720907] FAULT_INJECTION: forcing a failure. [ 1863.720907] name failslab, interval 1, probability 0, space 0, times 0 [ 1863.762362] CPU: 0 PID: 6437 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1863.770263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1863.779618] Call Trace: [ 1863.782208] dump_stack+0x1b2/0x281 [ 1863.785847] should_fail.cold+0x10a/0x149 [ 1863.789997] should_failslab+0xd6/0x130 [ 1863.793981] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1863.799092] sbitmap_queue_init_node+0x27f/0x5d0 [ 1863.803860] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1863.809675] blk_mq_init_tags+0xf4/0x280 [ 1863.813735] blk_mq_alloc_rq_map+0x90/0x220 [ 1863.818059] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1863.822739] blk_mq_init_sched+0x18d/0x4a0 [ 1863.826976] ? _raw_spin_unlock+0x29/0x40 [ 1863.831123] elevator_init+0x2ee/0x410 [ 1863.835002] blk_mq_sched_init+0x28/0x40 [ 1863.839046] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1863.844131] blk_mq_init_queue+0x5a/0x90 [ 1863.848173] loop_add+0x303/0x830 [ 1863.851620] ? loop_queue_rq+0x280/0x280 [ 1863.855660] ? loop_queue_work+0x21e0/0x21e0 [ 1863.860058] loop_control_ioctl+0x11a/0x3f0 [ 1863.864369] ? loop_lookup+0x190/0x190 [ 1863.868245] ? SyS_write+0x1b7/0x210 [ 1863.871947] ? loop_lookup+0x190/0x190 [ 1863.875831] do_vfs_ioctl+0x75a/0xff0 [ 1863.879611] ? lock_acquire+0x170/0x3f0 [ 1863.883588] ? ioctl_preallocate+0x1a0/0x1a0 [ 1863.887976] ? __fget+0x265/0x3e0 [ 1863.891415] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.895379] ? security_file_ioctl+0x83/0xb0 [ 1863.899770] SyS_ioctl+0x7f/0xb0 [ 1863.903148] ? do_vfs_ioctl+0xff0/0xff0 [ 1863.907109] do_syscall_64+0x1d5/0x640 [ 1863.910979] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1863.916149] RIP: 0033:0x7f57bdb1f209 [ 1863.919926] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1863.927632] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1863.934879] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1863.942138] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1863.949421] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:26 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 40) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:26 executing program 5: getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0) setfsgid(r0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x1a) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xe) 23:51:26 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd(0x1) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:26 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:26 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x1c, r2, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x10) [ 1863.956667] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:26 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xf) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38d4447ba5c5aed876b7483c00b40a494b1f8e302bd4af39b92b0f3c275159a148d056fd43647d67d59cc91d104c9244e109d3a7f8b16e2dd8ced37f49a85c855473e15d30060f3e141c697cb012533653e38672bf0b936dacf406f63970708431aa2fce051a6e8b84c73631d70b482fafc815f6052f596e2a81a90477df6ae0c6a4bd6d38a384e4eea61b51d053b54051e2aba90fbac38623de5de8574a011d0885cfe948a3193898a2eaa2935bdb20a16b75efe2c4ae20fbb296665bf3838857ab201f1a", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xf) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38d4447ba5c5aed876b7483c00b40a494b1f8e302bd4af39b92b0f3c275159a148d056fd43647d67d59cc91d104c9244e109d3a7f8b16e2dd8ced37f49a85c855473e15d30060f3e141c697cb012533653e38672bf0b936dacf406f63970708431aa2fce051a6e8b84c73631d70b482fafc815f6052f596e2a81a90477df6ae0c6a4bd6d38a384e4eea61b51d053b54051e2aba90fbac38623de5de8574a011d0885cfe948a3193898a2eaa2935bdb20a16b75efe2c4ae20fbb296665bf3838857ab201f1a", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) (async) 23:51:26 executing program 5: getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0) setfsgid(r0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x1a) (async) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xe) 23:51:26 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd(0x1) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) eventfd2(0x0, 0x0) (async) eventfd(0x1) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) 23:51:27 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r2, 0x201}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:27 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:27 executing program 5: getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=0x0) setfsgid(r0) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x1a) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xe) getresgid(&(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)) (async) setfsgid(r0) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x1a) (async) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0xe) (async) 23:51:27 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd(0x1) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) [ 1864.156214] FAULT_INJECTION: forcing a failure. [ 1864.156214] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.177627] CPU: 1 PID: 6486 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1864.185556] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1864.194908] Call Trace: [ 1864.197481] dump_stack+0x1b2/0x281 [ 1864.201092] should_fail.cold+0x10a/0x149 [ 1864.205222] should_failslab+0xd6/0x130 [ 1864.209176] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1864.214261] sbitmap_queue_init_node+0x27f/0x5d0 [ 1864.219000] ? kmem_cache_alloc_node_trace+0x383/0x400 [ 1864.224255] blk_mq_init_tags+0x14b/0x280 [ 1864.228381] blk_mq_alloc_rq_map+0x90/0x220 [ 1864.232683] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1864.237344] blk_mq_init_sched+0x18d/0x4a0 [ 1864.242522] ? _raw_spin_unlock+0x29/0x40 [ 1864.246654] elevator_init+0x2ee/0x410 [ 1864.250534] blk_mq_sched_init+0x28/0x40 [ 1864.254576] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1864.259667] blk_mq_init_queue+0x5a/0x90 [ 1864.263890] loop_add+0x303/0x830 [ 1864.267325] ? loop_queue_rq+0x280/0x280 [ 1864.271376] ? loop_queue_work+0x21e0/0x21e0 [ 1864.275883] loop_control_ioctl+0x11a/0x3f0 [ 1864.280184] ? loop_lookup+0x190/0x190 [ 1864.284054] ? SyS_write+0x1b7/0x210 [ 1864.287744] ? loop_lookup+0x190/0x190 [ 1864.291608] do_vfs_ioctl+0x75a/0xff0 [ 1864.295388] ? lock_acquire+0x170/0x3f0 [ 1864.299347] ? ioctl_preallocate+0x1a0/0x1a0 [ 1864.303733] ? __fget+0x265/0x3e0 [ 1864.307164] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.311119] ? security_file_ioctl+0x83/0xb0 [ 1864.315504] SyS_ioctl+0x7f/0xb0 [ 1864.318849] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.322800] do_syscall_64+0x1d5/0x640 [ 1864.326679] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1864.331842] RIP: 0033:0x7f57bdb1f209 [ 1864.335525] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1864.343205] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 23:51:27 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 41) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:27 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r2, 0x201}, 0x14}}, 0x10) 23:51:27 executing program 2: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, r2, 0x0, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:27 executing program 5: r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r0) 23:51:27 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x13004, &(0x7f0000000040), 0x2, r2}) 23:51:27 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xf) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38d4447ba5c5aed876b7483c00b40a494b1f8e302bd4af39b92b0f3c275159a148d056fd43647d67d59cc91d104c9244e109d3a7f8b16e2dd8ced37f49a85c855473e15d30060f3e141c697cb012533653e38672bf0b936dacf406f63970708431aa2fce051a6e8b84c73631d70b482fafc815f6052f596e2a81a90477df6ae0c6a4bd6d38a384e4eea61b51d053b54051e2aba90fbac38623de5de8574a011d0885cfe948a3193898a2eaa2935bdb20a16b75efe2c4ae20fbb296665bf3838857ab201f1a", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r4 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) (async) ioctl$UI_SET_RELBIT(r3, 0x40045566, 0xf) (async) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="38d4447ba5c5aed876b7483c00b40a494b1f8e302bd4af39b92b0f3c275159a148d056fd43647d67d59cc91d104c9244e109d3a7f8b16e2dd8ced37f49a85c855473e15d30060f3e141c697cb012533653e38672bf0b936dacf406f63970708431aa2fce051a6e8b84c73631d70b482fafc815f6052f596e2a81a90477df6ae0c6a4bd6d38a384e4eea61b51d053b54051e2aba90fbac38623de5de8574a011d0885cfe948a3193898a2eaa2935bdb20a16b75efe2c4ae20fbb296665bf3838857ab201f1a", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) (async) ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r4) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r4) (async) [ 1864.350459] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1864.357706] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1864.364953] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.372198] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:27 executing program 5: r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r0) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) (async) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r0) (async) 23:51:27 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) 23:51:27 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x13004, &(0x7f0000000040), 0x2, r2}) [ 1864.440001] FAULT_INJECTION: forcing a failure. [ 1864.440001] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.467082] CPU: 0 PID: 6520 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1864.474908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1864.484256] Call Trace: 23:51:27 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) r1 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = eventfd(0x0) write$eventfd(r2, &(0x7f0000000000), 0x8) (async) ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x13004, &(0x7f0000000040), 0x2, r2}) 23:51:27 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r2, 0x201}, 0x14}}, 0x0) [ 1864.486843] dump_stack+0x1b2/0x281 [ 1864.490471] should_fail.cold+0x10a/0x149 [ 1864.494617] should_failslab+0xd6/0x130 [ 1864.498598] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1864.503704] __kmalloc_node+0x38/0x70 [ 1864.507502] blk_mq_alloc_rq_map+0xd2/0x220 [ 1864.511824] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1864.516492] blk_mq_init_sched+0x18d/0x4a0 [ 1864.520738] ? _raw_spin_unlock+0x29/0x40 [ 1864.524886] elevator_init+0x2ee/0x410 [ 1864.528946] blk_mq_sched_init+0x28/0x40 [ 1864.533007] blk_mq_init_allocated_queue+0xca0/0xfd0 23:51:27 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x14, r2, 0x201}, 0x14}}, 0x10) [ 1864.538120] blk_mq_init_queue+0x5a/0x90 [ 1864.542185] loop_add+0x303/0x830 [ 1864.545633] ? loop_queue_rq+0x280/0x280 [ 1864.549682] ? loop_queue_work+0x21e0/0x21e0 [ 1864.554181] loop_control_ioctl+0x11a/0x3f0 [ 1864.558542] ? loop_lookup+0x190/0x190 [ 1864.562423] ? SyS_write+0x1b7/0x210 [ 1864.566132] ? loop_lookup+0x190/0x190 [ 1864.570021] do_vfs_ioctl+0x75a/0xff0 [ 1864.573816] ? lock_acquire+0x170/0x3f0 [ 1864.577795] ? ioctl_preallocate+0x1a0/0x1a0 [ 1864.582199] ? __fget+0x265/0x3e0 [ 1864.585646] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.589616] ? security_file_ioctl+0x83/0xb0 [ 1864.594021] SyS_ioctl+0x7f/0xb0 [ 1864.597384] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.601356] do_syscall_64+0x1d5/0x640 [ 1864.605242] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1864.610424] RIP: 0033:0x7f57bdb1f209 [ 1864.614125] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1864.621832] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1864.629098] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 23:51:27 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 42) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:27 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000000c0)=""/40, &(0x7f0000000100)=0x28) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) setsockopt$inet6_dccp_buf(r2, 0x21, 0x80, &(0x7f0000000140)="ceabae55e8d5eb4ddb86e8142b82291b0e23d93ad4201d1472a581eab8c97325f6df39859807a676a6de97468af5d4219bd7cf4c9880600907f1ad6118a3c9d3ebcc2fb0dcb68889e1fed8cab7d836807b87b80934352e6b9a1d4978d13e5933ba29ae80a41822a853487827014a0ca71fe0bf28990a002374d18c3c8782fa3f691f1861ed091a331c1dd5e8a99a6f8383ef72", 0x93) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040), 0x2) 23:51:27 executing program 3: r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000100), r1) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)={0x30, 0x0, 0x201, 0x0, 0x0, {}, [@NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @rand_addr=' \x01\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x8000}, 0x10) 23:51:27 executing program 5: r0 = ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r0) 23:51:27 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) [ 1864.636357] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1864.643614] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1864.650875] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:27 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x1, 0x1f, 0x0, 0x2633, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x80, 0x400, 0x8, 0x900, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x7}, 0x48) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:27 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r1}, 0x4) [ 1864.740627] FAULT_INJECTION: forcing a failure. [ 1864.740627] name failslab, interval 1, probability 0, space 0, times 0 [ 1864.752263] CPU: 0 PID: 6565 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1864.760055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1864.769425] Call Trace: [ 1864.772017] dump_stack+0x1b2/0x281 [ 1864.775655] should_fail.cold+0x10a/0x149 [ 1864.779806] should_failslab+0xd6/0x130 [ 1864.783781] kmem_cache_alloc_node_trace+0x25a/0x400 23:51:27 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:27 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r1}, 0x4) [ 1864.788889] __kmalloc_node+0x38/0x70 [ 1864.792690] blk_mq_alloc_rq_map+0x113/0x220 [ 1864.797099] blk_mq_sched_alloc_tags+0xaa/0x240 [ 1864.801769] blk_mq_init_sched+0x18d/0x4a0 [ 1864.806005] ? _raw_spin_unlock+0x29/0x40 [ 1864.810158] elevator_init+0x2ee/0x410 [ 1864.814048] blk_mq_sched_init+0x28/0x40 [ 1864.818110] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1864.823222] blk_mq_init_queue+0x5a/0x90 [ 1864.827284] loop_add+0x303/0x830 [ 1864.830735] ? loop_queue_rq+0x280/0x280 [ 1864.834794] ? loop_queue_work+0x21e0/0x21e0 23:51:27 executing program 5: r0 = bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={r0, 0xe0, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000000)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x5, &(0x7f0000000040)=[0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x8, &(0x7f00000000c0)=[{}, {}], 0x10, 0x10, &(0x7f0000000100), &(0x7f0000000140), 0x8, 0x10, 0x8, 0x8, &(0x7f0000000180)}}, 0x10) bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f0000000300)={r1}, 0x4) [ 1864.839206] loop_control_ioctl+0x11a/0x3f0 [ 1864.843525] ? loop_lookup+0x190/0x190 [ 1864.847402] ? SyS_write+0x1b7/0x210 [ 1864.851124] ? loop_lookup+0x190/0x190 [ 1864.855098] do_vfs_ioctl+0x75a/0xff0 [ 1864.859428] ? lock_acquire+0x170/0x3f0 [ 1864.863400] ? ioctl_preallocate+0x1a0/0x1a0 [ 1864.867821] ? __fget+0x265/0x3e0 [ 1864.871338] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.875311] ? security_file_ioctl+0x83/0xb0 [ 1864.879716] SyS_ioctl+0x7f/0xb0 [ 1864.883183] ? do_vfs_ioctl+0xff0/0xff0 [ 1864.887247] do_syscall_64+0x1d5/0x640 23:51:27 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x1, {0x20, 0x3ff, 0x9, 0x8, 0x6, 0x5}}) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x7fff, {0x4, 0x648, 0x1d, 0x2, 0x7, 0xfe}}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getuid() getuid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x81, 0x2, 0x5, 0x1ff}, 0x18, [0x9, 0x40, 0x7f, 0x3f, 0xffff, 0x0, 0x1, 0xffff, 0xfffffffe, 0x2, 0x0, 0x3ff, 0x3fe, 0x0, 0x1, 0x8000, 0x0, 0x2, 0x6, 0x8000, 0x1, 0xae9, 0x1, 0xffffb7be, 0x8, 0x5cf0, 0xff, 0xfff, 0x9, 0x4, 0x5, 0xdc1, 0x1, 0x8, 0x2, 0x777c, 0x1211, 0x7, 0xfffff50d, 0x0, 0xc000000, 0x56, 0x7, 0x6, 0x5, 0x7d, 0x69, 0x0, 0x4, 0x2, 0xffffffc0, 0x2, 0x54, 0x3, 0xfff, 0x7fff, 0x1, 0x7fffffff, 0x3, 0x1, 0x1f, 0x3, 0x31, 0x6], [0x9, 0x4, 0x9, 0x9, 0x7, 0x2, 0x9, 0x7, 0x1, 0x4f, 0x5, 0x5, 0x8, 0x1, 0x101, 0x0, 0x1e6, 0x1, 0x8bb3, 0x71, 0x200, 0x1, 0xffffffff, 0x6, 0x80, 0x1, 0x3, 0x81, 0x8, 0x3, 0x4, 0x7f, 0x0, 0x4, 0x2, 0xfffffff9, 0x1, 0xffff, 0x8, 0x1, 0x7, 0x6, 0x7fffffff, 0x6, 0x4, 0x80000001, 0x0, 0x0, 0x7, 0x3f, 0x6, 0xfff, 0xb34, 0x40, 0x344, 0x1, 0x80, 0x1, 0xffffffff, 0x2e4, 0xe6, 0x7f, 0xf5e8, 0x20], [0x100, 0x547b, 0x6, 0x7, 0x4, 0x65, 0x8, 0x0, 0x8, 0x1, 0x6, 0x200, 0x7ff, 0x9, 0x0, 0x9, 0x8000, 0x8000, 0x1, 0x9, 0x7ff, 0x9, 0x6, 0xfffffffb, 0xffff, 0x2, 0x4, 0x1, 0xb91, 0x3, 0x100, 0x0, 0xfffeffff, 0x3, 0xffff8000, 0x7, 0x100, 0x8001, 0x0, 0x9, 0x100, 0x0, 0x8, 0x7, 0x1f, 0x9, 0xfffffffa, 0xf23, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0xff, 0x7, 0x2, 0xb90, 0x5, 0x3, 0x1, 0xff, 0x2, 0x8, 0x1], [0x73f5, 0x7, 0x80, 0x8, 0x1, 0xfffffff9, 0x1, 0xf0, 0x0, 0x9, 0x5, 0x6, 0x2000, 0x10000, 0x5, 0x5, 0x2, 0x100, 0xfffffffc, 0x7fff, 0x9, 0x4, 0xca8, 0x9, 0x6b000000, 0x7fffffff, 0x10001, 0x8, 0x8, 0x1fffc000, 0x1, 0x7, 0x8, 0x5, 0x401, 0x0, 0x10b, 0xffffffff, 0x1ff, 0x1, 0x9, 0x1, 0x1, 0xfff, 0x2, 0x6, 0x2, 0x8, 0x4e0, 0x9, 0x3, 0x10000, 0x8, 0x2, 0x4, 0x9, 0x2, 0x2, 0xff, 0x7fff, 0x1ff, 0x401, 0xf3, 0x401]}, 0x45c) ioctl$SIOCGETVIFCNT(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0x1}) [ 1864.891138] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1864.896420] RIP: 0033:0x7f57bdb1f209 [ 1864.900122] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1864.907829] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1864.915213] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1864.922482] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1864.929766] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:27 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) ioctl$UI_GET_VERSION(0xffffffffffffffff, 0x8004552d, &(0x7f0000000080)) 23:51:27 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 43) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) [ 1864.937031] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1864.995221] FAULT_INJECTION: forcing a failure. [ 1864.995221] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1865.007443] CPU: 0 PID: 6589 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1865.015235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1865.024567] Call Trace: [ 1865.027139] dump_stack+0x1b2/0x281 [ 1865.030748] should_fail.cold+0x10a/0x149 [ 1865.034881] __alloc_pages_nodemask+0x22c/0x2720 [ 1865.039617] ? kasan_kmalloc+0xeb/0x160 [ 1865.043586] ? blk_mq_alloc_rq_map+0x113/0x220 [ 1865.048242] ? blk_mq_sched_alloc_tags+0xaa/0x240 [ 1865.053062] ? elevator_init+0x2ee/0x410 [ 1865.057101] ? blk_mq_sched_init+0x28/0x40 [ 1865.061331] ? blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1865.066610] ? loop_control_ioctl+0x11a/0x3f0 [ 1865.071096] ? do_vfs_ioctl+0x75a/0xff0 [ 1865.075051] ? do_syscall_64+0x1d5/0x640 [ 1865.079091] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1865.084449] ? __mutex_unlock_slowpath+0x75/0x770 [ 1865.089281] ? fs_reclaim_release+0xd0/0x110 [ 1865.093670] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1865.098500] ? __lockdep_init_map+0x100/0x560 [ 1865.102983] ? _find_next_bit+0xdb/0x100 [ 1865.107031] ? __cpu_to_node+0x7b/0xa0 [ 1865.110905] ? blk_mq_hw_queue_to_node+0x9f/0xf0 [ 1865.115645] blk_mq_alloc_rqs+0x227/0x6d0 [ 1865.119786] ? blk_mq_alloc_rq_map+0x9d/0x220 [ 1865.124261] blk_mq_sched_alloc_tags+0x112/0x240 [ 1865.128997] blk_mq_init_sched+0x18d/0x4a0 [ 1865.133211] ? _raw_spin_unlock+0x29/0x40 [ 1865.137349] elevator_init+0x2ee/0x410 [ 1865.141223] blk_mq_sched_init+0x28/0x40 [ 1865.145270] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1865.150379] blk_mq_init_queue+0x5a/0x90 [ 1865.154420] loop_add+0x303/0x830 [ 1865.157870] ? loop_queue_rq+0x280/0x280 [ 1865.162020] ? loop_queue_work+0x21e0/0x21e0 [ 1865.166426] loop_control_ioctl+0x11a/0x3f0 [ 1865.170732] ? loop_lookup+0x190/0x190 [ 1865.174614] ? SyS_write+0x1b7/0x210 [ 1865.178309] ? loop_lookup+0x190/0x190 [ 1865.182182] do_vfs_ioctl+0x75a/0xff0 [ 1865.186493] ? lock_acquire+0x170/0x3f0 [ 1865.190446] ? ioctl_preallocate+0x1a0/0x1a0 [ 1865.194839] ? __fget+0x265/0x3e0 [ 1865.198271] ? do_vfs_ioctl+0xff0/0xff0 [ 1865.202228] ? security_file_ioctl+0x83/0xb0 [ 1865.206621] SyS_ioctl+0x7f/0xb0 [ 1865.209968] ? do_vfs_ioctl+0xff0/0xff0 [ 1865.213932] do_syscall_64+0x1d5/0x640 [ 1865.217808] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1865.222987] RIP: 0033:0x7f57bdb1f209 [ 1865.226681] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1865.234366] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1865.241618] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1865.248876] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1865.256127] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1865.263389] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:28 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000000c0)=""/40, &(0x7f0000000100)=0x28) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) setsockopt$inet6_dccp_buf(r2, 0x21, 0x80, &(0x7f0000000140)="ceabae55e8d5eb4ddb86e8142b82291b0e23d93ad4201d1472a581eab8c97325f6df39859807a676a6de97468af5d4219bd7cf4c9880600907f1ad6118a3c9d3ebcc2fb0dcb68889e1fed8cab7d836807b87b80934352e6b9a1d4978d13e5933ba29ae80a41822a853487827014a0ca71fe0bf28990a002374d18c3c8782fa3f691f1861ed091a331c1dd5e8a99a6f8383ef72", 0x93) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040), 0x2) eventfd2(0x0, 0x0) (async) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) (async) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000000c0)=""/40, &(0x7f0000000100)=0x28) (async) socket(0x18, 0x0, 0xa7) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) (async) setsockopt$inet6_dccp_buf(r2, 0x21, 0x80, &(0x7f0000000140)="ceabae55e8d5eb4ddb86e8142b82291b0e23d93ad4201d1472a581eab8c97325f6df39859807a676a6de97468af5d4219bd7cf4c9880600907f1ad6118a3c9d3ebcc2fb0dcb68889e1fed8cab7d836807b87b80934352e6b9a1d4978d13e5933ba29ae80a41822a853487827014a0ca71fe0bf28990a002374d18c3c8782fa3f691f1861ed091a331c1dd5e8a99a6f8383ef72", 0x93) (async) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040), 0x2) (async) 23:51:28 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:28 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async, rerun: 64) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (rerun: 64) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x1, 0x1f, 0x0, 0x2633, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x80, 0x400, 0x8, 0x900, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x7}, 0x48) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:28 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 44) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:28 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x1, {0x20, 0x3ff, 0x9, 0x8, 0x6, 0x5}}) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x7fff, {0x4, 0x648, 0x1d, 0x2, 0x7, 0xfe}}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getuid() getuid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x81, 0x2, 0x5, 0x1ff}, 0x18, [0x9, 0x40, 0x7f, 0x3f, 0xffff, 0x0, 0x1, 0xffff, 0xfffffffe, 0x2, 0x0, 0x3ff, 0x3fe, 0x0, 0x1, 0x8000, 0x0, 0x2, 0x6, 0x8000, 0x1, 0xae9, 0x1, 0xffffb7be, 0x8, 0x5cf0, 0xff, 0xfff, 0x9, 0x4, 0x5, 0xdc1, 0x1, 0x8, 0x2, 0x777c, 0x1211, 0x7, 0xfffff50d, 0x0, 0xc000000, 0x56, 0x7, 0x6, 0x5, 0x7d, 0x69, 0x0, 0x4, 0x2, 0xffffffc0, 0x2, 0x54, 0x3, 0xfff, 0x7fff, 0x1, 0x7fffffff, 0x3, 0x1, 0x1f, 0x3, 0x31, 0x6], [0x9, 0x4, 0x9, 0x9, 0x7, 0x2, 0x9, 0x7, 0x1, 0x4f, 0x5, 0x5, 0x8, 0x1, 0x101, 0x0, 0x1e6, 0x1, 0x8bb3, 0x71, 0x200, 0x1, 0xffffffff, 0x6, 0x80, 0x1, 0x3, 0x81, 0x8, 0x3, 0x4, 0x7f, 0x0, 0x4, 0x2, 0xfffffff9, 0x1, 0xffff, 0x8, 0x1, 0x7, 0x6, 0x7fffffff, 0x6, 0x4, 0x80000001, 0x0, 0x0, 0x7, 0x3f, 0x6, 0xfff, 0xb34, 0x40, 0x344, 0x1, 0x80, 0x1, 0xffffffff, 0x2e4, 0xe6, 0x7f, 0xf5e8, 0x20], [0x100, 0x547b, 0x6, 0x7, 0x4, 0x65, 0x8, 0x0, 0x8, 0x1, 0x6, 0x200, 0x7ff, 0x9, 0x0, 0x9, 0x8000, 0x8000, 0x1, 0x9, 0x7ff, 0x9, 0x6, 0xfffffffb, 0xffff, 0x2, 0x4, 0x1, 0xb91, 0x3, 0x100, 0x0, 0xfffeffff, 0x3, 0xffff8000, 0x7, 0x100, 0x8001, 0x0, 0x9, 0x100, 0x0, 0x8, 0x7, 0x1f, 0x9, 0xfffffffa, 0xf23, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0xff, 0x7, 0x2, 0xb90, 0x5, 0x3, 0x1, 0xff, 0x2, 0x8, 0x1], [0x73f5, 0x7, 0x80, 0x8, 0x1, 0xfffffff9, 0x1, 0xf0, 0x0, 0x9, 0x5, 0x6, 0x2000, 0x10000, 0x5, 0x5, 0x2, 0x100, 0xfffffffc, 0x7fff, 0x9, 0x4, 0xca8, 0x9, 0x6b000000, 0x7fffffff, 0x10001, 0x8, 0x8, 0x1fffc000, 0x1, 0x7, 0x8, 0x5, 0x401, 0x0, 0x10b, 0xffffffff, 0x1ff, 0x1, 0x9, 0x1, 0x1, 0xfff, 0x2, 0x6, 0x2, 0x8, 0x4e0, 0x9, 0x3, 0x10000, 0x8, 0x2, 0x4, 0x9, 0x2, 0x2, 0xff, 0x7fff, 0x1ff, 0x401, 0xf3, 0x401]}, 0x45c) ioctl$SIOCGETVIFCNT(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0x1}) openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) (async) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) (async) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x1, {0x20, 0x3ff, 0x9, 0x8, 0x6, 0x5}}) (async) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x7fff, {0x4, 0x648, 0x1d, 0x2, 0x7, 0xfe}}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getuid() (async) getuid() (async) write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x81, 0x2, 0x5, 0x1ff}, 0x18, [0x9, 0x40, 0x7f, 0x3f, 0xffff, 0x0, 0x1, 0xffff, 0xfffffffe, 0x2, 0x0, 0x3ff, 0x3fe, 0x0, 0x1, 0x8000, 0x0, 0x2, 0x6, 0x8000, 0x1, 0xae9, 0x1, 0xffffb7be, 0x8, 0x5cf0, 0xff, 0xfff, 0x9, 0x4, 0x5, 0xdc1, 0x1, 0x8, 0x2, 0x777c, 0x1211, 0x7, 0xfffff50d, 0x0, 0xc000000, 0x56, 0x7, 0x6, 0x5, 0x7d, 0x69, 0x0, 0x4, 0x2, 0xffffffc0, 0x2, 0x54, 0x3, 0xfff, 0x7fff, 0x1, 0x7fffffff, 0x3, 0x1, 0x1f, 0x3, 0x31, 0x6], [0x9, 0x4, 0x9, 0x9, 0x7, 0x2, 0x9, 0x7, 0x1, 0x4f, 0x5, 0x5, 0x8, 0x1, 0x101, 0x0, 0x1e6, 0x1, 0x8bb3, 0x71, 0x200, 0x1, 0xffffffff, 0x6, 0x80, 0x1, 0x3, 0x81, 0x8, 0x3, 0x4, 0x7f, 0x0, 0x4, 0x2, 0xfffffff9, 0x1, 0xffff, 0x8, 0x1, 0x7, 0x6, 0x7fffffff, 0x6, 0x4, 0x80000001, 0x0, 0x0, 0x7, 0x3f, 0x6, 0xfff, 0xb34, 0x40, 0x344, 0x1, 0x80, 0x1, 0xffffffff, 0x2e4, 0xe6, 0x7f, 0xf5e8, 0x20], [0x100, 0x547b, 0x6, 0x7, 0x4, 0x65, 0x8, 0x0, 0x8, 0x1, 0x6, 0x200, 0x7ff, 0x9, 0x0, 0x9, 0x8000, 0x8000, 0x1, 0x9, 0x7ff, 0x9, 0x6, 0xfffffffb, 0xffff, 0x2, 0x4, 0x1, 0xb91, 0x3, 0x100, 0x0, 0xfffeffff, 0x3, 0xffff8000, 0x7, 0x100, 0x8001, 0x0, 0x9, 0x100, 0x0, 0x8, 0x7, 0x1f, 0x9, 0xfffffffa, 0xf23, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0xff, 0x7, 0x2, 0xb90, 0x5, 0x3, 0x1, 0xff, 0x2, 0x8, 0x1], [0x73f5, 0x7, 0x80, 0x8, 0x1, 0xfffffff9, 0x1, 0xf0, 0x0, 0x9, 0x5, 0x6, 0x2000, 0x10000, 0x5, 0x5, 0x2, 0x100, 0xfffffffc, 0x7fff, 0x9, 0x4, 0xca8, 0x9, 0x6b000000, 0x7fffffff, 0x10001, 0x8, 0x8, 0x1fffc000, 0x1, 0x7, 0x8, 0x5, 0x401, 0x0, 0x10b, 0xffffffff, 0x1ff, 0x1, 0x9, 0x1, 0x1, 0xfff, 0x2, 0x6, 0x2, 0x8, 0x4e0, 0x9, 0x3, 0x10000, 0x8, 0x2, 0x4, 0x9, 0x2, 0x2, 0xff, 0x7fff, 0x1ff, 0x401, 0xf3, 0x401]}, 0x45c) (async) ioctl$SIOCGETVIFCNT(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0x1}) (async) 23:51:28 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) write$eventfd(r2, &(0x7f00000000c0)=0x1f5b, 0x8) 23:51:28 executing program 5: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_SET_RELBIT(r0, 0x40045566, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000040)={0x1, {0x20, 0x3ff, 0x9, 0x8, 0x6, 0x5}}) (async) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000000)={0x7fff, {0x4, 0x648, 0x1d, 0x2, 0x7, 0xfe}}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getuid() (async) getuid() write$uinput_user_dev(0xffffffffffffffff, &(0x7f00000003c0)={'syz0\x00', {0x81, 0x2, 0x5, 0x1ff}, 0x18, [0x9, 0x40, 0x7f, 0x3f, 0xffff, 0x0, 0x1, 0xffff, 0xfffffffe, 0x2, 0x0, 0x3ff, 0x3fe, 0x0, 0x1, 0x8000, 0x0, 0x2, 0x6, 0x8000, 0x1, 0xae9, 0x1, 0xffffb7be, 0x8, 0x5cf0, 0xff, 0xfff, 0x9, 0x4, 0x5, 0xdc1, 0x1, 0x8, 0x2, 0x777c, 0x1211, 0x7, 0xfffff50d, 0x0, 0xc000000, 0x56, 0x7, 0x6, 0x5, 0x7d, 0x69, 0x0, 0x4, 0x2, 0xffffffc0, 0x2, 0x54, 0x3, 0xfff, 0x7fff, 0x1, 0x7fffffff, 0x3, 0x1, 0x1f, 0x3, 0x31, 0x6], [0x9, 0x4, 0x9, 0x9, 0x7, 0x2, 0x9, 0x7, 0x1, 0x4f, 0x5, 0x5, 0x8, 0x1, 0x101, 0x0, 0x1e6, 0x1, 0x8bb3, 0x71, 0x200, 0x1, 0xffffffff, 0x6, 0x80, 0x1, 0x3, 0x81, 0x8, 0x3, 0x4, 0x7f, 0x0, 0x4, 0x2, 0xfffffff9, 0x1, 0xffff, 0x8, 0x1, 0x7, 0x6, 0x7fffffff, 0x6, 0x4, 0x80000001, 0x0, 0x0, 0x7, 0x3f, 0x6, 0xfff, 0xb34, 0x40, 0x344, 0x1, 0x80, 0x1, 0xffffffff, 0x2e4, 0xe6, 0x7f, 0xf5e8, 0x20], [0x100, 0x547b, 0x6, 0x7, 0x4, 0x65, 0x8, 0x0, 0x8, 0x1, 0x6, 0x200, 0x7ff, 0x9, 0x0, 0x9, 0x8000, 0x8000, 0x1, 0x9, 0x7ff, 0x9, 0x6, 0xfffffffb, 0xffff, 0x2, 0x4, 0x1, 0xb91, 0x3, 0x100, 0x0, 0xfffeffff, 0x3, 0xffff8000, 0x7, 0x100, 0x8001, 0x0, 0x9, 0x100, 0x0, 0x8, 0x7, 0x1f, 0x9, 0xfffffffa, 0xf23, 0x2, 0x0, 0x3ff, 0x2, 0x8001, 0xff, 0x7, 0x2, 0xb90, 0x5, 0x3, 0x1, 0xff, 0x2, 0x8, 0x1], [0x73f5, 0x7, 0x80, 0x8, 0x1, 0xfffffff9, 0x1, 0xf0, 0x0, 0x9, 0x5, 0x6, 0x2000, 0x10000, 0x5, 0x5, 0x2, 0x100, 0xfffffffc, 0x7fff, 0x9, 0x4, 0xca8, 0x9, 0x6b000000, 0x7fffffff, 0x10001, 0x8, 0x8, 0x1fffc000, 0x1, 0x7, 0x8, 0x5, 0x401, 0x0, 0x10b, 0xffffffff, 0x1ff, 0x1, 0x9, 0x1, 0x1, 0xfff, 0x2, 0x6, 0x2, 0x8, 0x4e0, 0x9, 0x3, 0x10000, 0x8, 0x2, 0x4, 0x9, 0x2, 0x2, 0xff, 0x7fff, 0x1ff, 0x401, 0xf3, 0x401]}, 0x45c) (async) ioctl$SIOCGETVIFCNT(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0x1}) 23:51:28 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = eventfd2(0x7ff, 0x1) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000040)={r0, 0x7, 0x100, r2}) 23:51:28 executing program 4: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x1, 0x1f, 0x0, 0x2633, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xc}, 0x48) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x80, 0x400, 0x8, 0x900, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x7}, 0x48) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x1, 0x1f, 0x0, 0x2633, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x0, 0x0, 0xc}, 0x48) (async) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x80, 0x400, 0x8, 0x900, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x5, 0x2, 0x7}, 0x48) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:28 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) eventfd2(0x7ff, 0x1) 23:51:28 executing program 3: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) socketpair(0x26, 0x5, 0x23e, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$MRT_DEL_MFC(r2, 0x0, 0xcd, &(0x7f0000000040)={@initdev={0xac, 0x1e, 0x0, 0x0}, @remote, 0xffffffffffffffff, "b1185dd1962d7c7e8d93d44d5d22aacbbcef9d90f346ad98ace2c3c84166df60", 0x2e8, 0xff, 0x8, 0x9}, 0x3c) r3 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r3) socket(0x10, 0x2, 0x0) r4 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x5c, r4, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x100}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x6}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x9}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x1}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x2008000}, 0x8800) r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r1) sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r3, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="00042dbd7000fcdbdf2506000000050029000100000005003800000000000500350031008000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000080) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) ioctl$KVM_HYPERV_EVENTFD(0xffffffffffffffff, 0x4018aebd, &(0x7f00000001c0)={0x2}) 23:51:28 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f0000000040)=0x4) [ 1865.660884] FAULT_INJECTION: forcing a failure. [ 1865.660884] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1865.708940] CPU: 1 PID: 6601 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1865.716758] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1865.726109] Call Trace: [ 1865.728699] dump_stack+0x1b2/0x281 [ 1865.732334] should_fail.cold+0x10a/0x149 [ 1865.736491] __alloc_pages_nodemask+0x22c/0x2720 [ 1865.741247] ? kasan_kmalloc+0xeb/0x160 [ 1865.745227] ? blk_mq_alloc_rq_map+0x113/0x220 [ 1865.749811] ? blk_mq_sched_alloc_tags+0xaa/0x240 [ 1865.754653] ? elevator_init+0x2ee/0x410 [ 1865.758716] ? loop_control_ioctl+0x11a/0x3f0 [ 1865.763210] ? do_vfs_ioctl+0x75a/0xff0 [ 1865.767298] ? do_syscall_64+0x1d5/0x640 [ 1865.771356] ? entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1865.776721] ? __mutex_unlock_slowpath+0x75/0x770 [ 1865.781567] ? fs_reclaim_release+0xd0/0x110 [ 1865.785982] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 1865.790835] ? __lockdep_init_map+0x100/0x560 [ 1865.795327] ? _find_next_bit+0xdb/0x100 [ 1865.799400] ? __cpu_to_node+0x7b/0xa0 [ 1865.803282] ? memset+0x20/0x40 23:51:28 executing program 1: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000080), 0x8) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) getsockopt$bt_sco_SCO_OPTIONS(r1, 0x11, 0x1, &(0x7f00000000c0)=""/40, &(0x7f0000000100)=0x28) (async) r2 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r2) setsockopt$inet6_dccp_buf(r2, 0x21, 0x80, &(0x7f0000000140)="ceabae55e8d5eb4ddb86e8142b82291b0e23d93ad4201d1472a581eab8c97325f6df39859807a676a6de97468af5d4219bd7cf4c9880600907f1ad6118a3c9d3ebcc2fb0dcb68889e1fed8cab7d836807b87b80934352e6b9a1d4978d13e5933ba29ae80a41822a853487827014a0ca71fe0bf28990a002374d18c3c8782fa3f691f1861ed091a331c1dd5e8a99a6f8383ef72", 0x93) getsockopt$bt_BT_SECURITY(r1, 0x112, 0x4, &(0x7f0000000040), 0x2) 23:51:28 executing program 2: r0 = eventfd2(0x0, 0x0) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1865.806562] blk_mq_alloc_rqs+0x227/0x6d0 [ 1865.810726] blk_mq_sched_alloc_tags+0x112/0x240 [ 1865.815485] blk_mq_init_sched+0x18d/0x4a0 [ 1865.819722] ? _raw_spin_unlock+0x29/0x40 [ 1865.823874] elevator_init+0x2ee/0x410 [ 1865.827770] blk_mq_sched_init+0x28/0x40 [ 1865.831823] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1865.836933] blk_mq_init_queue+0x5a/0x90 [ 1865.840976] loop_add+0x303/0x830 [ 1865.844410] ? loop_queue_rq+0x280/0x280 [ 1865.848453] ? loop_queue_work+0x21e0/0x21e0 [ 1865.852853] loop_control_ioctl+0x11a/0x3f0 [ 1865.857170] ? loop_lookup+0x190/0x190 [ 1865.861048] ? SyS_write+0x1b7/0x210 [ 1865.864754] ? loop_lookup+0x190/0x190 [ 1865.868625] do_vfs_ioctl+0x75a/0xff0 [ 1865.872414] ? lock_acquire+0x170/0x3f0 [ 1865.876377] ? ioctl_preallocate+0x1a0/0x1a0 [ 1865.880763] ? __fget+0x265/0x3e0 [ 1865.884205] ? do_vfs_ioctl+0xff0/0xff0 [ 1865.888231] ? security_file_ioctl+0x83/0xb0 [ 1865.892652] SyS_ioctl+0x7f/0xb0 [ 1865.896006] ? do_vfs_ioctl+0xff0/0xff0 [ 1865.899969] do_syscall_64+0x1d5/0x640 [ 1865.903848] entry_SYSCALL_64_after_hwframe+0x46/0xbb 23:51:28 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 45) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:28 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f0000000040)=0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f0000000040)=0x4) (async) 23:51:28 executing program 2: r0 = eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) [ 1865.909020] RIP: 0033:0x7f57bdb1f209 [ 1865.912715] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1865.920412] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1865.927661] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1865.934915] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1865.942195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1865.949442] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:28 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r6, &(0x7f0000000000), 0x8) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) 23:51:28 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) socketpair(0x21, 0xa, 0x80000001, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x4) 23:51:28 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) [ 1866.043581] FAULT_INJECTION: forcing a failure. [ 1866.043581] name failslab, interval 1, probability 0, space 0, times 0 [ 1866.059857] CPU: 0 PID: 6669 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1866.067677] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1866.077027] Call Trace: [ 1866.079618] dump_stack+0x1b2/0x281 [ 1866.083246] should_fail.cold+0x10a/0x149 [ 1866.087419] should_failslab+0xd6/0x130 [ 1866.091395] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1866.096523] elevator_alloc+0x7a/0x1f0 [ 1866.100417] dd_init_queue+0x20/0x420 [ 1866.104222] blk_mq_init_sched+0x214/0x4a0 [ 1866.108453] ? _raw_spin_unlock+0x29/0x40 [ 1866.112587] elevator_init+0x2ee/0x410 [ 1866.116457] blk_mq_sched_init+0x28/0x40 [ 1866.120505] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1866.125620] blk_mq_init_queue+0x5a/0x90 [ 1866.129672] loop_add+0x303/0x830 [ 1866.133106] ? loop_queue_rq+0x280/0x280 [ 1866.137142] ? loop_queue_work+0x21e0/0x21e0 [ 1866.141559] loop_control_ioctl+0x11a/0x3f0 [ 1866.145857] ? loop_lookup+0x190/0x190 [ 1866.149732] ? SyS_write+0x1b7/0x210 [ 1866.153439] ? loop_lookup+0x190/0x190 [ 1866.157327] do_vfs_ioctl+0x75a/0xff0 [ 1866.161117] ? lock_acquire+0x170/0x3f0 [ 1866.165068] ? ioctl_preallocate+0x1a0/0x1a0 [ 1866.169455] ? __fget+0x265/0x3e0 [ 1866.172903] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.176860] ? security_file_ioctl+0x83/0xb0 [ 1866.181259] SyS_ioctl+0x7f/0xb0 [ 1866.184604] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.188557] do_syscall_64+0x1d5/0x640 [ 1866.192475] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1866.197660] RIP: 0033:0x7f57bdb1f209 [ 1866.201349] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1866.209057] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1866.216309] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1866.223565] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1866.230815] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r6, &(0x7f0000000000), 0x8) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) 23:51:29 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 23:51:29 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f0000000040)=0x4) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) getsockopt$bt_BT_DEFER_SETUP(0xffffffffffffffff, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f0000000040)=0x4) (async) 23:51:29 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 46) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) [ 1866.238062] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1866.296428] FAULT_INJECTION: forcing a failure. [ 1866.296428] name failslab, interval 1, probability 0, space 0, times 0 [ 1866.311239] CPU: 1 PID: 6685 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1866.319044] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1866.328385] Call Trace: [ 1866.330960] dump_stack+0x1b2/0x281 [ 1866.334572] should_fail.cold+0x10a/0x149 [ 1866.338699] should_failslab+0xd6/0x130 [ 1866.342655] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1866.347747] dd_init_queue+0x94/0x420 [ 1866.351529] blk_mq_init_sched+0x214/0x4a0 [ 1866.355741] ? _raw_spin_unlock+0x29/0x40 [ 1866.359869] elevator_init+0x2ee/0x410 [ 1866.363735] blk_mq_sched_init+0x28/0x40 [ 1866.367775] blk_mq_init_allocated_queue+0xca0/0xfd0 [ 1866.372861] blk_mq_init_queue+0x5a/0x90 [ 1866.376900] loop_add+0x303/0x830 [ 1866.380330] ? loop_queue_rq+0x280/0x280 [ 1866.384369] ? loop_queue_work+0x21e0/0x21e0 [ 1866.388758] loop_control_ioctl+0x11a/0x3f0 [ 1866.393059] ? loop_lookup+0x190/0x190 [ 1866.396932] ? SyS_write+0x1b7/0x210 [ 1866.400641] ? loop_lookup+0x190/0x190 [ 1866.404515] do_vfs_ioctl+0x75a/0xff0 [ 1866.408300] ? lock_acquire+0x170/0x3f0 [ 1866.412256] ? ioctl_preallocate+0x1a0/0x1a0 [ 1866.416643] ? __fget+0x265/0x3e0 [ 1866.420074] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.424033] ? security_file_ioctl+0x83/0xb0 [ 1866.428430] SyS_ioctl+0x7f/0xb0 [ 1866.431780] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.435738] do_syscall_64+0x1d5/0x640 [ 1866.439706] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1866.444879] RIP: 0033:0x7f57bdb1f209 [ 1866.448598] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1866.456293] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1866.463625] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1866.470886] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1866.479265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1866.486513] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:29 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0xfffffffa, 0x80000) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r6, &(0x7f0000000000), 0x8) r7 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) setsockopt$bt_BT_FLUSHABLE(r7, 0x112, 0x8, &(0x7f00000002c0)=0x81, 0x4) 23:51:29 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) socketpair(0x21, 0xa, 0x80000001, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x4) 23:51:29 executing program 2: ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 23:51:29 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) 23:51:29 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 47) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:29 executing program 2: eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 23:51:29 executing program 1: r0 = eventfd2(0x0, 0x0) eventfd2(0xfffffffa, 0x80000) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) eventfd2(0x0, 0x0) (async) eventfd2(0xfffffffa, 0x80000) (async) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) (async) 23:51:29 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) 23:51:29 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) socketpair(0x21, 0xa, 0x80000001, &(0x7f0000000000)={0xffffffffffffffff}) getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000040)=0x9, &(0x7f0000000080)=0x4) 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r4 = socket$igmp(0x2, 0x3, 0x2) r5 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r5, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r4, 0x89e0, &(0x7f0000000080)={0x1}) r6 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r6, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r6, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) ioctl$KVM_IRQFD(r2, 0x4020ae76, &(0x7f0000000380)) 23:51:29 executing program 2: eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 23:51:29 executing program 1: r0 = eventfd2(0x0, 0x0) (async) eventfd2(0xfffffffa, 0x80000) read$eventfd(r0, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r5, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r5, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) write$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 23:51:29 executing program 5: bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (async) [ 1866.716452] FAULT_INJECTION: forcing a failure. [ 1866.716452] name failslab, interval 1, probability 0, space 0, times 0 23:51:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000080)={0x8, {0x0, 0x3f, 0x1, 0x0, 0xfffffffb, 0x6}}) r1 = eventfd2(0xffffffff, 0x801) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) [ 1866.782209] CPU: 1 PID: 6705 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1866.790029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1866.799382] Call Trace: [ 1866.801971] dump_stack+0x1b2/0x281 [ 1866.805604] should_fail.cold+0x10a/0x149 [ 1866.809755] should_failslab+0xd6/0x130 [ 1866.813729] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1866.813765] alloc_disk_node+0x5d/0x3d0 [ 1866.813776] loop_add+0x3cb/0x830 [ 1866.813784] ? loop_queue_rq+0x280/0x280 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r5, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r5, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) [ 1866.813791] ? loop_queue_work+0x21e0/0x21e0 [ 1866.813803] loop_control_ioctl+0x11a/0x3f0 [ 1866.813811] ? loop_lookup+0x190/0x190 [ 1866.813822] ? SyS_write+0x1b7/0x210 [ 1866.846741] ? loop_lookup+0x190/0x190 [ 1866.850638] do_vfs_ioctl+0x75a/0xff0 [ 1866.854444] ? lock_acquire+0x170/0x3f0 [ 1866.858413] ? ioctl_preallocate+0x1a0/0x1a0 [ 1866.862814] ? __fget+0x265/0x3e0 [ 1866.866259] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.870211] ? security_file_ioctl+0x83/0xb0 [ 1866.874597] SyS_ioctl+0x7f/0xb0 [ 1866.877942] ? do_vfs_ioctl+0xff0/0xff0 [ 1866.881903] do_syscall_64+0x1d5/0x640 [ 1866.885778] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1866.890946] RIP: 0033:0x7f57bdb1f209 [ 1866.894638] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1866.902329] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1866.909576] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1866.916824] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1866.924072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 23:51:29 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 48) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r5, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r5, &(0x7f0000000000), 0x8) 23:51:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000080)={0x8, {0x0, 0x3f, 0x1, 0x0, 0xfffffffb, 0x6}}) (async) r1 = eventfd2(0xffffffff, 0x801) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:29 executing program 5: ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000080)={0x6, 0x7fffffff, 0x3}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) 23:51:29 executing program 2: eventfd2(0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) 23:51:29 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=""/94, &(0x7f00000000c0)=0x71) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) [ 1866.931327] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:29 executing program 5: ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000080)={0x6, 0x7fffffff, 0x3}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000080)={0x6, 0x7fffffff, 0x3}) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) (async) 23:51:29 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) read$eventfd(r5, &(0x7f0000000000), 0x8) [ 1867.016614] FAULT_INJECTION: forcing a failure. [ 1867.016614] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.033382] CPU: 1 PID: 6743 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1867.041195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1867.050720] Call Trace: [ 1867.053305] dump_stack+0x1b2/0x281 [ 1867.056935] should_fail.cold+0x10a/0x149 [ 1867.061091] should_failslab+0xd6/0x130 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r5, &(0x7f0000000000), 0x8) 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) [ 1867.065075] kmem_cache_alloc_node_trace+0x25a/0x400 [ 1867.070190] __kmalloc_node+0x38/0x70 [ 1867.073991] disk_expand_part_tbl+0x17a/0x340 [ 1867.078492] alloc_disk_node+0xf1/0x3d0 [ 1867.082467] loop_add+0x3cb/0x830 [ 1867.085911] ? loop_queue_rq+0x280/0x280 [ 1867.089965] ? loop_queue_work+0x21e0/0x21e0 [ 1867.094373] loop_control_ioctl+0x11a/0x3f0 [ 1867.098689] ? loop_lookup+0x190/0x190 [ 1867.102569] ? SyS_write+0x1b7/0x210 [ 1867.106288] ? loop_lookup+0x190/0x190 [ 1867.110176] do_vfs_ioctl+0x75a/0xff0 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) [ 1867.113974] ? lock_acquire+0x170/0x3f0 [ 1867.117946] ? ioctl_preallocate+0x1a0/0x1a0 [ 1867.122355] ? __fget+0x265/0x3e0 [ 1867.125804] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.129775] ? security_file_ioctl+0x83/0xb0 [ 1867.134181] SyS_ioctl+0x7f/0xb0 [ 1867.137547] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.141527] do_syscall_64+0x1d5/0x640 [ 1867.145420] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1867.150604] RIP: 0033:0x7f57bdb1f209 [ 1867.154309] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) read$eventfd(0xffffffffffffffff, &(0x7f0000000000), 0x8) 23:51:30 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 49) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_ABS_SETUP(r0, 0x401c5504, &(0x7f0000000080)={0x8, {0x0, 0x3f, 0x1, 0x0, 0xfffffffb, 0x6}}) (async) r1 = eventfd2(0xffffffff, 0x801) read$eventfd(r1, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:30 executing program 2: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = socket$igmp(0x2, 0x3, 0x2) r4 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r4, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) ioctl$SIOCGETMIFCNT_IN6(r3, 0x89e0, &(0x7f0000000080)={0x1}) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(0xffffffffffffffff, 0xc06855c8, &(0x7f0000000240)={0x207, 0x1, {0x53, 0xfff, 0x1, {0x478, 0x9}, {0x0, 0x93c7}, @cond=[{0x9, 0x803, 0x735, 0x0, 0x0, 0xa8}, {0x6, 0xaf, 0x137, 0x2, 0x1, 0x5}]}, {0x0, 0x4613, 0x20, {0x3, 0x63}, {0x1000, 0x2b31}, @period={0x59, 0x2ad9, 0x3ff, 0x3ff, 0x6, {0x7f, 0x9, 0x1, 0x3}, 0x3, &(0x7f00000001c0)=[0xfff9, 0x92, 0x20]}}}) write$input_event(r5, &(0x7f0000000100)={{0x77359400}, 0x4, 0xdde2, 0xff}, 0x18) read$eventfd(r5, &(0x7f0000000000), 0x8) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) 23:51:30 executing program 5: ioctl$UI_END_FF_ERASE(0xffffffffffffffff, 0x400c55cb, &(0x7f0000000080)={0x6, 0x7fffffff, 0x3}) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0x0) (async) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) 23:51:30 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=""/94, &(0x7f00000000c0)=0x71) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=""/94, &(0x7f00000000c0)=0x71) (async) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) (async) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) (async) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) (async) 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) socket$igmp(0x2, 0x3, 0x2) r3 = socket$igmp(0x2, 0x3, 0x2) getsockopt$MRT(r3, 0x0, 0xd0, &(0x7f0000000300), &(0x7f00000003c0)=0x4) r4 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r4, &(0x7f0000000000), 0x8) [ 1867.162014] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1867.169288] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1867.176566] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.183839] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.191107] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:30 executing program 5: times(&(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xc0fb5c674c6bb29b) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000100)={0x2, 0x6, {0x52, 0x200, 0x7, {0x6, 0x401}, {0x5, 0x101}, @cond=[{0x0, 0x5, 0x2, 0x3c2, 0x1000, 0x3}, {0x7670, 0x0, 0x8, 0x3, 0x4, 0x400}]}, {0x6, 0x3f, 0x8001, {}, {0x8000, 0x1ff}, @period={0x5d, 0xa965, 0xfff, 0x6, 0x9, {0x80, 0x3f, 0x4, 0x1000}, 0x1, &(0x7f00000000c0)=[0x6]}}}) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') 23:51:30 executing program 1: socketpair(0x28, 0x802, 0xfffffffc, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r2, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004021}, 0x48000) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) socket$igmp(0x2, 0x3, 0x2) socket$igmp(0x2, 0x3, 0x2) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r3, &(0x7f0000000000), 0x8) 23:51:30 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) (async) getsockopt$bt_sco_SCO_OPTIONS(0xffffffffffffffff, 0x11, 0x1, &(0x7f0000000040)=""/94, &(0x7f00000000c0)=0x71) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, 0x0) (async) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:30 executing program 5: times(&(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xc0fb5c674c6bb29b) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000100)={0x2, 0x6, {0x52, 0x200, 0x7, {0x6, 0x401}, {0x5, 0x101}, @cond=[{0x0, 0x5, 0x2, 0x3c2, 0x1000, 0x3}, {0x7670, 0x0, 0x8, 0x3, 0x4, 0x400}]}, {0x6, 0x3f, 0x8001, {}, {0x8000, 0x1ff}, @period={0x5d, 0xa965, 0xfff, 0x6, 0x9, {0x80, 0x3f, 0x4, 0x1000}, 0x1, &(0x7f00000000c0)=[0x6]}}}) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') times(&(0x7f0000000000)) (async) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xc0fb5c674c6bb29b) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) (async) openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) (async) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) (async) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000100)={0x2, 0x6, {0x52, 0x200, 0x7, {0x6, 0x401}, {0x5, 0x101}, @cond=[{0x0, 0x5, 0x2, 0x3c2, 0x1000, 0x3}, {0x7670, 0x0, 0x8, 0x3, 0x4, 0x400}]}, {0x6, 0x3f, 0x8001, {}, {0x8000, 0x1ff}, @period={0x5d, 0xa965, 0xfff, 0x6, 0x9, {0x80, 0x3f, 0x4, 0x1000}, 0x1, &(0x7f00000000c0)=[0x6]}}}) (async) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') (async) 23:51:30 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) [ 1867.327300] FAULT_INJECTION: forcing a failure. [ 1867.327300] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.354692] CPU: 1 PID: 6787 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1867.362511] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1867.371864] Call Trace: [ 1867.374448] dump_stack+0x1b2/0x281 [ 1867.378074] should_fail.cold+0x10a/0x149 [ 1867.382228] should_failslab+0xd6/0x130 [ 1867.386195] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1867.390855] rand_initialize_disk+0x46/0xa9 [ 1867.395166] alloc_disk_node+0x1f7/0x3d0 [ 1867.399209] loop_add+0x3cb/0x830 [ 1867.402652] ? loop_queue_rq+0x280/0x280 [ 1867.406700] ? loop_queue_work+0x21e0/0x21e0 [ 1867.411088] loop_control_ioctl+0x11a/0x3f0 [ 1867.415395] ? loop_lookup+0x190/0x190 [ 1867.419262] ? SyS_write+0x1b7/0x210 [ 1867.423067] ? loop_lookup+0x190/0x190 [ 1867.426942] do_vfs_ioctl+0x75a/0xff0 [ 1867.430843] ? lock_acquire+0x170/0x3f0 [ 1867.434797] ? ioctl_preallocate+0x1a0/0x1a0 [ 1867.439185] ? __fget+0x265/0x3e0 [ 1867.442628] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.446620] ? security_file_ioctl+0x83/0xb0 [ 1867.451011] SyS_ioctl+0x7f/0xb0 [ 1867.454363] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.458322] do_syscall_64+0x1d5/0x640 [ 1867.462202] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1867.467377] RIP: 0033:0x7f57bdb1f209 23:51:30 executing program 0: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0xa) ioctl$LOOP_CTL_GET_FREE(0xffffffffffffffff, 0x4c82) ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0xa) (fail_nth: 50) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) 23:51:30 executing program 1: socketpair(0x28, 0x802, 0xfffffffc, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r2, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004021}, 0x48000) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000000), 0x425d2a24a01617cb) socketpair(0x28, 0x802, 0xfffffffc, &(0x7f0000000040)) (async) socket(0x10, 0x2, 0x0) (async) syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) (async) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) (async) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) (async) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r2, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004021}, 0x48000) (async) eventfd2(0x0, 0x0) (async) read$eventfd(r4, &(0x7f0000000000), 0x425d2a24a01617cb) (async) 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) socket$igmp(0x2, 0x3, 0x2) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r3, &(0x7f0000000000), 0x8) 23:51:30 executing program 5: times(&(0x7f0000000000)) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xc0fb5c674c6bb29b) r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x800, 0x0) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$UI_SET_RELBIT(r1, 0x40045566, 0x0) (async) ioctl$UI_BEGIN_FF_UPLOAD(r1, 0xc06855c8, &(0x7f0000000100)={0x2, 0x6, {0x52, 0x200, 0x7, {0x6, 0x401}, {0x5, 0x101}, @cond=[{0x0, 0x5, 0x2, 0x3c2, 0x1000, 0x3}, {0x7670, 0x0, 0x8, 0x3, 0x4, 0x400}]}, {0x6, 0x3f, 0x8001, {}, {0x8000, 0x1ff}, @period={0x5d, 0xa965, 0xfff, 0x6, 0x9, {0x80, 0x3f, 0x4, 0x1000}, 0x1, &(0x7f00000000c0)=[0x6]}}}) (async) ioctl$UI_SET_PHYS(r0, 0x4008556c, &(0x7f0000000080)='syz1\x00') [ 1867.471092] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1867.478785] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1867.486042] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1867.493298] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.500552] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.507830] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000140)=[0x0, 0x0]}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r3, &(0x7f0000000000), 0x8) 23:51:30 executing program 1: socketpair(0x28, 0x802, 0xfffffffc, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r1 = socket(0x10, 0x2, 0x0) r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r2, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x54, r2, 0x0, 0x70bd26, 0x25dfdbfd, {}, [@BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x7f}, @BATADV_ATTR_MULTICAST_FANOUT={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x54}, 0x1, 0x0, 0x0, 0x4004021}, 0x48000) (async) r4 = eventfd2(0x0, 0x0) read$eventfd(r4, &(0x7f0000000000), 0x425d2a24a01617cb) 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r3, &(0x7f0000000000), 0x8) 23:51:30 executing program 2: openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r0, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r1, @ANYRES32=r1], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r2 = ioctl$LOOP_CTL_GET_FREE(r1, 0x4c82) ioctl$LOOP_CTL_REMOVE(r1, 0x4c81, r2) r3 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, 0xa) ioctl$LOOP_CTL_REMOVE(r3, 0x4c81, r2) ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xa) 23:51:30 executing program 4: r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) setsockopt$inet6_icmp_ICMP_FILTER(0xffffffffffffffff, 0x1, 0x1, &(0x7f0000000000)={0x6}, 0x4) ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, 0x0) r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r1, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="c3b4f152", @ANYRES16=r2, @ANYRES32=r2], 0xf4}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040014) r3 = ioctl$LOOP_CTL_GET_FREE(r2, 0x4c82) ioctl$LOOP_CTL_REMOVE(r2, 0x4c81, r3) r4 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, r3) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0xa) ioctl$LOOP_CTL_ADD(r5, 0x4c80, r4) 23:51:30 executing program 5: r0 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r0) sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x38, 0x0, 0x800, 0x70bd25, 0x25dfdbfd, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x30}}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x773e}]}, 0x38}, 0x1, 0x0, 0x0, 0x24008004}, 0x8000) r1 = socket(0x18, 0x0, 0xa7) syz_genetlink_get_family_id$batadv(&(0x7f0000000800), r1) r2 = socket(0x10, 0x2, 0x0) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x38, r3, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}, @BATADV_ATTR_ORIG_ADDRESS={0xa}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}]}, 0x38}}, 0x0) sendmsg$BATADV_CMD_GET_DAT_CACHE(r1, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x1c, r3, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040010}, 0x4004000) bpf$OBJ_GET_PROG(0x7, 0xfffffffffffffffd, 0xfffffffffffffc79) [ 1867.621004] FAULT_INJECTION: forcing a failure. [ 1867.621004] name failslab, interval 1, probability 0, space 0, times 0 [ 1867.670587] CPU: 1 PID: 6824 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1867.678423] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1867.687778] Call Trace: [ 1867.690372] dump_stack+0x1b2/0x281 [ 1867.694008] should_fail.cold+0x10a/0x149 [ 1867.698158] should_failslab+0xd6/0x130 [ 1867.702134] kmem_cache_alloc_trace+0x29a/0x3d0 [ 1867.706801] ? __lock_acquire+0x5fc/0x3f20 [ 1867.711042] device_create_groups_vargs+0x7b/0x250 [ 1867.715972] device_create_vargs+0x3a/0x50 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r2, &(0x7f0000000000), 0x8) [ 1867.720211] bdi_register_va.part.0+0x35/0x650 [ 1867.724799] bdi_register+0x101/0x110 [ 1867.728598] ? bdi_register_va+0x80/0x80 [ 1867.732661] ? vsnprintf+0x260/0x1340 [ 1867.736469] bdi_register_owner+0x59/0xf0 [ 1867.740616] device_add_disk+0x5bb/0xdc0 [ 1867.744679] ? sprintf+0xa7/0xd0 [ 1867.748049] ? blk_alloc_devt+0x310/0x310 [ 1867.752193] ? __lockdep_init_map+0x100/0x560 [ 1867.756692] ? __lockdep_init_map+0x100/0x560 [ 1867.761193] loop_add+0x615/0x830 [ 1867.764645] ? loop_queue_rq+0x280/0x280 23:51:30 executing program 3: r0 = eventfd2(0x0, 0x0) ioctl$KVM_IRQFD(0xffffffffffffffff, 0x4020ae76, &(0x7f0000000040)={r0, 0xb011, 0x2}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000880), 0x208000, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x802, 0x0) read$eventfd(r2, &(0x7f0000000000), 0x8) [ 1867.768709] ? loop_queue_work+0x21e0/0x21e0 [ 1867.773122] loop_control_ioctl+0x11a/0x3f0 [ 1867.777448] ? loop_lookup+0x190/0x190 [ 1867.781337] ? SyS_write+0x1b7/0x210 [ 1867.785052] ? loop_lookup+0x190/0x190 [ 1867.788939] do_vfs_ioctl+0x75a/0xff0 [ 1867.792738] ? lock_acquire+0x170/0x3f0 [ 1867.796715] ? ioctl_preallocate+0x1a0/0x1a0 [ 1867.801123] ? __fget+0x265/0x3e0 [ 1867.804578] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.808546] ? security_file_ioctl+0x83/0xb0 [ 1867.812936] SyS_ioctl+0x7f/0xb0 [ 1867.816278] ? do_vfs_ioctl+0xff0/0xff0 [ 1867.820233] do_syscall_64+0x1d5/0x640 [ 1867.824191] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1867.829462] RIP: 0033:0x7f57bdb1f209 [ 1867.833158] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1867.840851] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1867.848133] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1867.855385] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1867.862635] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1867.869895] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1867.894745] kasan: CONFIG_KASAN_INLINE enabled [ 1867.899675] kasan: GPF could be caused by NULL-ptr deref or user memory access [ 1867.907543] general protection fault: 0000 [#1] PREEMPT SMP KASAN [ 1867.913771] Modules linked in: [ 1867.916941] CPU: 0 PID: 6824 Comm: syz-executor.0 Not tainted 4.14.289-syzkaller #0 [ 1867.924708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/29/2022 [ 1867.934042] task: ffff88807f7cc440 task.stack: ffff8880b0720000 [ 1867.940077] RIP: 0010:sysfs_do_create_link_sd+0x56/0x120 [ 1867.945523] RSP: 0018:ffff8880b0727b48 EFLAGS: 00010202 [ 1867.950863] RAX: dffffc0000000000 RBX: 0000000000000010 RCX: 00000000000067b9 [ 1867.958116] RDX: 0000000000000008 RSI: 0000000000000001 RDI: 0000000000000040 [ 1867.965374] RBP: ffffffff87cbc860 R08: ffffffff8b9d48c8 R09: 00000000000400cc [ 1867.972628] R10: ffff88807f7cccf0 R11: ffff88807f7cc440 R12: ffff8880a1231e00 [ 1867.979879] R13: ffffffff87cbc860 R14: 0000000000000001 R15: ffff88808017975c [ 1867.987134] FS: 00007f57bc494700(0000) GS:ffff8880ba400000(0000) knlGS:0000000000000000 [ 1867.995338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1868.001326] CR2: 0000556ad17cb848 CR3: 00000000a9f4d000 CR4: 00000000003406f0 [ 1868.008624] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1868.015882] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1868.023135] Call Trace: [ 1868.025707] sysfs_create_link+0x5f/0xc0 [ 1868.029782] device_add_disk+0x9f8/0xdc0 [ 1868.033830] ? sprintf+0xa7/0xd0 [ 1868.037179] ? blk_alloc_devt+0x310/0x310 [ 1868.041310] ? __lockdep_init_map+0x100/0x560 [ 1868.045784] ? __lockdep_init_map+0x100/0x560 [ 1868.050261] loop_add+0x615/0x830 [ 1868.053710] ? loop_queue_rq+0x280/0x280 [ 1868.057748] ? loop_queue_work+0x21e0/0x21e0 [ 1868.062133] loop_control_ioctl+0x11a/0x3f0 [ 1868.066436] ? loop_lookup+0x190/0x190 [ 1868.070321] ? SyS_write+0x1b7/0x210 [ 1868.074014] ? loop_lookup+0x190/0x190 [ 1868.077881] do_vfs_ioctl+0x75a/0xff0 [ 1868.081683] ? lock_acquire+0x170/0x3f0 [ 1868.085639] ? ioctl_preallocate+0x1a0/0x1a0 [ 1868.090039] ? __fget+0x265/0x3e0 [ 1868.093493] ? do_vfs_ioctl+0xff0/0xff0 [ 1868.097467] ? security_file_ioctl+0x83/0xb0 [ 1868.101875] SyS_ioctl+0x7f/0xb0 [ 1868.105339] ? do_vfs_ioctl+0xff0/0xff0 [ 1868.109358] do_syscall_64+0x1d5/0x640 [ 1868.113232] entry_SYSCALL_64_after_hwframe+0x46/0xbb [ 1868.118398] RIP: 0033:0x7f57bdb1f209 [ 1868.122087] RSP: 002b:00007f57bc494168 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1868.129820] RAX: ffffffffffffffda RBX: 00007f57bdc31f60 RCX: 00007f57bdb1f209 [ 1868.137068] RDX: 000000000000000a RSI: 0000000000004c80 RDI: 0000000000000003 [ 1868.144345] RBP: 00007f57bc4941d0 R08: 0000000000000000 R09: 0000000000000000 [ 1868.151590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1868.158844] R13: 00007ffc7af5046f R14: 00007f57bc494300 R15: 0000000000022000 [ 1868.166094] Code: 84 a1 00 00 00 e8 9b 5b b1 ff 48 c7 c7 e0 d1 04 89 e8 1f 03 80 05 48 8d 7b 30 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 a7 00 00 00 4c 8b 6b 30 4d 85 ed 74 4f e8 62 [ 1868.185176] RIP: sysfs_do_create_link_sd+0x56/0x120 RSP: ffff8880b0727b48 [ 1868.192137] ---[ end trace 2ad58a5c596f6ad2 ]--- [ 1868.196891] Kernel panic - not syncing: Fatal exception [ 1868.202395] Kernel Offset: disabled [ 1868.206007] Rebooting in 86400 seconds..