NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:23 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
socket$inet_tcp(0x2, 0x1, 0x0) (async)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
vmsplice(r1, &(0x7f0000000300)=[{&(0x7f0000000100)="6fe250d2a936ba015082145c7d070aace024ab69cd430d12e4a4a7e25679aa75cad9a8ff8f509f437ae9f2306077c4afe9f7d51906ad704eb47a83f0a8605d89b25af19c422ac4b344a916b366ec1b912e7105b0e6842b7b55adc070414609959260c8e9657dd068a6e4", 0x6a}, {&(0x7f0000000040)}, {&(0x7f0000000180)="f96477e2aa50da8efe0b42e56e3733fc25a71a66f44709b437a526f856d89a4d68722bff9dc324fda894c0872e462ea57a7ed7167bcf7c2e537cbb1c84417943231d5cc39d0ba08a52cb94e0de2c9be081d4bf5e2718e9e3fc3a6bf7f5957625d77b55555df83a92263908cfdfcce0359c3343badf566de09c00b258635e077505f32551616548268bc6ad01534b6d6acc4cad12e831f483e2642d47e5c6bd0679b10583ca66645ff6c78dd66a98020501bbd8cf6030cc25f75e31812c7fcdee1e6ad8d1cbd419e6fc91f78b6462768f21da2e3bcf79f93acbd33d9819e0d869333fbd807e3952bf1ab8", 0xea}, {&(0x7f0000000280)="a0d26d1c0f0767439fd924b24bb02e2ae225edf42734e79eda26deda2959ddaf99b737a8478ea2df76f28d24d98ce787cf48d74394b5fe31f0eeee8d3d0ba734174ea0fbd8ec9b4a0441e7d2ce7024318379cd9643", 0x55}], 0x4, 0x1) (async)
read$FUSE(r0, 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x280, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r2) (async, rerun: 64)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000000c0)={0x0, 0x20}) (rerun: 64)

18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x7a, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0xd0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  393.178587][T28574] FAULT_INJECTION: forcing a failure.
[  393.178587][T28574] name failslab, interval 1, probability 0, space 0, times 0
[  393.196317][T28574] CPU: 1 PID: 28574 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  393.206583][T28574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  393.206593][T28574] Call Trace:
[  393.219923][T28574]  dump_stack+0x1d8/0x241
[  393.224244][T28574]  ? panic+0x73e/0x73e
[  393.228306][T28574]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  393.234101][T28574]  should_fail+0x709/0x870
[  393.238502][T28574]  ? setup_fault_attr+0x3d0/0x3d0
[  393.243518][T28574]  ? blk_alloc_flush_queue+0x70/0x230
[  393.248873][T28574]  should_failslab+0x5/0x20
[  393.253356][T28574]  kmem_cache_alloc_trace+0x28/0x240
[  393.258613][T28574]  blk_alloc_flush_queue+0x70/0x230
[  393.263788][T28574]  blk_mq_realloc_hw_ctxs+0x8b5/0x1450
[  393.269225][T28574]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[  393.275092][T28574]  ? blk_alloc_queue_node+0x4e7/0x580
[  393.280556][T28574]  blk_mq_init_queue+0x48/0xa0
[  393.285317][T28574]  loop_add+0x256/0x710
[  393.289446][T28574]  ? radix_tree_lookup+0x1c7/0x1d0
[  393.294537][T28574]  loop_control_ioctl+0x564/0x740
[  393.299800][T28574]  ? loop_remove+0xa0/0xa0
[  393.304189][T28574]  ? __lru_cache_add+0x1bf/0x210
[  393.309103][T28574]  ? memset+0x1f/0x40
[  393.313062][T28574]  ? fsnotify+0x1332/0x13f0
[  393.317536][T28574]  ? loop_remove+0xa0/0xa0
[  393.321921][T28574]  do_vfs_ioctl+0x744/0x1730
18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0xe0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:23 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:23 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 30)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:23 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:23 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:23 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x0, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  393.326507][T28574]  ? selinux_file_ioctl+0x723/0x970
[  393.331679][T28574]  ? ioctl_preallocate+0x250/0x250
[  393.336758][T28574]  ? __fget+0x40c/0x4a0
[  393.340884][T28574]  ? fget_many+0x20/0x20
[  393.345099][T28574]  ? check_preemption_disabled+0x154/0x330
[  393.350879][T28574]  ? debug_smp_processor_id+0x20/0x20
[  393.356221][T28574]  ? security_file_ioctl+0x9d/0xb0
[  393.361304][T28574]  __x64_sys_ioctl+0xd4/0x110
[  393.365950][T28574]  do_syscall_64+0xcb/0x1c0
[  393.370436][T28574]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0xff, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0xa, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:23 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
read$FUSE(r0, 0x0, 0x0)

[  393.395089][T28595] FAULT_INJECTION: forcing a failure.
[  393.395089][T28595] name failslab, interval 1, probability 0, space 0, times 0
[  393.410794][T28595] CPU: 1 PID: 28595 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  393.421038][T28595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  393.431077][T28595] Call Trace:
[  393.434362][T28595]  dump_stack+0x1d8/0x241
[  393.438683][T28595]  ? panic+0x73e/0x73e
18:36:23 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x26, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:23 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:23 executing program 2:
ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000000))
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:23 executing program 2:
ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000000)) (async)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

[  393.442743][T28595]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  393.448540][T28595]  should_fail+0x709/0x870
[  393.452948][T28595]  ? setup_fault_attr+0x3d0/0x3d0
[  393.457966][T28595]  ? blk_alloc_flush_queue+0xd0/0x230
[  393.463595][T28595]  should_failslab+0x5/0x20
[  393.468090][T28595]  __kmalloc+0x51/0x2b0
[  393.472233][T28595]  ? blk_alloc_flush_queue+0x70/0x230
[  393.477679][T28595]  blk_alloc_flush_queue+0xd0/0x230
[  393.482867][T28595]  blk_mq_realloc_hw_ctxs+0x8b5/0x1450
[  393.488316][T28595]  blk_mq_init_allocated_queue+0x4d6/0x16c0
[  393.494193][T28595]  ? blk_alloc_queue_node+0x4e7/0x580
[  393.499534][T28595]  blk_mq_init_queue+0x48/0xa0
[  393.504355][T28595]  loop_add+0x256/0x710
[  393.508515][T28595]  ? radix_tree_lookup+0x1c7/0x1d0
[  393.513601][T28595]  loop_control_ioctl+0x564/0x740
[  393.518619][T28595]  ? loop_remove+0xa0/0xa0
[  393.523007][T28595]  ? __lru_cache_add+0x1bf/0x210
[  393.527916][T28595]  ? memset+0x1f/0x40
[  393.531867][T28595]  ? fsnotify+0x1332/0x13f0
[  393.536339][T28595]  ? loop_remove+0xa0/0xa0
[  393.540730][T28595]  do_vfs_ioctl+0x744/0x1730
18:36:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 31)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x29, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 2:
ioctl$KVM_SET_BOOT_CPU_ID(0xffffffffffffffff, 0xae78, &(0x7f0000000000)) (async)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:24 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x0, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x64, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  393.545290][T28595]  ? selinux_file_ioctl+0x723/0x970
[  393.550469][T28595]  ? ioctl_preallocate+0x250/0x250
[  393.555547][T28595]  ? __fget+0x40c/0x4a0
[  393.559669][T28595]  ? fget_many+0x20/0x20
[  393.563890][T28595]  ? check_preemption_disabled+0x154/0x330
[  393.569680][T28595]  ? debug_smp_processor_id+0x20/0x20
[  393.575028][T28595]  ? security_file_ioctl+0x9d/0xb0
[  393.580123][T28595]  __x64_sys_ioctl+0xd4/0x110
[  393.584781][T28595]  do_syscall_64+0xcb/0x1c0
[  393.589252][T28595]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:24 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x0, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:24 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x5f5e0ff, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  393.625798][T28635] FAULT_INJECTION: forcing a failure.
[  393.625798][T28635] name failslab, interval 1, probability 0, space 0, times 0
[  393.645711][T28635] CPU: 0 PID: 28635 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  393.655942][T28635] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  393.665977][T28635] Call Trace:
[  393.669256][T28635]  dump_stack+0x1d8/0x241
[  393.673568][T28635]  ? panic+0x73e/0x73e
[  393.677610][T28635]  ? find_next_and_bit+0x17b/0x1a0
[  393.682688][T28635]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  393.688483][T28635]  ? blk_mq_map_swqueue+0x16f6/0x1850
[  393.693822][T28635]  should_fail+0x709/0x870
[  393.698218][T28635]  ? setup_fault_attr+0x3d0/0x3d0
[  393.703209][T28635]  ? blk_mq_init_allocated_queue+0x1416/0x16c0
[  393.709354][T28635]  ? __alloc_disk_node+0x72/0x380
[  393.714348][T28635]  should_failslab+0x5/0x20
[  393.718822][T28635]  kmem_cache_alloc_trace+0x28/0x240
[  393.724088][T28635]  __alloc_disk_node+0x72/0x380
[  393.728919][T28635]  loop_add+0x323/0x710
[  393.733048][T28635]  loop_control_ioctl+0x564/0x740
[  393.738585][T28635]  ? loop_remove+0xa0/0xa0
[  393.742999][T28635]  ? __lru_cache_add+0x1bf/0x210
[  393.748217][T28635]  ? memset+0x1f/0x40
[  393.752196][T28635]  ? fsnotify+0x1332/0x13f0
[  393.756875][T28635]  ? loop_remove+0xa0/0xa0
[  393.761278][T28635]  do_vfs_ioctl+0x744/0x1730
[  393.765854][T28635]  ? selinux_file_ioctl+0x723/0x970
[  393.771023][T28635]  ? ioctl_preallocate+0x250/0x250
18:36:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 32)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x2, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 2:
r0 = socket$inet(0x2, 0x800, 0x1)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)

18:36:24 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  393.776121][T28635]  ? __fget+0x40c/0x4a0
[  393.780262][T28635]  ? fget_many+0x20/0x20
[  393.784476][T28635]  ? check_preemption_disabled+0x154/0x330
[  393.790249][T28635]  ? debug_smp_processor_id+0x20/0x20
[  393.795587][T28635]  ? security_file_ioctl+0x9d/0xb0
[  393.800668][T28635]  __x64_sys_ioctl+0xd4/0x110
[  393.805324][T28635]  do_syscall_64+0xcb/0x1c0
[  393.809805][T28635]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x3, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 2:
r0 = socket$inet(0x2, 0x800, 0x1)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) (async)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)

18:36:24 executing program 2:
r0 = socket$inet(0x2, 0x800, 0x1)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) (async)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r1, 0x0, 0x0)

18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000100), 0x7, 0x0)
read$FUSE(r0, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x66}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc9a84838399eb4bc}, 0x101)
sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x10, 0x1, 0x0, 0x2, 0x0, 0x70bd2d, 0x25dfdbfb}, 0x10}}, 0x20000000)

18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000100), 0x7, 0x0)
read$FUSE(r0, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x66}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc9a84838399eb4bc}, 0x101)
sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x10, 0x1, 0x0, 0x2, 0x0, 0x70bd2d, 0x25dfdbfb}, 0x10}}, 0x20000000)
syz_open_dev$vcsn(&(0x7f0000000100), 0x7, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
pipe2(&(0x7f0000000000), 0x80) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x66}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc9a84838399eb4bc}, 0x101) (async)
sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x10, 0x1, 0x0, 0x2, 0x0, 0x70bd2d, 0x25dfdbfb}, 0x10}}, 0x20000000) (async)

[  393.837962][T28659] FAULT_INJECTION: forcing a failure.
[  393.837962][T28659] name failslab, interval 1, probability 0, space 0, times 0
[  393.857350][T28659] CPU: 1 PID: 28659 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  393.867590][T28659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  393.877633][T28659] Call Trace:
[  393.880916][T28659]  dump_stack+0x1d8/0x241
18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000100), 0x7, 0x0)
read$FUSE(r0, 0x0, 0x0) (async, rerun: 32)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80) (async, rerun: 32)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x40200, 0x0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r2, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x4c, 0x0, 0x300, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x66}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5, 0x38, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc9a84838399eb4bc}, 0x101)
sendmsg$key(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x10, 0x1, 0x0, 0x2, 0x0, 0x70bd2d, 0x25dfdbfb}, 0x10}}, 0x20000000)

[  393.885241][T28659]  ? panic+0x73e/0x73e
[  393.889304][T28659]  ? pcpu_chunk_refresh_hint+0x828/0x920
[  393.894924][T28659]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  393.900726][T28659]  ? pcpu_chunk_relocate+0x2dd/0x3a0
[  393.906003][T28659]  should_fail+0x709/0x870
[  393.910412][T28659]  ? setup_fault_attr+0x3d0/0x3d0
[  393.915430][T28659]  ? find_next_bit+0xc6/0x110
[  393.920094][T28659]  ? cpumask_next+0xc/0x20
[  393.924484][T28659]  ? disk_expand_part_tbl+0x195/0x3b0
[  393.929825][T28659]  should_failslab+0x5/0x20
[  393.934298][T28659]  __kmalloc+0x51/0x2b0
[  393.938445][T28659]  disk_expand_part_tbl+0x195/0x3b0
[  393.943706][T28659]  __alloc_disk_node+0x10b/0x380
[  393.948616][T28659]  loop_add+0x323/0x710
[  393.953176][T28659]  loop_control_ioctl+0x564/0x740
[  393.958168][T28659]  ? loop_remove+0xa0/0xa0
[  393.962557][T28659]  ? __lru_cache_add+0x1bf/0x210
[  393.967553][T28659]  ? memset+0x1f/0x40
[  393.971519][T28659]  ? fsnotify+0x1332/0x13f0
[  393.975997][T28659]  ? loop_remove+0xa0/0xa0
[  393.980381][T28659]  do_vfs_ioctl+0x744/0x1730
18:36:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 33)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffff7, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="2bed3dd067f6bedaf263357a3ce5acdd8292814606b91c6f02023080b3e6518aa241e5ac8ee238e3fb50044d84567563ab86d22bbd679f8c6b0bbcde6e77b1f07d3f7b172d56abac2d5665326169045fc970ba762e0b3b4f52a9b26916fef320a97c1dd8da2e864d1e05ef08bd3f904c4eb42463eb18292289829e88c6f28101ec0bad88b924ddf38b92cdd45e686cd3df0162da90184dbfd02efbfd6e9db96c175863e299c0b620671e1d4972d0187af6a89d84aad98014dbc6bce788eff8770c7e20d5307d79717bb48da0ed8991692dd7c3d444fa9c011613193bafba02989ab5cb", 0xe3}, {&(0x7f0000000180)="8d32126986a744c7a6b80e74e7c490d8d30f55b9c6af991ba97613aa6238cb987a0b403f010e44ecf82279df43e225501bc3fdcf10264b04ba0d68831d6561bb67f21b739974976e1fa0a314aab1f43f14644dbaf0007c4b97ac2b0bf74d84f16a0797d8ba004835bbdfcd7b448405b6c1cd84ec2e08759674bf7f9ba883f284350844", 0x83}, {&(0x7f0000000240)="1a6dbae8bd84ee9336a1ac79997e68cf113c573ffd5a5e8f01de34d354e9018b26bfc3464a6b32a2269ad005da5f242bb3dcb717f0dbe77bf4d555881f4bf58667b96822234371a6ee56310faddeab61db58b9e1db5f42aed200476a81fabea9e8d6c09ed627cdadda1e91969633181ab13af2ce56adc76d2f6b78a6e2e0c25e37ff05579101f1d2117aa021bee19717dcaa9cffc958300b957339e50d520dff62ffc16ad05cc176e6cb1a9466fee7ca361989a6d91ac2f7b3633c486598e9d44732d9644ed070d3aecca5ab8e5887d5a5972f0a99c7bb4c69a8cb12963a61", 0xdf}, {&(0x7f0000000340)="923bfb3faa2d23b40b97d3bcfa7586cc18e6cc0b4cab7bc390b330ba676bed2273f65100e1ae3d0ef3380a74b923c56bf75d29a2307c766e85a8c99dccec26879f02", 0x42}], 0x4, 0xc)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:24 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  393.984946][T28659]  ? selinux_file_ioctl+0x723/0x970
[  393.990128][T28659]  ? ioctl_preallocate+0x250/0x250
[  393.995225][T28659]  ? __fget+0x40c/0x4a0
[  393.999454][T28659]  ? fget_many+0x20/0x20
[  394.003665][T28659]  ? check_preemption_disabled+0x154/0x330
[  394.009448][T28659]  ? debug_smp_processor_id+0x20/0x20
[  394.014792][T28659]  ? security_file_ioctl+0x9d/0xb0
[  394.019871][T28659]  __x64_sys_ioctl+0xd4/0x110
[  394.024517][T28659]  do_syscall_64+0xcb/0x1c0
[  394.028991][T28659]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x5, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffff7, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="2bed3dd067f6bedaf263357a3ce5acdd8292814606b91c6f02023080b3e6518aa241e5ac8ee238e3fb50044d84567563ab86d22bbd679f8c6b0bbcde6e77b1f07d3f7b172d56abac2d5665326169045fc970ba762e0b3b4f52a9b26916fef320a97c1dd8da2e864d1e05ef08bd3f904c4eb42463eb18292289829e88c6f28101ec0bad88b924ddf38b92cdd45e686cd3df0162da90184dbfd02efbfd6e9db96c175863e299c0b620671e1d4972d0187af6a89d84aad98014dbc6bce788eff8770c7e20d5307d79717bb48da0ed8991692dd7c3d444fa9c011613193bafba02989ab5cb", 0xe3}, {&(0x7f0000000180)="8d32126986a744c7a6b80e74e7c490d8d30f55b9c6af991ba97613aa6238cb987a0b403f010e44ecf82279df43e225501bc3fdcf10264b04ba0d68831d6561bb67f21b739974976e1fa0a314aab1f43f14644dbaf0007c4b97ac2b0bf74d84f16a0797d8ba004835bbdfcd7b448405b6c1cd84ec2e08759674bf7f9ba883f284350844", 0x83}, {&(0x7f0000000240)="1a6dbae8bd84ee9336a1ac79997e68cf113c573ffd5a5e8f01de34d354e9018b26bfc3464a6b32a2269ad005da5f242bb3dcb717f0dbe77bf4d555881f4bf58667b96822234371a6ee56310faddeab61db58b9e1db5f42aed200476a81fabea9e8d6c09ed627cdadda1e91969633181ab13af2ce56adc76d2f6b78a6e2e0c25e37ff05579101f1d2117aa021bee19717dcaa9cffc958300b957339e50d520dff62ffc16ad05cc176e6cb1a9466fee7ca361989a6d91ac2f7b3633c486598e9d44732d9644ed070d3aecca5ab8e5887d5a5972f0a99c7bb4c69a8cb12963a61", 0xdf}, {&(0x7f0000000340)="923bfb3faa2d23b40b97d3bcfa7586cc18e6cc0b4cab7bc390b330ba676bed2273f65100e1ae3d0ef3380a74b923c56bf75d29a2307c766e85a8c99dccec26879f02", 0x42}], 0x4, 0xc)
syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffff7, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="2bed3dd067f6bedaf263357a3ce5acdd8292814606b91c6f02023080b3e6518aa241e5ac8ee238e3fb50044d84567563ab86d22bbd679f8c6b0bbcde6e77b1f07d3f7b172d56abac2d5665326169045fc970ba762e0b3b4f52a9b26916fef320a97c1dd8da2e864d1e05ef08bd3f904c4eb42463eb18292289829e88c6f28101ec0bad88b924ddf38b92cdd45e686cd3df0162da90184dbfd02efbfd6e9db96c175863e299c0b620671e1d4972d0187af6a89d84aad98014dbc6bce788eff8770c7e20d5307d79717bb48da0ed8991692dd7c3d444fa9c011613193bafba02989ab5cb", 0xe3}, {&(0x7f0000000180)="8d32126986a744c7a6b80e74e7c490d8d30f55b9c6af991ba97613aa6238cb987a0b403f010e44ecf82279df43e225501bc3fdcf10264b04ba0d68831d6561bb67f21b739974976e1fa0a314aab1f43f14644dbaf0007c4b97ac2b0bf74d84f16a0797d8ba004835bbdfcd7b448405b6c1cd84ec2e08759674bf7f9ba883f284350844", 0x83}, {&(0x7f0000000240)="1a6dbae8bd84ee9336a1ac79997e68cf113c573ffd5a5e8f01de34d354e9018b26bfc3464a6b32a2269ad005da5f242bb3dcb717f0dbe77bf4d555881f4bf58667b96822234371a6ee56310faddeab61db58b9e1db5f42aed200476a81fabea9e8d6c09ed627cdadda1e91969633181ab13af2ce56adc76d2f6b78a6e2e0c25e37ff05579101f1d2117aa021bee19717dcaa9cffc958300b957339e50d520dff62ffc16ad05cc176e6cb1a9466fee7ca361989a6d91ac2f7b3633c486598e9d44732d9644ed070d3aecca5ab8e5887d5a5972f0a99c7bb4c69a8cb12963a61", 0xdf}, {&(0x7f0000000340)="923bfb3faa2d23b40b97d3bcfa7586cc18e6cc0b4cab7bc390b330ba676bed2273f65100e1ae3d0ef3380a74b923c56bf75d29a2307c766e85a8c99dccec26879f02", 0x42}], 0x4, 0xc) (async)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x8, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.059111][T28696] FAULT_INJECTION: forcing a failure.
[  394.059111][T28696] name failslab, interval 1, probability 0, space 0, times 0
[  394.078718][T28696] CPU: 0 PID: 28696 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  394.088959][T28696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  394.099088][T28696] Call Trace:
[  394.102383][T28696]  dump_stack+0x1d8/0x241
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x9, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.106706][T28696]  ? panic+0x73e/0x73e
[  394.110767][T28696]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  394.116577][T28696]  ? pcpu_chunk_relocate+0xe5/0x3a0
[  394.121764][T28696]  should_fail+0x709/0x870
[  394.126158][T28696]  ? setup_fault_attr+0x3d0/0x3d0
[  394.131262][T28696]  ? find_next_bit+0xc6/0x110
[  394.135911][T28696]  ? cpumask_next+0xc/0x20
[  394.140301][T28696]  ? disk_expand_part_tbl+0x195/0x3b0
[  394.145644][T28696]  should_failslab+0x5/0x20
[  394.150118][T28696]  __kmalloc+0x51/0x2b0
[  394.154245][T28696]  disk_expand_part_tbl+0x195/0x3b0
[  394.159418][T28696]  __alloc_disk_node+0x10b/0x380
[  394.164328][T28696]  loop_add+0x323/0x710
[  394.168458][T28696]  loop_control_ioctl+0x564/0x740
[  394.173455][T28696]  ? loop_remove+0xa0/0xa0
[  394.177843][T28696]  ? __lru_cache_add+0x1bf/0x210
[  394.182757][T28696]  ? memset+0x1f/0x40
[  394.186714][T28696]  ? fsnotify+0x1332/0x13f0
[  394.191187][T28696]  ? loop_remove+0xa0/0xa0
[  394.195572][T28696]  do_vfs_ioctl+0x744/0x1730
[  394.200135][T28696]  ? selinux_file_ioctl+0x723/0x970
18:36:24 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 34)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xa, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffff7, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="2bed3dd067f6bedaf263357a3ce5acdd8292814606b91c6f02023080b3e6518aa241e5ac8ee238e3fb50044d84567563ab86d22bbd679f8c6b0bbcde6e77b1f07d3f7b172d56abac2d5665326169045fc970ba762e0b3b4f52a9b26916fef320a97c1dd8da2e864d1e05ef08bd3f904c4eb42463eb18292289829e88c6f28101ec0bad88b924ddf38b92cdd45e686cd3df0162da90184dbfd02efbfd6e9db96c175863e299c0b620671e1d4972d0187af6a89d84aad98014dbc6bce788eff8770c7e20d5307d79717bb48da0ed8991692dd7c3d444fa9c011613193bafba02989ab5cb", 0xe3}, {&(0x7f0000000180)="8d32126986a744c7a6b80e74e7c490d8d30f55b9c6af991ba97613aa6238cb987a0b403f010e44ecf82279df43e225501bc3fdcf10264b04ba0d68831d6561bb67f21b739974976e1fa0a314aab1f43f14644dbaf0007c4b97ac2b0bf74d84f16a0797d8ba004835bbdfcd7b448405b6c1cd84ec2e08759674bf7f9ba883f284350844", 0x83}, {&(0x7f0000000240)="1a6dbae8bd84ee9336a1ac79997e68cf113c573ffd5a5e8f01de34d354e9018b26bfc3464a6b32a2269ad005da5f242bb3dcb717f0dbe77bf4d555881f4bf58667b96822234371a6ee56310faddeab61db58b9e1db5f42aed200476a81fabea9e8d6c09ed627cdadda1e91969633181ab13af2ce56adc76d2f6b78a6e2e0c25e37ff05579101f1d2117aa021bee19717dcaa9cffc958300b957339e50d520dff62ffc16ad05cc176e6cb1a9466fee7ca361989a6d91ac2f7b3633c486598e9d44732d9644ed070d3aecca5ab8e5887d5a5972f0a99c7bb4c69a8cb12963a61", 0xdf}, {&(0x7f0000000340)="923bfb3faa2d23b40b97d3bcfa7586cc18e6cc0b4cab7bc390b330ba676bed2273f65100e1ae3d0ef3380a74b923c56bf75d29a2307c766e85a8c99dccec26879f02", 0x42}], 0x4, 0xc)
syz_open_dev$vcsn(&(0x7f0000000040), 0xfffffffffffffff7, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000080)="2bed3dd067f6bedaf263357a3ce5acdd8292814606b91c6f02023080b3e6518aa241e5ac8ee238e3fb50044d84567563ab86d22bbd679f8c6b0bbcde6e77b1f07d3f7b172d56abac2d5665326169045fc970ba762e0b3b4f52a9b26916fef320a97c1dd8da2e864d1e05ef08bd3f904c4eb42463eb18292289829e88c6f28101ec0bad88b924ddf38b92cdd45e686cd3df0162da90184dbfd02efbfd6e9db96c175863e299c0b620671e1d4972d0187af6a89d84aad98014dbc6bce788eff8770c7e20d5307d79717bb48da0ed8991692dd7c3d444fa9c011613193bafba02989ab5cb", 0xe3}, {&(0x7f0000000180)="8d32126986a744c7a6b80e74e7c490d8d30f55b9c6af991ba97613aa6238cb987a0b403f010e44ecf82279df43e225501bc3fdcf10264b04ba0d68831d6561bb67f21b739974976e1fa0a314aab1f43f14644dbaf0007c4b97ac2b0bf74d84f16a0797d8ba004835bbdfcd7b448405b6c1cd84ec2e08759674bf7f9ba883f284350844", 0x83}, {&(0x7f0000000240)="1a6dbae8bd84ee9336a1ac79997e68cf113c573ffd5a5e8f01de34d354e9018b26bfc3464a6b32a2269ad005da5f242bb3dcb717f0dbe77bf4d555881f4bf58667b96822234371a6ee56310faddeab61db58b9e1db5f42aed200476a81fabea9e8d6c09ed627cdadda1e91969633181ab13af2ce56adc76d2f6b78a6e2e0c25e37ff05579101f1d2117aa021bee19717dcaa9cffc958300b957339e50d520dff62ffc16ad05cc176e6cb1a9466fee7ca361989a6d91ac2f7b3633c486598e9d44732d9644ed070d3aecca5ab8e5887d5a5972f0a99c7bb4c69a8cb12963a61", 0xdf}, {&(0x7f0000000340)="923bfb3faa2d23b40b97d3bcfa7586cc18e6cc0b4cab7bc390b330ba676bed2273f65100e1ae3d0ef3380a74b923c56bf75d29a2307c766e85a8c99dccec26879f02", 0x42}], 0x4, 0xc) (async)

18:36:24 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:24 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  394.205305][T28696]  ? ioctl_preallocate+0x250/0x250
[  394.210387][T28696]  ? __fget+0x40c/0x4a0
[  394.214518][T28696]  ? fget_many+0x20/0x20
[  394.218731][T28696]  ? check_preemption_disabled+0x154/0x330
[  394.224506][T28696]  ? debug_smp_processor_id+0x20/0x20
[  394.229847][T28696]  ? security_file_ioctl+0x9d/0xb0
[  394.234925][T28696]  __x64_sys_ioctl+0xd4/0x110
[  394.239582][T28696]  do_syscall_64+0xcb/0x1c0
[  394.244073][T28696]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:24 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xb, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xc, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.278153][T28731] FAULT_INJECTION: forcing a failure.
[  394.278153][T28731] name failslab, interval 1, probability 0, space 0, times 0
[  394.293044][T28731] CPU: 0 PID: 28731 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  394.303448][T28731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  394.313486][T28731] Call Trace:
[  394.316759][T28731]  dump_stack+0x1d8/0x241
[  394.321077][T28731]  ? panic+0x73e/0x73e
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.325133][T28731]  ? stack_trace_save+0x200/0x200
[  394.330146][T28731]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  394.335940][T28731]  ? arch_stack_walk+0x114/0x140
[  394.340863][T28731]  should_fail+0x709/0x870
[  394.345260][T28731]  ? setup_fault_attr+0x3d0/0x3d0
[  394.350255][T28731]  ? _raw_spin_unlock_irqrestore+0x57/0x80
[  394.356091][T28731]  ? init_wait_entry+0xd0/0xd0
[  394.360925][T28731]  ? blk_mq_init_tags+0x74/0x290
[  394.365834][T28731]  should_failslab+0x5/0x20
[  394.370323][T28731]  kmem_cache_alloc_trace+0x28/0x240
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xf, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.375601][T28731]  blk_mq_init_tags+0x74/0x290
[  394.380374][T28731]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[  394.385908][T28731]  blk_mq_alloc_rq_map+0x93/0x1a0
[  394.390922][T28731]  blk_mq_init_sched+0x1f2/0xaf0
[  394.395835][T28731]  elevator_init_mq+0x2cd/0x3f0
[  394.400654][T28731]  __device_add_disk+0xf1/0x1200
[  394.405579][T28731]  ? sprintf+0xd6/0x120
[  394.409703][T28731]  ? device_add_disk+0x30/0x30
[  394.414437][T28731]  ? vsprintf+0x30/0x30
[  394.418619][T28731]  ? device_initialize+0x1c7/0x3d0
[  394.423708][T28731]  ? __alloc_disk_node+0x326/0x380
18:36:24 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x10, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.428806][T28731]  loop_add+0x554/0x710
[  394.432945][T28731]  loop_control_ioctl+0x564/0x740
[  394.437942][T28731]  ? loop_remove+0xa0/0xa0
[  394.442328][T28731]  ? __lru_cache_add+0x1bf/0x210
[  394.447243][T28731]  ? memset+0x1f/0x40
[  394.451216][T28731]  ? fsnotify+0x1332/0x13f0
[  394.455706][T28731]  ? loop_remove+0xa0/0xa0
[  394.460092][T28731]  do_vfs_ioctl+0x744/0x1730
[  394.464657][T28731]  ? selinux_file_ioctl+0x723/0x970
[  394.469823][T28731]  ? ioctl_preallocate+0x250/0x250
[  394.474909][T28731]  ? __fget+0x40c/0x4a0
[  394.479035][T28731]  ? fget_many+0x20/0x20
[  394.483249][T28731]  ? check_preemption_disabled+0x154/0x330
[  394.489021][T28731]  ? debug_smp_processor_id+0x20/0x20
[  394.494360][T28731]  ? security_file_ioctl+0x9d/0xb0
[  394.499441][T28731]  __x64_sys_ioctl+0xd4/0x110
[  394.506097][T28731]  do_syscall_64+0xcb/0x1c0
[  394.510610][T28731]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  394.520079][T28731] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x87, 0x101000)

18:36:25 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 35)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:25 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x11, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:25 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
syz_open_dev$vcsn(&(0x7f0000000000), 0x87, 0x101000)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x12, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.537822][T28754] udevd[28754]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x87, 0x101000)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
syz_open_dev$vcsn(&(0x7f0000000000), 0x87, 0x101000) (async)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x17, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x25, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0)
r2 = gettid()
syz_open_procfs$namespace(r2, 0x0)
ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f00000001c0)={r2, 0x0, 0x7f})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
read$FUSE(r0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x4c, r3, 0x20, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x40)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x43, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  394.623876][T28763] FAULT_INJECTION: forcing a failure.
[  394.623876][T28763] name failslab, interval 1, probability 0, space 0, times 0
[  394.637385][T28763] CPU: 1 PID: 28763 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  394.647814][T28763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  394.657872][T28763] Call Trace:
[  394.661158][T28763]  dump_stack+0x1d8/0x241
[  394.665480][T28763]  ? panic+0x73e/0x73e
[  394.669626][T28763]  ? __kasan_kmalloc+0x1a5/0x1e0
[  394.674560][T28763]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  394.680352][T28763]  ? blk_mq_init_tags+0x74/0x290
[  394.685277][T28763]  ? blk_mq_alloc_rq_map+0x93/0x1a0
[  394.690460][T28763]  ? blk_mq_init_sched+0x1f2/0xaf0
[  394.695557][T28763]  ? __device_add_disk+0xf1/0x1200
[  394.700658][T28763]  ? loop_add+0x554/0x710
[  394.704959][T28763]  ? loop_control_ioctl+0x564/0x740
[  394.710139][T28763]  ? do_vfs_ioctl+0x744/0x1730
[  394.714881][T28763]  should_fail+0x709/0x870
[  394.719289][T28763]  ? setup_fault_attr+0x3d0/0x3d0
[  394.724296][T28763]  ? sbitmap_queue_init_node+0x15e/0xf70
[  394.730339][T28763]  should_failslab+0x5/0x20
[  394.734865][T28763]  __kmalloc+0x51/0x2b0
[  394.738998][T28763]  sbitmap_queue_init_node+0x15e/0xf70
[  394.744449][T28763]  ? blk_mq_init_tags+0x74/0x290
[  394.749364][T28763]  blk_mq_init_tags+0xef/0x290
[  394.754108][T28763]  blk_mq_alloc_rq_map+0x93/0x1a0
[  394.759102][T28763]  blk_mq_init_sched+0x1f2/0xaf0
[  394.764019][T28763]  elevator_init_mq+0x2cd/0x3f0
[  394.768842][T28763]  __device_add_disk+0xf1/0x1200
[  394.773749][T28763]  ? sprintf+0xd6/0x120
[  394.777874][T28763]  ? device_add_disk+0x30/0x30
[  394.782605][T28763]  ? vsprintf+0x30/0x30
[  394.786730][T28763]  ? device_initialize+0x1c7/0x3d0
[  394.791807][T28763]  ? __alloc_disk_node+0x326/0x380
[  394.796885][T28763]  loop_add+0x554/0x710
[  394.801031][T28763]  loop_control_ioctl+0x564/0x740
[  394.806027][T28763]  ? loop_remove+0xa0/0xa0
[  394.810412][T28763]  ? __lru_cache_add+0x1bf/0x210
[  394.815336][T28763]  ? memset+0x1f/0x40
[  394.819285][T28763]  ? fsnotify+0x1332/0x13f0
[  394.823754][T28763]  ? loop_remove+0xa0/0xa0
[  394.828156][T28763]  do_vfs_ioctl+0x744/0x1730
[  394.832724][T28763]  ? selinux_file_ioctl+0x723/0x970
[  394.837893][T28763]  ? ioctl_preallocate+0x250/0x250
[  394.842979][T28763]  ? __fget+0x40c/0x4a0
[  394.847101][T28763]  ? fget_many+0x20/0x20
[  394.851320][T28763]  ? check_preemption_disabled+0x154/0x330
[  394.857108][T28763]  ? debug_smp_processor_id+0x20/0x20
[  394.862454][T28763]  ? security_file_ioctl+0x9d/0xb0
[  394.867537][T28763]  __x64_sys_ioctl+0xd4/0x110
[  394.872209][T28763]  do_syscall_64+0xcb/0x1c0
[  394.876686][T28763]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  394.883907][T28763] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:25 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 36)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0) (async)
r2 = gettid()
syz_open_procfs$namespace(r2, 0x0)
ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f00000001c0)={r2, 0x0, 0x7f})
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x4c, r3, 0x20, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x40)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x48, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:25 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  394.936928][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  394.958240][T28790] FAULT_INJECTION: forcing a failure.
[  394.958240][T28790] name failslab, interval 1, probability 0, space 0, times 0
[  394.971871][T28790] CPU: 0 PID: 28790 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  394.985681][T28790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  394.995797][T28790] Call Trace:
[  394.999068][T28790]  dump_stack+0x1d8/0x241
[  395.003381][T28790]  ? panic+0x73e/0x73e
[  395.007425][T28790]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  395.013215][T28790]  should_fail+0x709/0x870
[  395.017604][T28790]  ? setup_fault_attr+0x3d0/0x3d0
[  395.022871][T28790]  ? pcpu_alloc+0xb62/0x1060
[  395.027453][T28790]  ? sbitmap_queue_init_node+0x69c/0xf70
[  395.033155][T28790]  should_failslab+0x5/0x20
[  395.037647][T28790]  kmem_cache_alloc_trace+0x28/0x240
[  395.042909][T28790]  sbitmap_queue_init_node+0x69c/0xf70
[  395.048361][T28790]  blk_mq_init_tags+0xef/0x290
[  395.053097][T28790]  blk_mq_alloc_rq_map+0x93/0x1a0
[  395.058091][T28790]  blk_mq_init_sched+0x1f2/0xaf0
[  395.062999][T28790]  elevator_init_mq+0x2cd/0x3f0
[  395.067842][T28790]  __device_add_disk+0xf1/0x1200
[  395.072758][T28790]  ? sprintf+0xd6/0x120
[  395.076899][T28790]  ? device_add_disk+0x30/0x30
[  395.081657][T28790]  ? vsprintf+0x30/0x30
[  395.085788][T28790]  ? device_initialize+0x1c7/0x3d0
[  395.090870][T28790]  ? __alloc_disk_node+0x326/0x380
[  395.095961][T28790]  loop_add+0x554/0x710
[  395.100090][T28790]  loop_control_ioctl+0x564/0x740
[  395.105081][T28790]  ? loop_remove+0xa0/0xa0
[  395.109470][T28790]  ? __lru_cache_add+0x1bf/0x210
[  395.114390][T28790]  ? memset+0x1f/0x40
[  395.118351][T28790]  ? fsnotify+0x1332/0x13f0
[  395.122828][T28790]  ? loop_remove+0xa0/0xa0
[  395.127223][T28790]  do_vfs_ioctl+0x744/0x1730
[  395.131792][T28790]  ? selinux_file_ioctl+0x723/0x970
[  395.136968][T28790]  ? ioctl_preallocate+0x250/0x250
[  395.142054][T28790]  ? __fget+0x40c/0x4a0
[  395.146185][T28790]  ? fget_many+0x20/0x20
[  395.150406][T28790]  ? check_preemption_disabled+0x154/0x330
[  395.156206][T28790]  ? debug_smp_processor_id+0x20/0x20
[  395.161551][T28790]  ? security_file_ioctl+0x9d/0xb0
[  395.166635][T28790]  __x64_sys_ioctl+0xd4/0x110
[  395.171290][T28790]  do_syscall_64+0xcb/0x1c0
[  395.175776][T28790]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4c, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000100), 0x4000, 0x0)
r2 = gettid()
syz_open_procfs$namespace(r2, 0x0)
ioctl$BINDER_FREEZE(r1, 0x400c620e, &(0x7f00000001c0)={r2, 0x0, 0x7f}) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
read$FUSE(r0, 0x0, 0x0)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0x4c, r3, 0x20, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8800}, 0x40)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x68, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b81070c00000027bd7000fcdbdf25020024650c7baf2761c500000800000000000000040004020000000000000000c4d0453ec7504383c81b1973f100000000080000fdffffffff0000008000000000020013009a0000476feacec41cb29d09c4665287f9f30ff1ce765d050212a5a145f69944a536287dd95ead46c7525bb1d700"/140], 0x60}}, 0x4000000)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6c, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b81070c00000027bd7000fcdbdf25020024650c7baf2761c500000800000000000000040004020000000000000000c4d0453ec7504383c81b1973f100000000080000fdffffffff0000008000000000020013009a0000476feacec41cb29d09c4665287f9f30ff1ce765d050212a5a145f69944a536287dd95ead46c7525bb1d700"/140], 0x60}}, 0x4000000)

[  395.183186][T28790] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:25 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 37)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x74, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x5c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000000), r1) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
sendmsg$key(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="020b81070c00000027bd7000fcdbdf25020024650c7baf2761c500000800000000000000040004020000000000000000c4d0453ec7504383c81b1973f100000000080000fdffffffff0000008000000000020013009a0000476feacec41cb29d09c4665287f9f30ff1ce765d050212a5a145f69944a536287dd95ead46c7525bb1d700"/140], 0x60}}, 0x4000000)

18:36:25 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7a, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:25 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x98, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d8"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  395.234985][T28754] udevd[28754]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  395.274761][T28831] FAULT_INJECTION: forcing a failure.
18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:25 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_delneigh={0x2c, 0x1d, 0x400, 0x70bd25, 0x25dfdbfb, {0x2, 0x0, 0x0, 0x0, 0x10, 0x2, 0x3}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_LINK_NETNSID={0x8, 0xa, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x4000080)
r2 = socket(0x8, 0x3, 0x9)
fcntl$setsig(r2, 0xa, 0xb)
read$FUSE(r0, 0x0, 0x0)

18:36:25 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  395.274761][T28831] name failslab, interval 1, probability 0, space 0, times 0
[  395.293792][T28831] CPU: 1 PID: 28831 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  395.304043][T28831] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  395.304052][T28831] Call Trace:
[  395.317459][T28831]  dump_stack+0x1d8/0x241
[  395.321775][T28831]  ? panic+0x73e/0x73e
[  395.325816][T28831]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  395.331595][T28831]  should_fail+0x709/0x870
[  395.336025][T28831]  ? setup_fault_attr+0x3d0/0x3d0
[  395.341126][T28831]  ? pcpu_alloc+0xb62/0x1060
[  395.345713][T28831]  ? sbitmap_queue_init_node+0x69c/0xf70
[  395.351324][T28831]  should_failslab+0x5/0x20
[  395.355817][T28831]  kmem_cache_alloc_trace+0x28/0x240
[  395.361071][T28831]  sbitmap_queue_init_node+0x69c/0xf70
[  395.366508][T28831]  blk_mq_init_tags+0x153/0x290
[  395.371418][T28831]  blk_mq_alloc_rq_map+0x93/0x1a0
[  395.376412][T28831]  blk_mq_init_sched+0x1f2/0xaf0
[  395.381322][T28831]  elevator_init_mq+0x2cd/0x3f0
[  395.386150][T28831]  __device_add_disk+0xf1/0x1200
[  395.391061][T28831]  ? sprintf+0xd6/0x120
[  395.395191][T28831]  ? device_add_disk+0x30/0x30
[  395.399923][T28831]  ? vsprintf+0x30/0x30
[  395.404059][T28831]  ? device_initialize+0x1c7/0x3d0
[  395.409141][T28831]  ? __alloc_disk_node+0x326/0x380
[  395.414228][T28831]  loop_add+0x554/0x710
[  395.418355][T28831]  loop_control_ioctl+0x564/0x740
[  395.423347][T28831]  ? loop_remove+0xa0/0xa0
[  395.427749][T28831]  ? __lru_cache_add+0x1bf/0x210
[  395.432749][T28831]  ? memset+0x1f/0x40
[  395.436722][T28831]  ? fsnotify+0x1332/0x13f0
[  395.441196][T28831]  ? loop_remove+0xa0/0xa0
[  395.445675][T28831]  do_vfs_ioctl+0x744/0x1730
[  395.450325][T28831]  ? selinux_file_ioctl+0x723/0x970
[  395.455496][T28831]  ? ioctl_preallocate+0x250/0x250
[  395.460580][T28831]  ? __fget+0x40c/0x4a0
[  395.464793][T28831]  ? fget_many+0x20/0x20
[  395.469005][T28831]  ? check_preemption_disabled+0x154/0x330
[  395.474786][T28831]  ? debug_smp_processor_id+0x20/0x20
[  395.480259][T28831]  ? security_file_ioctl+0x9d/0xb0
[  395.485343][T28831]  __x64_sys_ioctl+0xd4/0x110
[  395.489993][T28831]  do_syscall_64+0xcb/0x1c0
[  395.494486][T28831]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  395.500800][T28831] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:26 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 38)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x300, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_delneigh={0x2c, 0x1d, 0x400, 0x70bd25, 0x25dfdbfb, {0x2, 0x0, 0x0, 0x0, 0x10, 0x2, 0x3}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_LINK_NETNSID={0x8, 0xa, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) (async)
r2 = socket(0x8, 0x3, 0x9)
fcntl$setsig(r2, 0xa, 0xb)
read$FUSE(r0, 0x0, 0x0)

18:36:26 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x98, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d8"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:26 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_delneigh={0x2c, 0x1d, 0x400, 0x70bd25, 0x25dfdbfb, {0x2, 0x0, 0x0, 0x0, 0x10, 0x2, 0x3}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_LINK_NETNSID={0x8, 0xa, 0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x810}, 0x4000080) (async)
r2 = socket(0x8, 0x3, 0x9)
fcntl$setsig(r2, 0xa, 0xb) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:26 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x500, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x98, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d8"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  395.534485][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x600, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  395.588280][T28862] FAULT_INJECTION: forcing a failure.
[  395.588280][T28862] name failslab, interval 1, probability 0, space 0, times 0
[  395.605608][T28862] CPU: 0 PID: 28862 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  395.616018][T28862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  395.626078][T28862] Call Trace:
[  395.629344][T28862]  dump_stack+0x1d8/0x241
[  395.633644][T28862]  ? panic+0x73e/0x73e
[  395.637693][T28862]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  395.643479][T28862]  should_fail+0x709/0x870
[  395.647869][T28862]  ? sbitmap_queue_init_node+0x69c/0xf70
[  395.653473][T28862]  ? setup_fault_attr+0x3d0/0x3d0
[  395.658649][T28862]  ? sbitmap_queue_init_node+0xb3d/0xf70
[  395.664274][T28862]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[  395.669457][T28862]  should_failslab+0x5/0x20
[  395.673929][T28862]  __kmalloc+0x51/0x2b0
[  395.678056][T28862]  blk_mq_alloc_rq_map+0xb3/0x1a0
[  395.683051][T28862]  blk_mq_init_sched+0x1f2/0xaf0
[  395.687971][T28862]  elevator_init_mq+0x2cd/0x3f0
[  395.692797][T28862]  __device_add_disk+0xf1/0x1200
[  395.697705][T28862]  ? sprintf+0xd6/0x120
[  395.701846][T28862]  ? device_add_disk+0x30/0x30
[  395.706578][T28862]  ? vsprintf+0x30/0x30
[  395.710795][T28862]  ? device_initialize+0x1c7/0x3d0
[  395.716049][T28862]  ? __alloc_disk_node+0x326/0x380
[  395.721311][T28862]  loop_add+0x554/0x710
[  395.725442][T28862]  loop_control_ioctl+0x564/0x740
[  395.730457][T28862]  ? loop_remove+0xa0/0xa0
[  395.734937][T28862]  ? __lru_cache_add+0x1bf/0x210
[  395.739842][T28862]  ? memset+0x1f/0x40
[  395.743794][T28862]  ? fsnotify+0x1332/0x13f0
[  395.748268][T28862]  ? loop_remove+0xa0/0xa0
[  395.752656][T28862]  do_vfs_ioctl+0x744/0x1730
[  395.757319][T28862]  ? selinux_file_ioctl+0x723/0x970
[  395.762488][T28862]  ? ioctl_preallocate+0x250/0x250
[  395.767793][T28862]  ? __fget+0x40c/0x4a0
[  395.771915][T28862]  ? fget_many+0x20/0x20
[  395.776132][T28862]  ? check_preemption_disabled+0x154/0x330
[  395.781919][T28862]  ? debug_smp_processor_id+0x20/0x20
[  395.787260][T28862]  ? security_file_ioctl+0x9d/0xb0
[  395.792337][T28862]  __x64_sys_ioctl+0xd4/0x110
[  395.796985][T28862]  do_syscall_64+0xcb/0x1c0
[  395.801456][T28862]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  395.807888][T28862] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:26 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 39)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:26 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x700, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x800)
accept4$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x80000)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x430000, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x3, r2})

18:36:26 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855f"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:26 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x188, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x800)
accept4$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x80000)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x430000, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x3, r2})
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x800) (async)
accept4$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x80000) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x430000, 0x0) (async)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x3, r2}) (async)

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x900, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x44, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xa00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x188, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  395.863839][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  395.900688][T28887] FAULT_INJECTION: forcing a failure.
[  395.900688][T28887] name failslab, interval 1, probability 0, space 0, times 0
18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xb00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  395.924682][T28887] CPU: 0 PID: 28887 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  395.934922][T28887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  395.944973][T28887] Call Trace:
[  395.948242][T28887]  dump_stack+0x1d8/0x241
[  395.952558][T28887]  ? panic+0x73e/0x73e
[  395.956601][T28887]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  395.962374][T28887]  should_fail+0x709/0x870
[  395.966773][T28887]  ? setup_fault_attr+0x3d0/0x3d0
[  395.971771][T28887]  ? blk_mq_alloc_rq_map+0xe9/0x1a0
[  395.976938][T28887]  should_failslab+0x5/0x20
[  395.981417][T28887]  __kmalloc+0x51/0x2b0
[  395.985542][T28887]  ? blk_mq_alloc_rq_map+0xb3/0x1a0
[  395.990732][T28887]  blk_mq_alloc_rq_map+0xe9/0x1a0
[  395.995726][T28887]  blk_mq_init_sched+0x1f2/0xaf0
[  396.000632][T28887]  elevator_init_mq+0x2cd/0x3f0
[  396.005451][T28887]  __device_add_disk+0xf1/0x1200
[  396.010368][T28887]  ? sprintf+0xd6/0x120
[  396.014493][T28887]  ? device_add_disk+0x30/0x30
[  396.019224][T28887]  ? vsprintf+0x30/0x30
[  396.023351][T28887]  ? device_initialize+0x1c7/0x3d0
[  396.028603][T28887]  ? __alloc_disk_node+0x326/0x380
[  396.033698][T28887]  loop_add+0x554/0x710
[  396.037826][T28887]  loop_control_ioctl+0x564/0x740
[  396.042818][T28887]  ? loop_remove+0xa0/0xa0
[  396.047202][T28887]  ? __lru_cache_add+0x1bf/0x210
[  396.052125][T28887]  ? memset+0x1f/0x40
[  396.056101][T28887]  ? fsnotify+0x1332/0x13f0
[  396.060576][T28887]  ? loop_remove+0xa0/0xa0
[  396.064960][T28887]  do_vfs_ioctl+0x744/0x1730
[  396.069573][T28887]  ? selinux_file_ioctl+0x723/0x970
[  396.074741][T28887]  ? ioctl_preallocate+0x250/0x250
[  396.079817][T28887]  ? __fget+0x40c/0x4a0
[  396.083942][T28887]  ? fget_many+0x20/0x20
[  396.088151][T28887]  ? check_preemption_disabled+0x154/0x330
[  396.093928][T28887]  ? debug_smp_processor_id+0x20/0x20
[  396.099276][T28887]  ? security_file_ioctl+0x9d/0xb0
[  396.104401][T28887]  __x64_sys_ioctl+0xd4/0x110
[  396.109058][T28887]  do_syscall_64+0xcb/0x1c0
[  396.113535][T28887]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  396.121750][T28887] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:26 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 40)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x800) (async)
accept4$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f0000000100)=0x10, 0x80000) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000040), 0x430000, 0x0)
ioctl$KVM_HYPERV_EVENTFD(r1, 0x4018aebd, &(0x7f0000000080)={0x3, r2})

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xc00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x188, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x188}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855f"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:26 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffffe1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4008005)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000)
socket$igmp(0x2, 0x3, 0x2)

[  396.174817][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  396.204586][T28918] FAULT_INJECTION: forcing a failure.
[  396.204586][T28918] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x1100, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:26 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffffe1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4008005) (async, rerun: 64)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000) (async, rerun: 64)
socket$igmp(0x2, 0x3, 0x2)

18:36:26 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x1200, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  396.218027][T28918] CPU: 0 PID: 28918 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  396.228248][T28918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  396.238288][T28918] Call Trace:
[  396.241568][T28918]  dump_stack+0x1d8/0x241
[  396.245888][T28918]  ? panic+0x73e/0x73e
[  396.249946][T28918]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  396.255742][T28918]  ? sbitmap_queue_init_node+0x69c/0xf70
[  396.261363][T28918]  should_fail+0x709/0x870
[  396.265773][T28918]  ? elevator_init_mq+0x2cd/0x3f0
[  396.270792][T28918]  ? setup_fault_attr+0x3d0/0x3d0
[  396.275799][T28918]  ? elevator_init_mq+0x2cd/0x3f0
[  396.280967][T28918]  ? __device_add_disk+0xf1/0x1200
[  396.286073][T28918]  ? loop_add+0x554/0x710
[  396.290397][T28918]  ? loop_control_ioctl+0x564/0x740
[  396.295586][T28918]  ? do_vfs_ioctl+0x744/0x1730
[  396.300324][T28918]  ? do_syscall_64+0xcb/0x1c0
[  396.304973][T28918]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  396.311359][T28918]  __alloc_pages_nodemask+0x1b6/0x860
[  396.316704][T28918]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  396.322240][T28918]  ? find_next_bit+0xe5/0x110
[  396.326893][T28918]  ? blk_mq_hw_queue_to_node+0xeb/0x100
[  396.332434][T28918]  blk_mq_alloc_rqs+0x252/0x6d0
[  396.337270][T28918]  blk_mq_init_sched+0x256/0xaf0
[  396.342176][T28918]  elevator_init_mq+0x2cd/0x3f0
[  396.346996][T28918]  __device_add_disk+0xf1/0x1200
[  396.351903][T28918]  ? sprintf+0xd6/0x120
[  396.356037][T28918]  ? device_add_disk+0x30/0x30
[  396.360777][T28918]  ? vsprintf+0x30/0x30
[  396.364902][T28918]  ? device_initialize+0x1c7/0x3d0
[  396.369981][T28918]  ? __alloc_disk_node+0x326/0x380
[  396.375075][T28918]  loop_add+0x554/0x710
[  396.379205][T28918]  loop_control_ioctl+0x564/0x740
[  396.384457][T28918]  ? loop_remove+0xa0/0xa0
[  396.388841][T28918]  ? __lru_cache_add+0x1bf/0x210
[  396.393745][T28918]  ? memset+0x1f/0x40
[  396.397720][T28918]  ? fsnotify+0x1332/0x13f0
[  396.402218][T28918]  ? loop_remove+0xa0/0xa0
[  396.406609][T28918]  do_vfs_ioctl+0x744/0x1730
[  396.411167][T28918]  ? selinux_file_ioctl+0x723/0x970
[  396.416339][T28918]  ? ioctl_preallocate+0x250/0x250
[  396.421424][T28918]  ? __fget+0x40c/0x4a0
[  396.425562][T28918]  ? fget_many+0x20/0x20
[  396.429770][T28918]  ? check_preemption_disabled+0x154/0x330
[  396.435558][T28918]  ? debug_smp_processor_id+0x20/0x20
[  396.440911][T28918]  ? security_file_ioctl+0x9d/0xb0
[  396.445989][T28918]  __x64_sys_ioctl+0xd4/0x110
[  396.450722][T28918]  do_syscall_64+0xcb/0x1c0
[  396.455196][T28918]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:27 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 41)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x1700, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x3c, 0x0, 0x20, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0xffffffe1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40}, 0x4008005) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r0, &(0x7f00000001c0)={&(0x7f0000000100), 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x34, 0x0, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5, 0x37, 0x1}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_MULTICAST_FORCEFLOOD_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x4}, 0x8000) (async)
socket$igmp(0x2, 0x3, 0x2)

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x42, 0x4, {'gcm(aes)\x00', 0x1a, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855f"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x2000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab71"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))
read$FUSE(r0, 0x0, 0x0)

[  396.494875][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  396.524755][T28952] FAULT_INJECTION: forcing a failure.
[  396.524755][T28952] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  396.547144][T28952] CPU: 1 PID: 28952 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  396.557408][T28952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  396.567440][T28952] Call Trace:
[  396.570722][T28952]  dump_stack+0x1d8/0x241
[  396.575044][T28952]  ? panic+0x73e/0x73e
[  396.579086][T28952]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  396.584896][T28952]  ? preempt_count_add+0x8d/0x180
[  396.589891][T28952]  should_fail+0x709/0x870
[  396.594287][T28952]  ? setup_fault_attr+0x3d0/0x3d0
[  396.599289][T28952]  __alloc_pages_nodemask+0x1b6/0x860
[  396.604634][T28952]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  396.610148][T28952]  ? find_next_bit+0xe5/0x110
[  396.614801][T28952]  ? memset+0x1f/0x40
[  396.618757][T28952]  blk_mq_alloc_rqs+0x252/0x6d0
[  396.623580][T28952]  blk_mq_init_sched+0x256/0xaf0
[  396.628485][T28952]  elevator_init_mq+0x2cd/0x3f0
[  396.633302][T28952]  __device_add_disk+0xf1/0x1200
[  396.638207][T28952]  ? sprintf+0xd6/0x120
[  396.642329][T28952]  ? device_add_disk+0x30/0x30
[  396.647061][T28952]  ? vsprintf+0x30/0x30
[  396.651193][T28952]  ? device_initialize+0x1c7/0x3d0
[  396.656269][T28952]  ? __alloc_disk_node+0x326/0x380
[  396.661343][T28952]  loop_add+0x554/0x710
[  396.665479][T28952]  loop_control_ioctl+0x564/0x740
[  396.670481][T28952]  ? loop_remove+0xa0/0xa0
[  396.674884][T28952]  ? __lru_cache_add+0x1bf/0x210
[  396.679801][T28952]  ? memset+0x1f/0x40
[  396.683841][T28952]  ? fsnotify+0x1332/0x13f0
[  396.688319][T28952]  ? loop_remove+0xa0/0xa0
[  396.692710][T28952]  do_vfs_ioctl+0x744/0x1730
18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)) (async)
read$FUSE(r0, 0x0, 0x0) (async)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x2500, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
fcntl$getownex(r0, 0x10, &(0x7f0000000000)) (async)
read$FUSE(r0, 0x0, 0x0) (async)

[  396.697272][T28952]  ? selinux_file_ioctl+0x723/0x970
[  396.702441][T28952]  ? ioctl_preallocate+0x250/0x250
[  396.707523][T28952]  ? __fget+0x40c/0x4a0
[  396.711649][T28952]  ? fget_many+0x20/0x20
[  396.715875][T28952]  ? check_preemption_disabled+0x154/0x330
[  396.721648][T28952]  ? debug_smp_processor_id+0x20/0x20
[  396.726991][T28952]  ? security_file_ioctl+0x9d/0xb0
[  396.732074][T28952]  __x64_sys_ioctl+0xd4/0x110
[  396.736722][T28952]  do_syscall_64+0xcb/0x1c0
[  396.741196][T28952]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:27 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 42)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x802)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab71"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x802)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4300, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x802)
read$FUSE(r0, 0x0, 0x0)

[  396.774933][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  396.803229][T28984] FAULT_INJECTION: forcing a failure.
[  396.803229][T28984] name fail_page_alloc, interval 1, probability 0, space 0, times 0
18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
open_tree(r0, &(0x7f0000000080)='./file0\x00', 0x1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, &(0x7f0000000100))
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x3, 0x3, 0xb, 0x80, r1, 0x7, '\x00', r3, r0, 0x4, 0x4, 0x3}, 0x48)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
open_tree(r0, &(0x7f0000000080)='./file0\x00', 0x1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, &(0x7f0000000100))
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x3, 0x3, 0xb, 0x80, r1, 0x7, '\x00', r3, r0, 0x4, 0x4, 0x3}, 0x48)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
open_tree(r0, &(0x7f0000000080)='./file0\x00', 0x1) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
ioctl$BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, &(0x7f0000000100)) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00'}) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x3, 0x3, 0xb, 0x80, r1, 0x7, '\x00', r3, r0, 0x4, 0x4, 0x3}, 0x48) (async)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
open_tree(r0, &(0x7f0000000080)='./file0\x00', 0x1) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(r2, 0xc00c6211, &(0x7f0000000100)) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r3=>0x0})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xd, 0x3, 0x3, 0xb, 0x80, r1, 0x7, '\x00', r3, r0, 0x4, 0x4, 0x3}, 0x48)

[  396.821922][T28984] CPU: 1 PID: 28984 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  396.832240][T28984] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  396.842291][T28984] Call Trace:
[  396.845575][T28984]  dump_stack+0x1d8/0x241
[  396.849895][T28984]  ? panic+0x73e/0x73e
[  396.853946][T28984]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  396.859733][T28984]  ? preempt_count_add+0x8d/0x180
[  396.864744][T28984]  should_fail+0x709/0x870
[  396.869142][T28984]  ? setup_fault_attr+0x3d0/0x3d0
[  396.874136][T28984]  __alloc_pages_nodemask+0x1b6/0x860
[  396.879477][T28984]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  396.885001][T28984]  ? find_next_bit+0xe5/0x110
[  396.889664][T28984]  ? memset+0x1f/0x40
[  396.893644][T28984]  blk_mq_alloc_rqs+0x252/0x6d0
[  396.898464][T28984]  blk_mq_init_sched+0x256/0xaf0
[  396.903372][T28984]  elevator_init_mq+0x2cd/0x3f0
[  396.908207][T28984]  __device_add_disk+0xf1/0x1200
[  396.913112][T28984]  ? sprintf+0xd6/0x120
[  396.917234][T28984]  ? device_add_disk+0x30/0x30
[  396.921964][T28984]  ? vsprintf+0x30/0x30
[  396.926100][T28984]  ? device_initialize+0x1c7/0x3d0
[  396.931176][T28984]  ? __alloc_disk_node+0x326/0x380
[  396.936254][T28984]  loop_add+0x554/0x710
[  396.940377][T28984]  loop_control_ioctl+0x564/0x740
[  396.945368][T28984]  ? loop_remove+0xa0/0xa0
[  396.949753][T28984]  ? __lru_cache_add+0x1bf/0x210
[  396.954657][T28984]  ? memset+0x1f/0x40
[  396.958606][T28984]  ? fsnotify+0x1332/0x13f0
[  396.963077][T28984]  ? loop_remove+0xa0/0xa0
[  396.967462][T28984]  do_vfs_ioctl+0x744/0x1730
[  396.972023][T28984]  ? selinux_file_ioctl+0x723/0x970
[  396.977189][T28984]  ? ioctl_preallocate+0x250/0x250
[  396.982268][T28984]  ? __fget+0x40c/0x4a0
[  396.986392][T28984]  ? fget_many+0x20/0x20
[  396.990608][T28984]  ? check_preemption_disabled+0x154/0x330
[  396.996402][T28984]  ? debug_smp_processor_id+0x20/0x20
[  397.001742][T28984]  ? security_file_ioctl+0x9d/0xb0
[  397.006836][T28984]  __x64_sys_ioctl+0xd4/0x110
[  397.011486][T28984]  do_syscall_64+0xcb/0x1c0
[  397.015975][T28984]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:27 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 43)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x101000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x140, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)=@ccm_128={{0x303}, "d2104650d85c40fa", "2d25181ab5bf3d0000c6f1f734c900", "e700", "ababfa78cda1a1bb"}, 0xfffffd10)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4800, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x45, 0x4, {'gcm(aes)\x00', 0x1d, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab71"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x101000)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x140, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)=@ccm_128={{0x303}, "d2104650d85c40fa", "2d25181ab5bf3d0000c6f1f734c900", "e700", "ababfa78cda1a1bb"}, 0xfffffd10)
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x101000) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x140, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)=@ccm_128={{0x303}, "d2104650d85c40fa", "2d25181ab5bf3d0000c6f1f734c900", "e700", "ababfa78cda1a1bb"}, 0xfffffd10) (async)
read$FUSE(r0, 0x0, 0x0) (async)

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c3"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  397.064739][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4c00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x101000) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x140, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
setsockopt$inet_tcp_TLS_RX(r2, 0x6, 0x2, &(0x7f0000000040)=@ccm_128={{0x303}, "d2104650d85c40fa", "2d25181ab5bf3d0000c6f1f734c900", "e700", "ababfa78cda1a1bb"}, 0xfffffd10) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6800, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  397.108025][T29028] FAULT_INJECTION: forcing a failure.
[  397.108025][T29028] name failslab, interval 1, probability 0, space 0, times 0
[  397.121369][T29028] CPU: 1 PID: 29028 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  397.131595][T29028] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  397.141631][T29028] Call Trace:
[  397.144912][T29028]  dump_stack+0x1d8/0x241
[  397.149235][T29028]  ? panic+0x73e/0x73e
[  397.153308][T29028]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  397.159095][T29028]  should_fail+0x709/0x870
[  397.163490][T29028]  ? setup_fault_attr+0x3d0/0x3d0
[  397.168505][T29028]  ? dd_init_queue+0x69/0x330
[  397.173147][T29028]  should_failslab+0x5/0x20
[  397.177615][T29028]  kmem_cache_alloc_trace+0x28/0x240
[  397.182875][T29028]  dd_init_queue+0x69/0x330
[  397.187353][T29028]  blk_mq_init_sched+0x45c/0xaf0
[  397.192259][T29028]  elevator_init_mq+0x2cd/0x3f0
[  397.197077][T29028]  __device_add_disk+0xf1/0x1200
[  397.201984][T29028]  ? sprintf+0xd6/0x120
[  397.206107][T29028]  ? device_add_disk+0x30/0x30
[  397.210838][T29028]  ? vsprintf+0x30/0x30
[  397.214979][T29028]  ? device_initialize+0x1c7/0x3d0
[  397.220059][T29028]  ? __alloc_disk_node+0x326/0x380
[  397.225145][T29028]  loop_add+0x554/0x710
[  397.229270][T29028]  loop_control_ioctl+0x564/0x740
[  397.234261][T29028]  ? loop_remove+0xa0/0xa0
[  397.238646][T29028]  ? __lru_cache_add+0x1bf/0x210
[  397.243553][T29028]  ? memset+0x1f/0x40
[  397.247509][T29028]  ? fsnotify+0x1332/0x13f0
[  397.252004][T29028]  ? loop_remove+0xa0/0xa0
[  397.256393][T29028]  do_vfs_ioctl+0x744/0x1730
[  397.260962][T29028]  ? selinux_file_ioctl+0x723/0x970
[  397.266128][T29028]  ? ioctl_preallocate+0x250/0x250
[  397.271217][T29028]  ? __fget+0x40c/0x4a0
[  397.275348][T29028]  ? fget_many+0x20/0x20
[  397.279560][T29028]  ? check_preemption_disabled+0x154/0x330
[  397.285353][T29028]  ? debug_smp_processor_id+0x20/0x20
[  397.290784][T29028]  ? security_file_ioctl+0x9d/0xb0
[  397.295869][T29028]  __x64_sys_ioctl+0xd4/0x110
[  397.300515][T29028]  do_syscall_64+0xcb/0x1c0
[  397.304990][T29028]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  397.312116][T29028] "mq-deadline" elevator initialization failed, falling back to "none"
18:36:27 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 44)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6c00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x4000)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c3"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:27 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x47, 0x4, {'gcm(aes)\x00', 0x1f, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c3"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x4000)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7400, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  397.364414][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  397.400371][T29064] FAULT_INJECTION: forcing a failure.
[  397.400371][T29064] name failslab, interval 1, probability 0, space 0, times 0
18:36:27 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x4000)
read$FUSE(r0, 0x0, 0x0)

18:36:27 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7a00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  397.419826][T29064] CPU: 0 PID: 29064 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  397.430059][T29064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  397.440096][T29064] Call Trace:
[  397.443377][T29064]  dump_stack+0x1d8/0x241
[  397.447698][T29064]  ? panic+0x73e/0x73e
[  397.451753][T29064]  ? _raw_spin_lock+0xa3/0x1b0
[  397.456497][T29064]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  397.462272][T29064]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  397.468305][T29064]  ? check_preemption_disabled+0x9e/0x330
[  397.473998][T29064]  should_fail+0x709/0x870
[  397.478558][T29064]  ? setup_fault_attr+0x3d0/0x3d0
[  397.483564][T29064]  ? device_create_vargs+0x7d/0x210
[  397.488735][T29064]  should_failslab+0x5/0x20
[  397.493204][T29064]  kmem_cache_alloc_trace+0x28/0x240
[  397.498459][T29064]  device_create_vargs+0x7d/0x210
[  397.503485][T29064]  device_create+0xea/0x130
[  397.507960][T29064]  ? device_create_vargs+0x210/0x210
[  397.513219][T29064]  ? rcu_read_unlock_special+0x10b/0x560
[  397.518830][T29064]  bdi_register_va+0x89/0x5e0
[  397.523475][T29064]  bdi_register+0xd1/0x120
[  397.527860][T29064]  ? __device_add_disk+0x539/0x1200
[  397.533026][T29064]  ? bdi_register_va+0x5e0/0x5e0
[  397.537930][T29064]  ? percpu_ref_resurrect+0x113/0x190
[  397.543272][T29064]  bdi_register_owner+0x56/0xf0
[  397.548091][T29064]  __device_add_disk+0x5b8/0x1200
[  397.553087][T29064]  ? device_add_disk+0x30/0x30
[  397.557816][T29064]  ? vsprintf+0x30/0x30
[  397.561953][T29064]  ? device_initialize+0x1c7/0x3d0
[  397.567036][T29064]  ? __alloc_disk_node+0x326/0x380
[  397.572122][T29064]  loop_add+0x554/0x710
[  397.576244][T29064]  loop_control_ioctl+0x564/0x740
[  397.581235][T29064]  ? loop_remove+0xa0/0xa0
[  397.585618][T29064]  ? __lru_cache_add+0x1bf/0x210
[  397.590522][T29064]  ? memset+0x1f/0x40
[  397.594489][T29064]  ? fsnotify+0x1332/0x13f0
[  397.598958][T29064]  ? loop_remove+0xa0/0xa0
[  397.603342][T29064]  do_vfs_ioctl+0x744/0x1730
[  397.607905][T29064]  ? selinux_file_ioctl+0x723/0x970
[  397.613071][T29064]  ? ioctl_preallocate+0x250/0x250
[  397.618149][T29064]  ? __fget+0x40c/0x4a0
[  397.622269][T29064]  ? fget_many+0x20/0x20
[  397.626479][T29064]  ? check_preemption_disabled+0x154/0x330
[  397.632251][T29064]  ? debug_smp_processor_id+0x20/0x20
[  397.637590][T29064]  ? security_file_ioctl+0x9d/0xb0
[  397.642672][T29064]  __x64_sys_ioctl+0xd4/0x110
[  397.647322][T29064]  do_syscall_64+0xcb/0x1c0
[  397.651796][T29064]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  397.658903][T29064] ------------[ cut here ]------------
[  397.664732][T29064] WARNING: CPU: 0 PID: 29064 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  397.673798][T29064] Modules linked in:
[  397.677664][T29064] CPU: 0 PID: 29064 Comm: syz-executor.3 Not tainted 5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  397.687870][T29064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  397.697904][T29064] RIP: 0010:__device_add_disk+0xe83/0x1200
[  397.703677][T29064] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  397.723251][T29064] RSP: 0018:ffff8881cba97a00 EFLAGS: 00010246
[  397.729283][T29064] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  397.737220][T29064] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  397.745160][T29064] RBP: ffff8881cba97b40 R08: ffffffff821fdb73 R09: fffffbfff0bac49b
[  397.753114][T29064] R10: fffffbfff0bac49b R11: 1ffffffff0bac49a R12: ffff8881f39ea000
[  397.761053][T29064] R13: dffffc0000000000 R14: ffff8881f39ea070 R15: 1ffff1103e73d49d
[  397.768993][T29064] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  397.777894][T29064] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  397.784449][T29064] CR2: 00007ff61b829718 CR3: 00000001e304f000 CR4: 00000000003406f0
[  397.792391][T29064] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  397.800339][T29064] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  397.808277][T29064] Call Trace:
[  397.811539][T29064]  ? device_add_disk+0x30/0x30
[  397.816284][T29064]  ? vsprintf+0x30/0x30
[  397.820419][T29064]  ? device_initialize+0x1c7/0x3d0
[  397.825525][T29064]  ? __alloc_disk_node+0x326/0x380
[  397.830615][T29064]  loop_add+0x554/0x710
[  397.834750][T29064]  loop_control_ioctl+0x564/0x740
[  397.839745][T29064]  ? loop_remove+0xa0/0xa0
[  397.844132][T29064]  ? __lru_cache_add+0x1bf/0x210
[  397.849040][T29064]  ? memset+0x1f/0x40
[  397.852988][T29064]  ? fsnotify+0x1332/0x13f0
[  397.857461][T29064]  ? loop_remove+0xa0/0xa0
[  397.861847][T29064]  do_vfs_ioctl+0x744/0x1730
[  397.866412][T29064]  ? selinux_file_ioctl+0x723/0x970
[  397.871588][T29064]  ? ioctl_preallocate+0x250/0x250
[  397.876672][T29064]  ? __fget+0x40c/0x4a0
[  397.880797][T29064]  ? fget_many+0x20/0x20
[  397.885006][T29064]  ? check_preemption_disabled+0x154/0x330
[  397.890793][T29064]  ? debug_smp_processor_id+0x20/0x20
[  397.896132][T29064]  ? security_file_ioctl+0x9d/0xb0
[  397.901211][T29064]  __x64_sys_ioctl+0xd4/0x110
[  397.905855][T29064]  do_syscall_64+0xcb/0x1c0
[  397.910330][T29064]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  397.916187][T29064] ---[ end trace 25474f664d9331e4 ]---
18:36:28 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 45)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:28 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000400), 0x5, 0x200)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x800)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0xa, &(0x7f0000000440)=ANY=[@ANYBLOB="e7000000d4e6d430000000001f000000c0584000120000001815000040b37f83b43e92e62d37b6725894e30c29af3d1317d1c72cf1596b09d51ab4b55ee9332d0473551d66ae0fc841e14ed97d8643699b13800f60932ce579eed80a37b6e8fb100a9607001d52e525bf7d6a55941ebeb36adfe9e127f361b2777baa268fc256138632ceed7d4ddcf429492ab4516dc00701404ecafea5177d4da8ce27d9ddbb9ac8979a709ffaff59a09f078b35b2e082dc6785d5f928d1a4d449eb226984ca58ab142bf22cb6d0b2c9d255e72a5c7b364f14ca92aaed43af1901", @ANYRES32=r1, @ANYBLOB="00000000000000006576ce5efcffffff8520000002000000d5372000040000007fa50300000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0xe8, &(0x7f00000001c0)=""/232, 0x41000, 0x1c, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000002c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xa, 0x2, 0x7f}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r0, r0, r3]}, 0x80)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
accept4$inet(r4, &(0x7f0000000000)={0x2, 0x0, @dev}, &(0x7f0000000040)=0x10, 0x800)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x6, 0x0)
ioctl$USBDEVFS_REAPURB(r5, 0x4008550c, &(0x7f00000000c0))
read$FUSE(r0, 0x0, 0x0)

18:36:28 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:28 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:28 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:28 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x16c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x58, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:28 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:28 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:28 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe0ff, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:28 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x16c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x58, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:28 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
r2 = syz_open_dev$vcsn(&(0x7f0000000400), 0x5, 0x200)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x800) (async)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0) (async)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0xa, &(0x7f0000000440)=ANY=[@ANYBLOB="e7000000d4e6d430000000001f000000c0584000120000001815000040b37f83b43e92e62d37b6725894e30c29af3d1317d1c72cf1596b09d51ab4b55ee9332d0473551d66ae0fc841e14ed97d8643699b13800f60932ce579eed80a37b6e8fb100a9607001d52e525bf7d6a55941ebeb36adfe9e127f361b2777baa268fc256138632ceed7d4ddcf429492ab4516dc00701404ecafea5177d4da8ce27d9ddbb9ac8979a709ffaff59a09f078b35b2e082dc6785d5f928d1a4d449eb226984ca58ab142bf22cb6d0b2c9d255e72a5c7b364f14ca92aaed43af1901", @ANYRES32=r1, @ANYBLOB="00000000000000006576ce5efcffffff8520000002000000d5372000040000007fa50300000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0xe8, &(0x7f00000001c0)=""/232, 0x41000, 0x1c, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000002c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xa, 0x2, 0x7f}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r0, r0, r3]}, 0x80)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0) (async)
accept4$inet(r4, &(0x7f0000000000)={0x2, 0x0, @dev}, &(0x7f0000000040)=0x10, 0x800) (async)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x6, 0x0)
ioctl$USBDEVFS_REAPURB(r5, 0x4008550c, &(0x7f00000000c0)) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:28 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xffe0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  398.012179][T29091] FAULT_INJECTION: forcing a failure.
[  398.012179][T29091] name failslab, interval 1, probability 0, space 0, times 0
[  398.031273][T29091] CPU: 0 PID: 29091 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  398.042903][T29091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  398.053055][T29091] Call Trace:
[  398.056333][T29091]  dump_stack+0x1d8/0x241
[  398.060648][T29091]  ? panic+0x73e/0x73e
[  398.064688][T29091]  ? bdi_register_va+0x89/0x5e0
[  398.069517][T29091]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  398.075304][T29091]  ? loop_add+0x554/0x710
[  398.079602][T29091]  ? do_vfs_ioctl+0x744/0x1730
[  398.084351][T29091]  ? __x64_sys_ioctl+0xd4/0x110
[  398.089172][T29091]  ? do_syscall_64+0xcb/0x1c0
[  398.093826][T29091]  should_fail+0x709/0x870
[  398.098230][T29091]  ? setup_fault_attr+0x3d0/0x3d0
[  398.103242][T29091]  ? _raw_spin_lock+0x1b0/0x1b0
[  398.108076][T29091]  ? memset+0x1f/0x40
[  398.112028][T29091]  ? kobject_set_name_vargs+0x5d/0x110
[  398.117454][T29091]  should_failslab+0x5/0x20
[  398.121923][T29091]  __kmalloc_track_caller+0x4f/0x280
[  398.127177][T29091]  kstrdup_const+0x51/0x90
[  398.131558][T29091]  kobject_set_name_vargs+0x5d/0x110
[  398.136814][T29091]  device_create_vargs+0x182/0x210
[  398.141902][T29091]  device_create+0xea/0x130
[  398.146378][T29091]  ? device_create_vargs+0x210/0x210
[  398.151640][T29091]  bdi_register_va+0x89/0x5e0
[  398.156290][T29091]  bdi_register+0xd1/0x120
[  398.160678][T29091]  ? __device_add_disk+0x539/0x1200
[  398.165842][T29091]  ? bdi_register_va+0x5e0/0x5e0
[  398.170746][T29091]  ? percpu_ref_resurrect+0x113/0x190
[  398.176094][T29091]  bdi_register_owner+0x56/0xf0
[  398.180913][T29091]  __device_add_disk+0x5b8/0x1200
[  398.185913][T29091]  ? device_add_disk+0x30/0x30
[  398.190642][T29091]  ? vsprintf+0x30/0x30
[  398.194764][T29091]  ? device_initialize+0x1c7/0x3d0
[  398.199842][T29091]  ? __alloc_disk_node+0x326/0x380
[  398.204920][T29091]  loop_add+0x554/0x710
[  398.209043][T29091]  loop_control_ioctl+0x564/0x740
[  398.214032][T29091]  ? loop_remove+0xa0/0xa0
[  398.218425][T29091]  ? __lru_cache_add+0x1bf/0x210
[  398.223418][T29091]  ? memset+0x1f/0x40
[  398.227379][T29091]  ? fsnotify+0x1332/0x13f0
[  398.231849][T29091]  ? loop_remove+0xa0/0xa0
[  398.236237][T29091]  do_vfs_ioctl+0x744/0x1730
[  398.240812][T29091]  ? selinux_file_ioctl+0x723/0x970
[  398.245977][T29091]  ? ioctl_preallocate+0x250/0x250
[  398.251928][T29091]  ? __fget+0x40c/0x4a0
[  398.256049][T29091]  ? fget_many+0x20/0x20
[  398.260358][T29091]  ? check_preemption_disabled+0x154/0x330
[  398.266128][T29091]  ? debug_smp_processor_id+0x20/0x20
[  398.271474][T29091]  ? security_file_ioctl+0x9d/0xb0
[  398.276689][T29091]  __x64_sys_ioctl+0xd4/0x110
[  398.281337][T29091]  do_syscall_64+0xcb/0x1c0
[  398.285814][T29091]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  398.292645][T29091] ------------[ cut here ]------------
[  398.298114][T29091] WARNING: CPU: 0 PID: 29091 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  398.307469][T29091] Modules linked in:
[  398.311337][T29091] CPU: 0 PID: 29091 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  398.322929][T29091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  398.332968][T29091] RIP: 0010:__device_add_disk+0xe83/0x1200
[  398.338742][T29091] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  398.358421][T29091] RSP: 0018:ffff8881d250fa00 EFLAGS: 00010246
[  398.364455][T29091] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  398.372394][T29091] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  398.380330][T29091] RBP: ffff8881d250fb40 R08: ffffffff821fdb73 R09: 0000000000000003
[  398.388274][T29091] R10: ffffed103a4a1e51 R11: 1ffff1103a4a1e50 R12: ffff8881ca8e9000
[  398.396227][T29091] R13: dffffc0000000000 R14: ffff8881ca8e9070 R15: 1ffff1103951d29d
[  398.404179][T29091] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  398.413079][T29091] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  398.419632][T29091] CR2: 00007fc14c10a718 CR3: 00000001f43e4000 CR4: 00000000003406f0
[  398.427580][T29091] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  398.435537][T29091] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  398.443479][T29091] Call Trace:
[  398.446744][T29091]  ? device_add_disk+0x30/0x30
[  398.451473][T29091]  ? vsprintf+0x30/0x30
[  398.455602][T29091]  ? device_initialize+0x1c7/0x3d0
[  398.460688][T29091]  ? __alloc_disk_node+0x326/0x380
[  398.465780][T29091]  loop_add+0x554/0x710
[  398.469904][T29091]  loop_control_ioctl+0x564/0x740
[  398.474896][T29091]  ? loop_remove+0xa0/0xa0
[  398.479279][T29091]  ? __lru_cache_add+0x1bf/0x210
[  398.484192][T29091]  ? memset+0x1f/0x40
[  398.488167][T29091]  ? fsnotify+0x1332/0x13f0
[  398.492657][T29091]  ? loop_remove+0xa0/0xa0
[  398.497046][T29091]  do_vfs_ioctl+0x744/0x1730
[  398.501610][T29091]  ? selinux_file_ioctl+0x723/0x970
[  398.506776][T29091]  ? ioctl_preallocate+0x250/0x250
18:36:29 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 46)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xfffff, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000400), 0x5, 0x200)
ioctl$KVM_GET_NR_MMU_PAGES(r2, 0xae45, 0x800)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x1b, 0xa, &(0x7f0000000440)=ANY=[@ANYBLOB="e7000000d4e6d430000000001f000000c0584000120000001815000040b37f83b43e92e62d37b6725894e30c29af3d1317d1c72cf1596b09d51ab4b55ee9332d0473551d66ae0fc841e14ed97d8643699b13800f60932ce579eed80a37b6e8fb100a9607001d52e525bf7d6a55941ebeb36adfe9e127f361b2777baa268fc256138632ceed7d4ddcf429492ab4516dc00701404ecafea5177d4da8ce27d9ddbb9ac8979a709ffaff59a09f078b35b2e082dc6785d5f928d1a4d449eb226984ca58ab142bf22cb6d0b2c9d255e72a5c7b364f14ca92aaed43af1901", @ANYRES32=r1, @ANYBLOB="00000000000000006576ce5efcffffff8520000002000000d5372000040000007fa50300000000009500000000000000"], &(0x7f0000000180)='syzkaller\x00', 0x8, 0xe8, &(0x7f00000001c0)=""/232, 0x41000, 0x1c, '\x00', 0x0, 0x25, r0, 0x8, &(0x7f00000002c0)={0x9, 0x5}, 0x8, 0x10, &(0x7f0000000300)={0x4, 0xa, 0x2, 0x7f}, 0x10, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000340)=[r0, r0, r3]}, 0x80) (async)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0) (async, rerun: 32)
accept4$inet(r4, &(0x7f0000000000)={0x2, 0x0, @dev}, &(0x7f0000000040)=0x10, 0x800) (async, rerun: 32)
r5 = syz_open_dev$usbfs(&(0x7f0000000080), 0x6, 0x0)
ioctl$USBDEVFS_REAPURB(r5, 0x4008550c, &(0x7f00000000c0)) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:29 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:29 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  398.511858][T29091]  ? __fget+0x40c/0x4a0
[  398.515979][T29091]  ? fget_many+0x20/0x20
[  398.520191][T29091]  ? check_preemption_disabled+0x154/0x330
[  398.525977][T29091]  ? debug_smp_processor_id+0x20/0x20
[  398.531320][T29091]  ? security_file_ioctl+0x9d/0xb0
[  398.536534][T29091]  __x64_sys_ioctl+0xd4/0x110
[  398.541186][T29091]  do_syscall_64+0xcb/0x1c0
[  398.545664][T29091]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  398.551540][T29091] ---[ end trace 25474f664d9331e5 ]---
18:36:29 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x16c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x58, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x16c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:29 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:29 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1a8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x94, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "bb1157bff72c211765653f2de608ca6af603c578"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x100000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
read$FUSE(r1, 0x0, 0x63)
tee(r0, r1, 0x1, 0x4)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x400000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
read$FUSE(r1, 0x0, 0x63) (async)
tee(r0, r1, 0x1, 0x4)

[  398.618892][T29118] FAULT_INJECTION: forcing a failure.
[  398.618892][T29118] name failslab, interval 1, probability 0, space 0, times 0
[  398.635629][T29118] CPU: 0 PID: 29118 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  398.647255][T29118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  398.657296][T29118] Call Trace:
[  398.660581][T29118]  dump_stack+0x1d8/0x241
[  398.664890][T29118]  ? panic+0x73e/0x73e
[  398.668930][T29118]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  398.674809][T29118]  should_fail+0x709/0x870
[  398.679216][T29118]  ? setup_fault_attr+0x3d0/0x3d0
[  398.684212][T29118]  ? device_add+0xb6/0xbc0
[  398.688604][T29118]  should_failslab+0x5/0x20
[  398.693073][T29118]  kmem_cache_alloc_trace+0x28/0x240
[  398.698325][T29118]  device_add+0xb6/0xbc0
[  398.702539][T29118]  device_create_vargs+0x1b8/0x210
[  398.707633][T29118]  device_create+0xea/0x130
[  398.712115][T29118]  ? device_create_vargs+0x210/0x210
[  398.717376][T29118]  bdi_register_va+0x89/0x5e0
[  398.722022][T29118]  bdi_register+0xd1/0x120
[  398.726413][T29118]  ? __device_add_disk+0x539/0x1200
[  398.731755][T29118]  ? bdi_register_va+0x5e0/0x5e0
[  398.736668][T29118]  ? percpu_ref_resurrect+0x113/0x190
[  398.742009][T29118]  bdi_register_owner+0x56/0xf0
[  398.746845][T29118]  __device_add_disk+0x5b8/0x1200
[  398.751861][T29118]  ? device_add_disk+0x30/0x30
[  398.756596][T29118]  ? vsprintf+0x30/0x30
[  398.760726][T29118]  ? device_initialize+0x1c7/0x3d0
[  398.765812][T29118]  ? __alloc_disk_node+0x326/0x380
[  398.770892][T29118]  loop_add+0x554/0x710
[  398.775017][T29118]  loop_control_ioctl+0x564/0x740
[  398.780015][T29118]  ? loop_remove+0xa0/0xa0
[  398.784408][T29118]  ? __lru_cache_add+0x1bf/0x210
[  398.789327][T29118]  ? memset+0x1f/0x40
[  398.793287][T29118]  ? fsnotify+0x1332/0x13f0
[  398.797771][T29118]  ? loop_remove+0xa0/0xa0
[  398.802167][T29118]  do_vfs_ioctl+0x744/0x1730
[  398.806729][T29118]  ? selinux_file_ioctl+0x723/0x970
[  398.811995][T29118]  ? ioctl_preallocate+0x250/0x250
[  398.817342][T29118]  ? __fget+0x40c/0x4a0
[  398.821465][T29118]  ? fget_many+0x20/0x20
[  398.825678][T29118]  ? check_preemption_disabled+0x154/0x330
[  398.831464][T29118]  ? debug_smp_processor_id+0x20/0x20
[  398.836808][T29118]  ? security_file_ioctl+0x9d/0xb0
[  398.841896][T29118]  __x64_sys_ioctl+0xd4/0x110
[  398.846555][T29118]  do_syscall_64+0xcb/0x1c0
[  398.851037][T29118]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  398.858972][T29118] ------------[ cut here ]------------
[  398.864440][T29118] WARNING: CPU: 0 PID: 29118 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  398.874007][T29118] Modules linked in:
[  398.877876][T29118] CPU: 0 PID: 29118 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  398.889465][T29118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  398.899501][T29118] RIP: 0010:__device_add_disk+0xe83/0x1200
[  398.905273][T29118] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  398.924847][T29118] RSP: 0018:ffff8881e5407a00 EFLAGS: 00010246
[  398.930879][T29118] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  398.939091][T29118] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  398.947032][T29118] RBP: ffff8881e5407b40 R08: ffffffff821fdb73 R09: 0000000000000003
[  398.954972][T29118] R10: ffffed103ca80e55 R11: 1ffff1103ca80e54 R12: ffff8881eae40000
[  398.962925][T29118] R13: dffffc0000000000 R14: ffff8881eae40070 R15: 1ffff1103d5c809d
[  398.970955][T29118] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  398.979849][T29118] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  398.986412][T29118] CR2: 00007f87bcb17718 CR3: 00000001eb42f000 CR4: 00000000003406f0
[  398.994362][T29118] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  399.002302][T29118] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  399.010240][T29118] Call Trace:
[  399.013500][T29118]  ? device_add_disk+0x30/0x30
[  399.018230][T29118]  ? vsprintf+0x30/0x30
[  399.022368][T29118]  ? device_initialize+0x1c7/0x3d0
[  399.027534][T29118]  ? __alloc_disk_node+0x326/0x380
[  399.032612][T29118]  loop_add+0x554/0x710
[  399.036911][T29118]  loop_control_ioctl+0x564/0x740
[  399.041988][T29118]  ? loop_remove+0xa0/0xa0
[  399.046374][T29118]  ? __lru_cache_add+0x1bf/0x210
[  399.051278][T29118]  ? memset+0x1f/0x40
[  399.055238][T29118]  ? fsnotify+0x1332/0x13f0
[  399.059708][T29118]  ? loop_remove+0xa0/0xa0
[  399.064090][T29118]  do_vfs_ioctl+0x744/0x1730
[  399.068655][T29118]  ? selinux_file_ioctl+0x723/0x970
[  399.073837][T29118]  ? ioctl_preallocate+0x250/0x250
[  399.078928][T29118]  ? __fget+0x40c/0x4a0
[  399.083052][T29118]  ? fget_many+0x20/0x20
[  399.087263][T29118]  ? check_preemption_disabled+0x154/0x330
[  399.093040][T29118]  ? debug_smp_processor_id+0x20/0x20
[  399.098381][T29118]  ? security_file_ioctl+0x9d/0xb0
[  399.103461][T29118]  __x64_sys_ioctl+0xd4/0x110
[  399.108106][T29118]  do_syscall_64+0xcb/0x1c0
[  399.112587][T29118]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.118466][T29118] ---[ end trace 25474f664d9331e6 ]---
18:36:29 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 47)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x80ffff, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async, rerun: 64)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (rerun: 64)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
read$FUSE(r1, 0x0, 0x63) (async, rerun: 32)
tee(r0, r1, 0x1, 0x4) (rerun: 32)

18:36:29 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x4}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:29 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1a8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x94, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "bb1157bff72c211765653f2de608ca6af603c578"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:29 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:29 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:29 executing program 2:
clock_gettime(0x0, &(0x7f0000000180))
ioctl$PPPIOCGIDLE32(0xffffffffffffffff, 0x8008743f, &(0x7f0000000000))
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f00000000c0))
ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000040)=0x3)
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000100), 0x6, 0x400)
read$FUSE(r2, 0x0, 0x0)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x1000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x2000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x3000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:29 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  399.186624][T29152] FAULT_INJECTION: forcing a failure.
[  399.186624][T29152] name failslab, interval 1, probability 0, space 0, times 0
[  399.205220][T29152] CPU: 1 PID: 29152 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  399.216845][T29152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  399.226892][T29152] Call Trace:
[  399.230175][T29152]  dump_stack+0x1d8/0x241
[  399.234498][T29152]  ? panic+0x73e/0x73e
[  399.238632][T29152]  ? unwind_next_frame+0x149e/0x1ed0
[  399.243913][T29152]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  399.249709][T29152]  should_fail+0x709/0x870
[  399.254108][T29152]  ? setup_fault_attr+0x3d0/0x3d0
[  399.259192][T29152]  ? deref_stack_reg+0x1f0/0x1f0
[  399.264114][T29152]  ? __unwind_start+0x72f/0x8e0
[  399.269029][T29152]  ? __kernfs_new_node+0x99/0x6d0
[  399.274030][T29152]  should_failslab+0x5/0x20
[  399.278507][T29152]  __kmalloc_track_caller+0x4f/0x280
[  399.283774][T29152]  ? stack_trace_save+0x200/0x200
[  399.288768][T29152]  kstrdup_const+0x51/0x90
[  399.293155][T29152]  __kernfs_new_node+0x99/0x6d0
[  399.298074][T29152]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.304114][T29152]  ? kernfs_new_node+0x160/0x160
[  399.309034][T29152]  ? stack_trace_save+0x132/0x200
[  399.314043][T29152]  ? stack_trace_snprint+0x170/0x170
[  399.319301][T29152]  ? stack_trace_save+0x132/0x200
[  399.324295][T29152]  kernfs_create_dir_ns+0x90/0x220
[  399.329383][T29152]  sysfs_create_dir_ns+0x181/0x390
[  399.334467][T29152]  ? sysfs_warn_dup+0xa0/0xa0
[  399.339116][T29152]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.345156][T29152]  kobject_add_internal+0x6ba/0xcb0
[  399.350321][T29152]  kobject_add+0x14c/0x210
[  399.354790][T29152]  ? _raw_spin_lock+0xa3/0x1b0
[  399.359520][T29152]  ? kobject_init+0x1d0/0x1d0
[  399.364165][T29152]  ? mutex_unlock+0x19/0x40
[  399.368635][T29152]  ? get_device_parent+0x2bd/0x420
[  399.373711][T29152]  device_add+0x3fc/0xbc0
[  399.378009][T29152]  device_create_vargs+0x1b8/0x210
[  399.383087][T29152]  device_create+0xea/0x130
[  399.387563][T29152]  ? device_create_vargs+0x210/0x210
[  399.392816][T29152]  bdi_register_va+0x89/0x5e0
[  399.397462][T29152]  bdi_register+0xd1/0x120
[  399.401848][T29152]  ? __device_add_disk+0x539/0x1200
[  399.407009][T29152]  ? bdi_register_va+0x5e0/0x5e0
[  399.411999][T29152]  ? percpu_ref_resurrect+0x113/0x190
[  399.417336][T29152]  bdi_register_owner+0x56/0xf0
[  399.422154][T29152]  __device_add_disk+0x5b8/0x1200
[  399.427146][T29152]  ? device_add_disk+0x30/0x30
[  399.431874][T29152]  ? vsprintf+0x30/0x30
[  399.435995][T29152]  ? device_initialize+0x1c7/0x3d0
[  399.441083][T29152]  ? __alloc_disk_node+0x326/0x380
[  399.446172][T29152]  loop_add+0x554/0x710
[  399.450295][T29152]  loop_control_ioctl+0x564/0x740
[  399.455286][T29152]  ? loop_remove+0xa0/0xa0
[  399.459668][T29152]  ? __lru_cache_add+0x1bf/0x210
[  399.464571][T29152]  ? memset+0x1f/0x40
[  399.468520][T29152]  ? fsnotify+0x1332/0x13f0
[  399.472991][T29152]  ? loop_remove+0xa0/0xa0
[  399.477374][T29152]  do_vfs_ioctl+0x744/0x1730
[  399.481931][T29152]  ? selinux_file_ioctl+0x723/0x970
[  399.487096][T29152]  ? ioctl_preallocate+0x250/0x250
[  399.492185][T29152]  ? __fget+0x40c/0x4a0
[  399.496309][T29152]  ? fget_many+0x20/0x20
[  399.500524][T29152]  ? check_preemption_disabled+0x154/0x330
[  399.506296][T29152]  ? debug_smp_processor_id+0x20/0x20
[  399.511640][T29152]  ? security_file_ioctl+0x9d/0xb0
[  399.516738][T29152]  __x64_sys_ioctl+0xd4/0x110
[  399.521379][T29152]  do_syscall_64+0xcb/0x1c0
[  399.525850][T29152]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.535380][T29152] kobject_add_internal failed for 7:0 (error: -12 parent: bdi)
[  399.543055][T29152] ------------[ cut here ]------------
[  399.548514][T29152] WARNING: CPU: 1 PID: 29152 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  399.557589][T29152] Modules linked in:
[  399.561459][T29152] CPU: 1 PID: 29152 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  399.573045][T29152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  399.583083][T29152] RIP: 0010:__device_add_disk+0xe83/0x1200
[  399.588865][T29152] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  399.608873][T29152] RSP: 0018:ffff8881ed57fa00 EFLAGS: 00010246
[  399.614904][T29152] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  399.622851][T29152] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  399.630797][T29152] RBP: ffff8881ed57fb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  399.638753][T29152] R10: ffffffff84800000 R11: 1ffff1103daafe00 R12: ffff8881d2508000
[  399.646704][T29152] R13: dffffc0000000000 R14: ffff8881d2508070 R15: 1ffff1103a4a109d
[  399.654645][T29152] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  399.663552][T29152] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  399.670105][T29152] CR2: 00007fd4db9d1218 CR3: 00000001ced47000 CR4: 00000000003406e0
[  399.678045][T29152] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  399.685998][T29152] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  399.693937][T29152] Call Trace:
[  399.697202][T29152]  ? device_add_disk+0x30/0x30
[  399.701942][T29152]  ? vsprintf+0x30/0x30
[  399.706066][T29152]  ? device_initialize+0x1c7/0x3d0
[  399.711174][T29152]  ? __alloc_disk_node+0x326/0x380
[  399.716254][T29152]  loop_add+0x554/0x710
[  399.720378][T29152]  loop_control_ioctl+0x564/0x740
[  399.725387][T29152]  ? loop_remove+0xa0/0xa0
[  399.729787][T29152]  ? __lru_cache_add+0x1bf/0x210
[  399.734698][T29152]  ? memset+0x1f/0x40
[  399.738650][T29152]  ? fsnotify+0x1332/0x13f0
[  399.743122][T29152]  ? loop_remove+0xa0/0xa0
[  399.747511][T29152]  do_vfs_ioctl+0x744/0x1730
[  399.752070][T29152]  ? selinux_file_ioctl+0x723/0x970
[  399.757236][T29152]  ? ioctl_preallocate+0x250/0x250
[  399.762313][T29152]  ? __fget+0x40c/0x4a0
[  399.766455][T29152]  ? fget_many+0x20/0x20
[  399.770666][T29152]  ? check_preemption_disabled+0x154/0x330
[  399.776439][T29152]  ? debug_smp_processor_id+0x20/0x20
[  399.781790][T29152]  ? security_file_ioctl+0x9d/0xb0
[  399.786877][T29152]  __x64_sys_ioctl+0xd4/0x110
[  399.791522][T29152]  do_syscall_64+0xcb/0x1c0
[  399.795994][T29152]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.801866][T29152] ---[ end trace 25474f664d9331e7 ]---
18:36:30 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 48)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x5000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:30 executing program 2:
clock_gettime(0x0, &(0x7f0000000180)) (async)
ioctl$PPPIOCGIDLE32(0xffffffffffffffff, 0x8008743f, &(0x7f0000000000)) (async)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f00000000c0)) (async)
ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000040)=0x3) (async)
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000100), 0x6, 0x400) (async)
read$FUSE(r2, 0x0, 0x0)

18:36:30 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1a8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x94, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x3c, 0x4, {'gcm(aes)\x00', 0x14, "bb1157bff72c211765653f2de608ca6af603c578"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1a8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:30 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:30 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  399.854622][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  399.882271][T29176] FAULT_INJECTION: forcing a failure.
[  399.882271][T29176] name failslab, interval 1, probability 0, space 0, times 0
18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x8000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x9000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xa000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:30 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xb000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  399.895730][T29176] CPU: 1 PID: 29176 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  399.907339][T29176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  399.917380][T29176] Call Trace:
[  399.920658][T29176]  dump_stack+0x1d8/0x241
[  399.924981][T29176]  ? panic+0x73e/0x73e
[  399.929035][T29176]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  399.934831][T29176]  should_fail+0x709/0x870
[  399.939240][T29176]  ? setup_fault_attr+0x3d0/0x3d0
[  399.944255][T29176]  ? __kernfs_new_node+0xdb/0x6d0
[  399.949262][T29176]  should_failslab+0x5/0x20
[  399.953751][T29176]  kmem_cache_alloc+0x24/0x210
[  399.958487][T29176]  __kernfs_new_node+0xdb/0x6d0
[  399.963308][T29176]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  399.969343][T29176]  ? kernfs_new_node+0x160/0x160
[  399.974246][T29176]  ? stack_trace_save+0x132/0x200
[  399.979246][T29176]  ? stack_trace_snprint+0x170/0x170
[  399.984501][T29176]  ? stack_trace_save+0x132/0x200
[  399.989495][T29176]  kernfs_create_dir_ns+0x90/0x220
[  399.994575][T29176]  sysfs_create_dir_ns+0x181/0x390
[  399.999684][T29176]  ? sysfs_warn_dup+0xa0/0xa0
[  400.004339][T29176]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.010379][T29176]  kobject_add_internal+0x6ba/0xcb0
[  400.015546][T29176]  kobject_add+0x14c/0x210
[  400.019930][T29176]  ? _raw_spin_lock+0xa3/0x1b0
[  400.024660][T29176]  ? kobject_init+0x1d0/0x1d0
[  400.029304][T29176]  ? mutex_unlock+0x19/0x40
[  400.033783][T29176]  ? get_device_parent+0x2bd/0x420
[  400.038952][T29176]  device_add+0x3fc/0xbc0
[  400.043270][T29176]  device_create_vargs+0x1b8/0x210
[  400.048348][T29176]  device_create+0xea/0x130
[  400.052818][T29176]  ? device_create_vargs+0x210/0x210
[  400.058090][T29176]  bdi_register_va+0x89/0x5e0
[  400.062736][T29176]  bdi_register+0xd1/0x120
[  400.067132][T29176]  ? __device_add_disk+0x539/0x1200
[  400.072397][T29176]  ? bdi_register_va+0x5e0/0x5e0
[  400.077315][T29176]  ? percpu_ref_resurrect+0x113/0x190
[  400.082692][T29176]  bdi_register_owner+0x56/0xf0
[  400.087521][T29176]  __device_add_disk+0x5b8/0x1200
[  400.092515][T29176]  ? device_add_disk+0x30/0x30
[  400.097245][T29176]  ? vsprintf+0x30/0x30
[  400.101371][T29176]  ? device_initialize+0x1c7/0x3d0
[  400.106449][T29176]  ? __alloc_disk_node+0x326/0x380
[  400.111535][T29176]  loop_add+0x554/0x710
[  400.115706][T29176]  loop_control_ioctl+0x564/0x740
[  400.120699][T29176]  ? loop_remove+0xa0/0xa0
[  400.125081][T29176]  ? __lru_cache_add+0x1bf/0x210
[  400.129992][T29176]  ? memset+0x1f/0x40
[  400.133949][T29176]  ? fsnotify+0x1332/0x13f0
[  400.138419][T29176]  ? loop_remove+0xa0/0xa0
[  400.142801][T29176]  do_vfs_ioctl+0x744/0x1730
[  400.147360][T29176]  ? selinux_file_ioctl+0x723/0x970
[  400.152524][T29176]  ? ioctl_preallocate+0x250/0x250
[  400.157599][T29176]  ? __fget+0x40c/0x4a0
[  400.161720][T29176]  ? fget_many+0x20/0x20
[  400.165931][T29176]  ? check_preemption_disabled+0x154/0x330
[  400.171706][T29176]  ? debug_smp_processor_id+0x20/0x20
[  400.177048][T29176]  ? security_file_ioctl+0x9d/0xb0
[  400.182124][T29176]  __x64_sys_ioctl+0xd4/0x110
[  400.186788][T29176]  do_syscall_64+0xcb/0x1c0
[  400.191263][T29176]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.199887][T29176] kobject_add_internal failed for 7:0 (error: -12 parent: bdi)
[  400.208243][T29176] ------------[ cut here ]------------
[  400.213708][T29176] WARNING: CPU: 1 PID: 29176 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  400.222778][T29176] Modules linked in:
[  400.226651][T29176] CPU: 1 PID: 29176 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  400.238238][T29176] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  400.248271][T29176] RIP: 0010:__device_add_disk+0xe83/0x1200
[  400.254044][T29176] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  400.273620][T29176] RSP: 0018:ffff8881e8227a00 EFLAGS: 00010246
[  400.279661][T29176] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  400.287602][T29176] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  400.295541][T29176] RBP: ffff8881e8227b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  400.303483][T29176] R10: ffffffff84800000 R11: 1ffff1103d044e00 R12: ffff8881e79a5000
[  400.311434][T29176] R13: dffffc0000000000 R14: ffff8881e79a5070 R15: 1ffff1103cf34a9d
[  400.319376][T29176] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  400.328271][T29176] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  400.334832][T29176] CR2: 00007ffdc86f5fd8 CR3: 00000001ced47000 CR4: 00000000003406e0
[  400.342773][T29176] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  400.350722][T29176] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  400.358666][T29176] Call Trace:
[  400.361932][T29176]  ? device_add_disk+0x30/0x30
[  400.366666][T29176]  ? vsprintf+0x30/0x30
[  400.370791][T29176]  ? device_initialize+0x1c7/0x3d0
[  400.375887][T29176]  ? __alloc_disk_node+0x326/0x380
[  400.380974][T29176]  loop_add+0x554/0x710
[  400.385111][T29176]  loop_control_ioctl+0x564/0x740
[  400.390108][T29176]  ? loop_remove+0xa0/0xa0
[  400.394519][T29176]  ? __lru_cache_add+0x1bf/0x210
[  400.399453][T29176]  ? memset+0x1f/0x40
[  400.403407][T29176]  ? fsnotify+0x1332/0x13f0
[  400.407878][T29176]  ? loop_remove+0xa0/0xa0
[  400.412266][T29176]  do_vfs_ioctl+0x744/0x1730
[  400.416828][T29176]  ? selinux_file_ioctl+0x723/0x970
[  400.422003][T29176]  ? ioctl_preallocate+0x250/0x250
[  400.427082][T29176]  ? __fget+0x40c/0x4a0
[  400.431211][T29176]  ? fget_many+0x20/0x20
[  400.435442][T29176]  ? check_preemption_disabled+0x154/0x330
[  400.441218][T29176]  ? debug_smp_processor_id+0x20/0x20
[  400.446592][T29176]  ? security_file_ioctl+0x9d/0xb0
[  400.451775][T29176]  __x64_sys_ioctl+0xd4/0x110
18:36:31 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 49)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xc000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 2:
clock_gettime(0x0, &(0x7f0000000180))
ioctl$PPPIOCGIDLE32(0xffffffffffffffff, 0x8008743f, &(0x7f0000000000))
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140))
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f00000000c0))
ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000040)=0x3)
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000100), 0x6, 0x400)
read$FUSE(r2, 0x0, 0x0)
clock_gettime(0x0, &(0x7f0000000180)) (async)
ioctl$PPPIOCGIDLE32(0xffffffffffffffff, 0x8008743f, &(0x7f0000000000)) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080), 0x4000, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000140)) (async)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f00000000c0)) (async)
ioctl$PPPIOCCONNECT(0xffffffffffffffff, 0x4004743a, &(0x7f0000000040)=0x3) (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
syz_open_dev$vcsn(&(0x7f0000000100), 0x6, 0x400) (async)
read$FUSE(r2, 0x0, 0x0) (async)

18:36:31 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:31 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x1000)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0x1, 0x0, 0x79, 0x4, 0x4, 0x2, 0x6, 0x7, 0xc5, 0x2, 0xfa}, {0x3f, 0x1264, 0x3f, 0x20, 0x81, 0xf5, 0x68, 0x2, 0x1, 0x3, 0x6, 0x8, 0xdf0}, {0x5, 0x0, 0xf, 0xa4, 0x80, 0x90, 0x10, 0xff, 0x2, 0x4, 0x8, 0x6, 0x81}], 0x7f})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f0000000200))
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x604, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40849}, 0x20040001)

18:36:31 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  400.456422][T29176]  do_syscall_64+0xcb/0x1c0
[  400.460900][T29176]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.466762][T29176] ---[ end trace 25474f664d9331e8 ]---
[  400.484067][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x1000)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0x1, 0x0, 0x79, 0x4, 0x4, 0x2, 0x6, 0x7, 0xc5, 0x2, 0xfa}, {0x3f, 0x1264, 0x3f, 0x20, 0x81, 0xf5, 0x68, 0x2, 0x1, 0x3, 0x6, 0x8, 0xdf0}, {0x5, 0x0, 0xf, 0xa4, 0x80, 0x90, 0x10, 0xff, 0x2, 0x4, 0x8, 0x6, 0x81}], 0x7f})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0) (async)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f0000000200)) (async)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x604, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40849}, 0x20040001)

18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = open_tree(r0, &(0x7f0000000000)='./file0\x00', 0x1000)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0) (async)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000180)={[{0x1, 0x0, 0x79, 0x4, 0x4, 0x2, 0x6, 0x7, 0xc5, 0x2, 0xfa}, {0x3f, 0x1264, 0x3f, 0x20, 0x81, 0xf5, 0x68, 0x2, 0x1, 0x3, 0x6, 0x8, 0xdf0}, {0x5, 0x0, 0xf, 0xa4, 0x80, 0x90, 0x10, 0xff, 0x2, 0x4, 0x8, 0x6, 0x81}], 0x7f}) (async)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0) (async)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f0000000200)) (async)
sendmsg$BATADV_CMD_TP_METER(r1, &(0x7f0000000140)={&(0x7f0000000040), 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x24, r2, 0x604, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x40849}, 0x20040001)

[  400.528157][T29223] FAULT_INJECTION: forcing a failure.
[  400.528157][T29223] name failslab, interval 1, probability 0, space 0, times 0
[  400.540934][T29223] CPU: 0 PID: 29223 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  400.552541][T29223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  400.562585][T29223] Call Trace:
[  400.565859][T29223]  dump_stack+0x1d8/0x241
[  400.570199][T29223]  ? panic+0x73e/0x73e
[  400.574253][T29223]  ? arch_stack_walk+0x114/0x140
[  400.579163][T29223]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  400.584956][T29223]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.591097][T29223]  should_fail+0x709/0x870
[  400.595507][T29223]  ? setup_fault_attr+0x3d0/0x3d0
[  400.600518][T29223]  ? radix_tree_node_alloc+0x18c/0x370
[  400.605947][T29223]  should_failslab+0x5/0x20
[  400.610419][T29223]  kmem_cache_alloc+0x24/0x210
[  400.615161][T29223]  radix_tree_node_alloc+0x18c/0x370
[  400.620419][T29223]  ? sysfs_create_dir_ns+0x181/0x390
[  400.625674][T29223]  ? kobject_add_internal+0x6ba/0xcb0
[  400.631013][T29223]  ? kobject_add+0x14c/0x210
[  400.635598][T29223]  ? device_add+0x3fc/0xbc0
[  400.640075][T29223]  idr_get_free+0x299/0x840
[  400.644547][T29223]  idr_alloc_cyclic+0x1f3/0x5e0
[  400.649364][T29223]  ? idr_alloc+0x2f0/0x2f0
[  400.653748][T29223]  ? _raw_spin_lock+0xa3/0x1b0
[  400.658487][T29223]  ? __kernfs_new_node+0xdb/0x6d0
[  400.663488][T29223]  __kernfs_new_node+0x122/0x6d0
[  400.668394][T29223]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.674432][T29223]  ? kernfs_new_node+0x160/0x160
[  400.679351][T29223]  ? stack_trace_save+0x132/0x200
[  400.684345][T29223]  ? stack_trace_snprint+0x170/0x170
[  400.689605][T29223]  ? stack_trace_save+0x132/0x200
[  400.694603][T29223]  kernfs_create_dir_ns+0x90/0x220
[  400.699684][T29223]  sysfs_create_dir_ns+0x181/0x390
[  400.704767][T29223]  ? sysfs_warn_dup+0xa0/0xa0
[  400.709413][T29223]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  400.715449][T29223]  kobject_add_internal+0x6ba/0xcb0
[  400.720613][T29223]  kobject_add+0x14c/0x210
[  400.724997][T29223]  ? _raw_spin_lock+0xa3/0x1b0
[  400.729728][T29223]  ? kobject_init+0x1d0/0x1d0
[  400.734372][T29223]  ? mutex_unlock+0x19/0x40
[  400.738858][T29223]  ? get_device_parent+0x2bd/0x420
[  400.743939][T29223]  device_add+0x3fc/0xbc0
[  400.748252][T29223]  device_create_vargs+0x1b8/0x210
[  400.753331][T29223]  device_create+0xea/0x130
[  400.757804][T29223]  ? device_create_vargs+0x210/0x210
[  400.763069][T29223]  bdi_register_va+0x89/0x5e0
[  400.767809][T29223]  bdi_register+0xd1/0x120
[  400.772200][T29223]  ? __device_add_disk+0x539/0x1200
[  400.777371][T29223]  ? bdi_register_va+0x5e0/0x5e0
[  400.782298][T29223]  ? percpu_ref_resurrect+0x113/0x190
[  400.787655][T29223]  bdi_register_owner+0x56/0xf0
[  400.792489][T29223]  __device_add_disk+0x5b8/0x1200
[  400.797481][T29223]  ? device_add_disk+0x30/0x30
[  400.802211][T29223]  ? vsprintf+0x30/0x30
[  400.806335][T29223]  ? device_initialize+0x1c7/0x3d0
[  400.811429][T29223]  ? __alloc_disk_node+0x326/0x380
[  400.816508][T29223]  loop_add+0x554/0x710
[  400.820635][T29223]  loop_control_ioctl+0x564/0x740
[  400.825636][T29223]  ? loop_remove+0xa0/0xa0
[  400.830033][T29223]  ? __lru_cache_add+0x1bf/0x210
[  400.834942][T29223]  ? memset+0x1f/0x40
[  400.838909][T29223]  ? fsnotify+0x1332/0x13f0
[  400.843399][T29223]  ? loop_remove+0xa0/0xa0
[  400.847785][T29223]  do_vfs_ioctl+0x744/0x1730
[  400.852345][T29223]  ? selinux_file_ioctl+0x723/0x970
[  400.857522][T29223]  ? ioctl_preallocate+0x250/0x250
[  400.862625][T29223]  ? __fget+0x40c/0x4a0
[  400.866746][T29223]  ? fget_many+0x20/0x20
[  400.870957][T29223]  ? check_preemption_disabled+0x154/0x330
[  400.876731][T29223]  ? debug_smp_processor_id+0x20/0x20
[  400.882083][T29223]  ? security_file_ioctl+0x9d/0xb0
[  400.887172][T29223]  __x64_sys_ioctl+0xd4/0x110
[  400.891819][T29223]  do_syscall_64+0xcb/0x1c0
[  400.896294][T29223]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:31 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 50)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x4, 0x20, 0x6, 0x1, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x8000, 0x8, 0x6c6, 0x9}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vxcan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newaddrlabel={0x4c, 0x48, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x18, 0x0, r2, 0x3}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}, @IFAL_ADDRESS={0x14, 0x1, @loopback}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44004}, 0x4000040)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000200)=0x2)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000001c0)={0x0, 0x9})
read$FUSE(r1, 0x0, 0x0)

18:36:31 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xf000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  400.934758][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  400.968139][T29255] FAULT_INJECTION: forcing a failure.
[  400.968139][T29255] name failslab, interval 1, probability 0, space 0, times 0
18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x4, 0x20, 0x6, 0x1, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x8000, 0x8, 0x6c6, 0x9}})
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vxcan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newaddrlabel={0x4c, 0x48, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x18, 0x0, r2, 0x3}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}, @IFAL_ADDRESS={0x14, 0x1, @loopback}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44004}, 0x4000040)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000200)=0x2)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000001c0)={0x0, 0x9})
read$FUSE(r1, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x4, 0x20, 0x6, 0x1, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x8000, 0x8, 0x6c6, 0x9}}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vxcan0\x00'}) (async)
sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newaddrlabel={0x4c, 0x48, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x18, 0x0, r2, 0x3}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}, @IFAL_ADDRESS={0x14, 0x1, @loopback}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44004}, 0x4000040) (async)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000200)=0x2) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000001c0)={0x0, 0x9}) (async)
read$FUSE(r1, 0x0, 0x0) (async)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x10000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async, rerun: 64)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x4, 0x20, 0x6, 0x1, 0x1, @private2={0xfc, 0x2, '\x00', 0x1}, @private1, 0x8000, 0x8, 0x6c6, 0x9}}) (async)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000240)={'vxcan0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000140)={&(0x7f00000002c0)=@ipv6_newaddrlabel={0x4c, 0x48, 0x10, 0x70bd27, 0x25dfdbfc, {0xa, 0x0, 0x18, 0x0, r2, 0x3}, [@IFAL_LABEL={0x8}, @IFAL_ADDRESS={0x14, 0x1, @rand_addr=' \x01\x00'}, @IFAL_ADDRESS={0x14, 0x1, @loopback}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44004}, 0x4000040) (async)
ioctl$BINDER_SET_MAX_THREADS(r0, 0x40046205, &(0x7f0000000200)=0x2)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000001c0)={0x0, 0x9}) (async, rerun: 32)
read$FUSE(r1, 0x0, 0x0) (rerun: 32)

[  400.980814][T29255] CPU: 0 PID: 29255 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  400.992502][T29255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  401.002803][T29255] Call Trace:
[  401.006084][T29255]  dump_stack+0x1d8/0x241
[  401.010406][T29255]  ? panic+0x73e/0x73e
[  401.014461][T29255]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  401.020254][T29255]  should_fail+0x709/0x870
[  401.024659][T29255]  ? setup_fault_attr+0x3d0/0x3d0
[  401.029673][T29255]  ? radix_tree_node_alloc+0x18c/0x370
[  401.035123][T29255]  should_failslab+0x5/0x20
[  401.039617][T29255]  kmem_cache_alloc+0x24/0x210
[  401.044369][T29255]  radix_tree_node_alloc+0x18c/0x370
[  401.049647][T29255]  ? sysfs_create_dir_ns+0x181/0x390
[  401.054904][T29255]  ? kobject_add_internal+0x6ba/0xcb0
[  401.060243][T29255]  ? kobject_add+0x14c/0x210
[  401.064801][T29255]  ? device_add+0x3fc/0xbc0
[  401.069278][T29255]  idr_get_free+0x299/0x840
[  401.073750][T29255]  idr_alloc_cyclic+0x1f3/0x5e0
[  401.078606][T29255]  ? idr_alloc+0x2f0/0x2f0
[  401.083002][T29255]  ? _raw_spin_lock+0xa3/0x1b0
[  401.087736][T29255]  ? __kernfs_new_node+0xdb/0x6d0
[  401.092761][T29255]  __kernfs_new_node+0x122/0x6d0
[  401.097886][T29255]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  401.103936][T29255]  ? kernfs_new_node+0x160/0x160
[  401.108851][T29255]  ? stack_trace_save+0x132/0x200
[  401.113863][T29255]  ? stack_trace_snprint+0x170/0x170
[  401.119124][T29255]  ? stack_trace_save+0x132/0x200
[  401.124122][T29255]  kernfs_create_dir_ns+0x90/0x220
[  401.129221][T29255]  sysfs_create_dir_ns+0x181/0x390
[  401.134306][T29255]  ? sysfs_warn_dup+0xa0/0xa0
[  401.138956][T29255]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  401.145001][T29255]  kobject_add_internal+0x6ba/0xcb0
[  401.150196][T29255]  kobject_add+0x14c/0x210
[  401.154593][T29255]  ? _raw_spin_lock+0xa3/0x1b0
[  401.159356][T29255]  ? kobject_init+0x1d0/0x1d0
[  401.164012][T29255]  ? mutex_unlock+0x19/0x40
[  401.168499][T29255]  ? get_device_parent+0x2bd/0x420
[  401.173584][T29255]  device_add+0x3fc/0xbc0
[  401.177910][T29255]  device_create_vargs+0x1b8/0x210
[  401.182992][T29255]  device_create+0xea/0x130
[  401.187480][T29255]  ? device_create_vargs+0x210/0x210
[  401.192738][T29255]  bdi_register_va+0x89/0x5e0
[  401.197388][T29255]  bdi_register+0xd1/0x120
[  401.201774][T29255]  ? __device_add_disk+0x539/0x1200
[  401.206942][T29255]  ? bdi_register_va+0x5e0/0x5e0
[  401.211870][T29255]  ? percpu_ref_resurrect+0x113/0x190
[  401.217212][T29255]  bdi_register_owner+0x56/0xf0
[  401.222035][T29255]  __device_add_disk+0x5b8/0x1200
[  401.227029][T29255]  ? device_add_disk+0x30/0x30
[  401.231765][T29255]  ? vsprintf+0x30/0x30
[  401.235892][T29255]  ? device_initialize+0x1c7/0x3d0
[  401.240971][T29255]  ? __alloc_disk_node+0x326/0x380
[  401.246060][T29255]  loop_add+0x554/0x710
[  401.250199][T29255]  loop_control_ioctl+0x564/0x740
[  401.255196][T29255]  ? loop_remove+0xa0/0xa0
[  401.259601][T29255]  ? __lru_cache_add+0x1bf/0x210
[  401.264508][T29255]  ? memset+0x1f/0x40
[  401.268467][T29255]  ? fsnotify+0x1332/0x13f0
[  401.272940][T29255]  ? loop_remove+0xa0/0xa0
[  401.277348][T29255]  do_vfs_ioctl+0x744/0x1730
18:36:31 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 51)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x11000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 2:
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000), 0x8)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:31 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da5"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:31 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  401.281919][T29255]  ? selinux_file_ioctl+0x723/0x970
[  401.287090][T29255]  ? ioctl_preallocate+0x250/0x250
[  401.292182][T29255]  ? __fget+0x40c/0x4a0
[  401.296338][T29255]  ? fget_many+0x20/0x20
[  401.300570][T29255]  ? check_preemption_disabled+0x154/0x330
[  401.306355][T29255]  ? debug_smp_processor_id+0x20/0x20
[  401.311699][T29255]  ? security_file_ioctl+0x9d/0xb0
[  401.316779][T29255]  __x64_sys_ioctl+0xd4/0x110
[  401.321442][T29255]  do_syscall_64+0xcb/0x1c0
[  401.325936][T29255]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x12000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 2:
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000), 0x8)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:31 executing program 2:
setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(0xffffffffffffffff, 0x28, 0x1, &(0x7f0000000000), 0x8) (async)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:31 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x17000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:31 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:31 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da5"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  401.387890][T29292] FAULT_INJECTION: forcing a failure.
[  401.387890][T29292] name failslab, interval 1, probability 0, space 0, times 0
[  401.402048][T29292] CPU: 1 PID: 29292 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  401.413667][T29292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  401.423707][T29292] Call Trace:
[  401.426984][T29292]  dump_stack+0x1d8/0x241
[  401.431304][T29292]  ? panic+0x73e/0x73e
[  401.435361][T29292]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  401.441156][T29292]  ? _raw_spin_lock+0xa3/0x1b0
[  401.445910][T29292]  should_fail+0x709/0x870
[  401.450315][T29292]  ? security_kernfs_init_security+0x9a/0xb0
[  401.456360][T29292]  ? setup_fault_attr+0x3d0/0x3d0
[  401.461362][T29292]  ? mutex_lock+0xa6/0x110
[  401.465748][T29292]  ? mutex_trylock+0xa0/0xa0
[  401.470316][T29292]  ? __kernfs_new_node+0xdb/0x6d0
[  401.475331][T29292]  should_failslab+0x5/0x20
[  401.479811][T29292]  kmem_cache_alloc+0x24/0x210
[  401.484556][T29292]  __kernfs_new_node+0xdb/0x6d0
[  401.489390][T29292]  ? kernfs_activate+0x3fc/0x420
[  401.494326][T29292]  ? mutex_unlock+0x19/0x40
[  401.498814][T29292]  ? kernfs_new_node+0x160/0x160
[  401.503731][T29292]  ? __kernfs_create_file+0x1f1/0x260
[  401.509074][T29292]  ? sysfs_add_file_mode_ns+0x292/0x340
[  401.514590][T29292]  kernfs_new_node+0x95/0x160
[  401.519237][T29292]  kernfs_create_link+0x9c/0x1f0
[  401.524143][T29292]  sysfs_do_create_link_sd+0x85/0x100
[  401.529483][T29292]  device_add_class_symlinks+0xd6/0x2a0
[  401.535002][T29292]  device_add+0x4e4/0xbc0
[  401.539373][T29292]  device_create_vargs+0x1b8/0x210
[  401.544474][T29292]  device_create+0xea/0x130
[  401.548975][T29292]  ? device_create_vargs+0x210/0x210
[  401.554235][T29292]  bdi_register_va+0x89/0x5e0
[  401.558886][T29292]  bdi_register+0xd1/0x120
[  401.563275][T29292]  ? __device_add_disk+0x539/0x1200
[  401.568444][T29292]  ? bdi_register_va+0x5e0/0x5e0
[  401.573358][T29292]  ? percpu_ref_resurrect+0x113/0x190
[  401.578706][T29292]  bdi_register_owner+0x56/0xf0
[  401.583527][T29292]  __device_add_disk+0x5b8/0x1200
[  401.588526][T29292]  ? device_add_disk+0x30/0x30
[  401.593273][T29292]  ? vsprintf+0x30/0x30
[  401.597405][T29292]  ? device_initialize+0x1c7/0x3d0
[  401.602497][T29292]  ? __alloc_disk_node+0x326/0x380
[  401.607590][T29292]  loop_add+0x554/0x710
[  401.611715][T29292]  loop_control_ioctl+0x564/0x740
[  401.616709][T29292]  ? loop_remove+0xa0/0xa0
[  401.621354][T29292]  ? __lru_cache_add+0x1bf/0x210
[  401.626258][T29292]  ? memset+0x1f/0x40
[  401.630215][T29292]  ? fsnotify+0x1332/0x13f0
[  401.634693][T29292]  ? loop_remove+0xa0/0xa0
[  401.639077][T29292]  do_vfs_ioctl+0x744/0x1730
[  401.643633][T29292]  ? selinux_file_ioctl+0x723/0x970
[  401.648820][T29292]  ? ioctl_preallocate+0x250/0x250
[  401.653908][T29292]  ? __fget+0x40c/0x4a0
[  401.658033][T29292]  ? fget_many+0x20/0x20
[  401.662338][T29292]  ? check_preemption_disabled+0x154/0x330
[  401.668996][T29292]  ? debug_smp_processor_id+0x20/0x20
[  401.674339][T29292]  ? security_file_ioctl+0x9d/0xb0
[  401.679446][T29292]  __x64_sys_ioctl+0xd4/0x110
[  401.684102][T29292]  do_syscall_64+0xcb/0x1c0
[  401.688580][T29292]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  401.696911][T29292] ------------[ cut here ]------------
[  401.702377][T29292] WARNING: CPU: 0 PID: 29292 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  401.711464][T29292] Modules linked in:
[  401.715331][T29292] CPU: 0 PID: 29292 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  401.726921][T29292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  401.736949][T29292] RIP: 0010:__device_add_disk+0xe83/0x1200
[  401.742814][T29292] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  401.762472][T29292] RSP: 0018:ffff8881e7387a00 EFLAGS: 00010246
[  401.768521][T29292] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  401.776553][T29292] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  401.784503][T29292] RBP: ffff8881e7387b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  401.792440][T29292] R10: ffffffff84800000 R11: 1ffff1103ce70e00 R12: ffff8881cd95d000
[  401.800393][T29292] R13: dffffc0000000000 R14: ffff8881cd95d070 R15: 1ffff11039b2ba9d
[  401.808335][T29292] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  401.817231][T29292] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  401.823813][T29292] CR2: 00007ff61b829718 CR3: 00000001e3ab0000 CR4: 00000000003406f0
[  401.831755][T29292] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  401.839696][T29292] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  401.847634][T29292] Call Trace:
[  401.850901][T29292]  ? device_add_disk+0x30/0x30
[  401.855635][T29292]  ? vsprintf+0x30/0x30
[  401.859761][T29292]  ? device_initialize+0x1c7/0x3d0
[  401.864839][T29292]  ? __alloc_disk_node+0x326/0x380
[  401.869931][T29292]  loop_add+0x554/0x710
[  401.874059][T29292]  loop_control_ioctl+0x564/0x740
[  401.879054][T29292]  ? loop_remove+0xa0/0xa0
[  401.883445][T29292]  ? __lru_cache_add+0x1bf/0x210
[  401.888359][T29292]  ? memset+0x1f/0x40
[  401.892850][T29292]  ? fsnotify+0x1332/0x13f0
[  401.897321][T29292]  ? loop_remove+0xa0/0xa0
[  401.901705][T29292]  do_vfs_ioctl+0x744/0x1730
[  401.906262][T29292]  ? selinux_file_ioctl+0x723/0x970
[  401.911428][T29292]  ? ioctl_preallocate+0x250/0x250
[  401.916537][T29292]  ? __fget+0x40c/0x4a0
[  401.920659][T29292]  ? fget_many+0x20/0x20
[  401.924872][T29292]  ? check_preemption_disabled+0x154/0x330
[  401.930644][T29292]  ? debug_smp_processor_id+0x20/0x20
18:36:32 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 52)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:32 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:32 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x20000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:32 executing program 2:
pipe2(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x84880)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200440c4)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000140))
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r2, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000d40)=ANY=[@ANYBLOB="257e000000000000b7e800000003000000000000001100000000000000000400000000000001800000000000000000000000000000000000000000000000120000000000000000000000000000ef0e000001000000ffffffffffffff7f0100000000000000000000000000000000000000000000000830000000000000000000c0063777a42a01f5a0f6c22c00000000001a0b00000000004b3f5d3ad16fe73600000000000000000000000000000000000000000000000000000200"/201])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/162, 0xa2, 0x0, 0x2e}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x0, 0x4}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x400}], 0xc2, 0x0, &(0x7f0000000440)="62cf774e62de2550b99be4d1fecda25a254a27be360ca9fed55841f02edf811f69717174c7c8f40a4ed332bac5c840fd1ad764dab2e974f6d6fe56682619fbd5d771951ad20e3c627c538161b7ab9a897293a660f7ee2c4489b3dfbd576606ca305047f429630f3aa0528b269d19dd745bd3a9f7dd45bab7d7a45175c9242030f34ffefefcc263a4f9c1ae9b6f4240bd6e140ac296f2a10090f720290510dfbb3e25596553e139c5a918e529dbc9c92ab82da604d9975ef7e8e4cf8a152399c23aa5"})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', <r6=>0x0, 0x4, 0xfd, 0x7, 0x2, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x700, 0x6, 0x1f}})
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xba}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000002)
tee(r4, r3, 0x7, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8841}, 0x4004)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000006c0)={0x0, 0x0, @ioapic})
pipe2(&(0x7f00000001c0)={<r7=>0xffffffffffffffff}, 0xc4080)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000cc0)={[{0x1f, 0x9, 0x0, 0x7, 0x8, 0x1, 0xe2, 0x40, 0x2, 0x3f, 0x90, 0x9e, 0x100}, {0x2, 0x6c71, 0x2, 0x95, 0x80, 0x81, 0x1, 0x3, 0x67, 0x7, 0x0, 0x1f, 0x9}, {0x2, 0x6, 0x3f, 0x83, 0x80, 0x40, 0x9, 0x81, 0x8, 0x7b, 0x20, 0x8, 0xffffffffffffff01}], 0xccbc})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x10000, 0x1, 0x10000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})

18:36:32 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:32 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da5"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:32 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x25000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:32 executing program 2:
pipe2(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x84880)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200440c4)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000140))
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r2, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000d40)=ANY=[@ANYBLOB="257e000000000000b7e800000003000000000000001100000000000000000400000000000001800000000000000000000000000000000000000000000000120000000000000000000000000000ef0e000001000000ffffffffffffff7f0100000000000000000000000000000000000000000000000830000000000000000000c0063777a42a01f5a0f6c22c00000000001a0b00000000004b3f5d3ad16fe73600000000000000000000000000000000000000000000000000000200"/201])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/162, 0xa2, 0x0, 0x2e}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x0, 0x4}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x400}], 0xc2, 0x0, &(0x7f0000000440)="62cf774e62de2550b99be4d1fecda25a254a27be360ca9fed55841f02edf811f69717174c7c8f40a4ed332bac5c840fd1ad764dab2e974f6d6fe56682619fbd5d771951ad20e3c627c538161b7ab9a897293a660f7ee2c4489b3dfbd576606ca305047f429630f3aa0528b269d19dd745bd3a9f7dd45bab7d7a45175c9242030f34ffefefcc263a4f9c1ae9b6f4240bd6e140ac296f2a10090f720290510dfbb3e25596553e139c5a918e529dbc9c92ab82da604d9975ef7e8e4cf8a152399c23aa5"})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', <r6=>0x0, 0x4, 0xfd, 0x7, 0x2, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x700, 0x6, 0x1f}})
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xba}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000002)
tee(r4, r3, 0x7, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8841}, 0x4004)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000006c0)={0x0, 0x0, @ioapic})
pipe2(&(0x7f00000001c0)={<r7=>0xffffffffffffffff}, 0xc4080)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000cc0)={[{0x1f, 0x9, 0x0, 0x7, 0x8, 0x1, 0xe2, 0x40, 0x2, 0x3f, 0x90, 0x9e, 0x100}, {0x2, 0x6c71, 0x2, 0x95, 0x80, 0x81, 0x1, 0x3, 0x67, 0x7, 0x0, 0x1f, 0x9}, {0x2, 0x6, 0x3f, 0x83, 0x80, 0x40, 0x9, 0x81, 0x8, 0x7b, 0x20, 0x8, 0xffffffffffffff01}], 0xccbc})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x10000, 0x1, 0x10000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
pipe2(&(0x7f0000000100), 0x84880) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200440c4) (async)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000140)) (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r2, 0x0, 0x0) (async)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000d40)=ANY=[@ANYBLOB="257e000000000000b7e800000003000000000000001100000000000000000400000000000001800000000000000000000000000000000000000000000000120000000000000000000000000000ef0e000001000000ffffffffffffff7f0100000000000000000000000000000000000000000000000830000000000000000000c0063777a42a01f5a0f6c22c00000000001a0b00000000004b3f5d3ad16fe73600000000000000000000000000000000000000000000000000000200"/201]) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/162, 0xa2, 0x0, 0x2e}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x0, 0x4}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x400}], 0xc2, 0x0, &(0x7f0000000440)="62cf774e62de2550b99be4d1fecda25a254a27be360ca9fed55841f02edf811f69717174c7c8f40a4ed332bac5c840fd1ad764dab2e974f6d6fe56682619fbd5d771951ad20e3c627c538161b7ab9a897293a660f7ee2c4489b3dfbd576606ca305047f429630f3aa0528b269d19dd745bd3a9f7dd45bab7d7a45175c9242030f34ffefefcc263a4f9c1ae9b6f4240bd6e140ac296f2a10090f720290510dfbb3e25596553e139c5a918e529dbc9c92ab82da604d9975ef7e8e4cf8a152399c23aa5"}) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', 0x0, 0x4, 0xfd, 0x7, 0x2, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x700, 0x6, 0x1f}}) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xba}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000002) (async)
tee(r4, r3, 0x7, 0x0) (async)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0) (async)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8841}, 0x4004) (async)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000006c0)={0x0, 0x0, @ioapic}) (async)
pipe2(&(0x7f00000001c0), 0xc4080) (async)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000cc0)={[{0x1f, 0x9, 0x0, 0x7, 0x8, 0x1, 0xe2, 0x40, 0x2, 0x3f, 0x90, 0x9e, 0x100}, {0x2, 0x6c71, 0x2, 0x95, 0x80, 0x81, 0x1, 0x3, 0x67, 0x7, 0x0, 0x1f, 0x9}, {0x2, 0x6, 0x3f, 0x83, 0x80, 0x40, 0x9, 0x81, 0x8, 0x7b, 0x20, 0x8, 0xffffffffffffff01}], 0xccbc}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x10000, 0x1, 0x10000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)

[  401.935982][T29292]  ? security_file_ioctl+0x9d/0xb0
[  401.941058][T29292]  __x64_sys_ioctl+0xd4/0x110
[  401.945703][T29292]  do_syscall_64+0xcb/0x1c0
[  401.950192][T29292]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  401.956050][T29292] ---[ end trace 25474f664d9331e9 ]---
18:36:32 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x40000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:32 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x43000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:32 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:32 executing program 2:
pipe2(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x84880)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200440c4)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000140))
r2 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r2, 0x0, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000d40)=ANY=[@ANYBLOB="257e000000000000b7e800000003000000000000001100000000000000000400000000000001800000000000000000000000000000000000000000000000120000000000000000000000000000ef0e000001000000ffffffffffffff7f0100000000000000000000000000000000000000000000000830000000000000000000c0063777a42a01f5a0f6c22c00000000001a0b00000000004b3f5d3ad16fe73600000000000000000000000000000000000000000000000000000200"/201])
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/162, 0xa2, 0x0, 0x2e}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x0, 0x4}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x400}], 0xc2, 0x0, &(0x7f0000000440)="62cf774e62de2550b99be4d1fecda25a254a27be360ca9fed55841f02edf811f69717174c7c8f40a4ed332bac5c840fd1ad764dab2e974f6d6fe56682619fbd5d771951ad20e3c627c538161b7ab9a897293a660f7ee2c4489b3dfbd576606ca305047f429630f3aa0528b269d19dd745bd3a9f7dd45bab7d7a45175c9242030f34ffefefcc263a4f9c1ae9b6f4240bd6e140ac296f2a10090f720290510dfbb3e25596553e139c5a918e529dbc9c92ab82da604d9975ef7e8e4cf8a152399c23aa5"})
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800)
r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', <r6=>0x0, 0x4, 0xfd, 0x7, 0x2, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x700, 0x6, 0x1f}})
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xba}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000002)
tee(r4, r3, 0x7, 0x0)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8841}, 0x4004)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000006c0)={0x0, 0x0, @ioapic})
pipe2(&(0x7f00000001c0)={<r7=>0xffffffffffffffff}, 0xc4080)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000cc0)={[{0x1f, 0x9, 0x0, 0x7, 0x8, 0x1, 0xe2, 0x40, 0x2, 0x3f, 0x90, 0x9e, 0x100}, {0x2, 0x6c71, 0x2, 0x95, 0x80, 0x81, 0x1, 0x3, 0x67, 0x7, 0x0, 0x1f, 0x9}, {0x2, 0x6, 0x3f, 0x83, 0x80, 0x40, 0x9, 0x81, 0x8, 0x7b, 0x20, 0x8, 0xffffffffffffff01}], 0xccbc})
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x10000, 0x1, 0x10000, 0x2000, &(0x7f0000ffb000/0x2000)=nil})
pipe2(&(0x7f0000000100), 0x84880) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000640)={&(0x7f0000000600)={0x24, 0x0, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_VLANID={0x6}]}, 0x24}, 0x1, 0x0, 0x0, 0x80}, 0x200440c4) (async)
ioctl$KVM_GET_PIT(r0, 0xc048ae65, &(0x7f0000000140)) (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r2, 0x0, 0x0) (async)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000d40)=ANY=[@ANYBLOB="257e000000000000b7e800000003000000000000001100000000000000000400000000000001800000000000000000000000000000000000000000000000120000000000000000000000000000ef0e000001000000ffffffffffffff7f0100000000000000000000000000000000000000000000000830000000000000000000c0063777a42a01f5a0f6c22c00000000001a0b00000000004b3f5d3ad16fe73600000000000000000000000000000000000000000000000000000200"/201]) (async)
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000540)={0x4c, 0x0, &(0x7f00000003c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000300)={@ptr={0x70742a85, 0x1, &(0x7f0000000240)=""/162, 0xa2, 0x0, 0x2e}, @fd={0x66642a85, 0x0, r2}, @fda={0x66646185, 0x4, 0x0, 0x4}}, &(0x7f0000000380)={0x0, 0x28, 0x40}}, 0x400}], 0xc2, 0x0, &(0x7f0000000440)="62cf774e62de2550b99be4d1fecda25a254a27be360ca9fed55841f02edf811f69717174c7c8f40a4ed332bac5c840fd1ad764dab2e974f6d6fe56682619fbd5d771951ad20e3c627c538161b7ab9a897293a660f7ee2c4489b3dfbd576606ca305047f429630f3aa0528b269d19dd745bd3a9f7dd45bab7d7a45175c9242030f34ffefefcc263a4f9c1ae9b6f4240bd6e140ac296f2a10090f720290510dfbb3e25596553e139c5a918e529dbc9c92ab82da604d9975ef7e8e4cf8a152399c23aa5"}) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
accept4$inet(0xffffffffffffffff, &(0x7f0000000900)={0x2, 0x0, @remote}, &(0x7f0000000940)=0x10, 0x80800) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r5, 0x4008ae61, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r2, 0x89f1, &(0x7f0000000a40)={'syztnl0\x00', &(0x7f00000009c0)={'ip6_vti0\x00', 0x0, 0x4, 0xfd, 0x7, 0x2, 0x1, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @mcast1, 0x700, 0x700, 0x6, 0x1f}}) (async)
sendmsg$BATADV_CMD_GET_BLA_CLAIM(r5, &(0x7f0000000b40)={&(0x7f0000000980)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000b00)={&(0x7f0000000a80)={0x4c, 0x0, 0x800, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0xba}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x8}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}]}, 0x4c}, 0x1, 0x0, 0x0, 0x4000044}, 0x20000002) (async)
tee(r4, r3, 0x7, 0x0) (async)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0) (async)
sendmsg$NLBL_CALIPSO_C_LIST(0xffffffffffffffff, &(0x7f0000000c80)={&(0x7f0000000b80)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000c40)={&(0x7f0000000bc0)={0x5c, 0x0, 0x400, 0x70bd27, 0x25dfdbfc, {}, [@NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x3}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x1}, @NLBL_CALIPSO_A_MTYPE={0x8}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8841}, 0x4004) (async)
ioctl$KVM_GET_IRQCHIP(r3, 0xc208ae62, &(0x7f00000006c0)={0x0, 0x0, @ioapic}) (async)
pipe2(&(0x7f00000001c0), 0xc4080) (async)
ioctl$KVM_SET_PIT2(r1, 0x4070aea0, &(0x7f0000000cc0)={[{0x1f, 0x9, 0x0, 0x7, 0x8, 0x1, 0xe2, 0x40, 0x2, 0x3f, 0x90, 0x9e, 0x100}, {0x2, 0x6c71, 0x2, 0x95, 0x80, 0x81, 0x1, 0x3, 0x67, 0x7, 0x0, 0x1f, 0x9}, {0x2, 0x6, 0x3f, 0x83, 0x80, 0x40, 0x9, 0x81, 0x8, 0x7b, 0x20, 0x8, 0xffffffffffffff01}], 0xccbc}) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000200)={0x10000, 0x1, 0x10000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) (async)

[  402.008512][T29319] FAULT_INJECTION: forcing a failure.
[  402.008512][T29319] name failslab, interval 1, probability 0, space 0, times 0
[  402.023768][T29319] CPU: 0 PID: 29319 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  402.035394][T29319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  402.045435][T29319] Call Trace:
[  402.048756][T29319]  dump_stack+0x1d8/0x241
[  402.053092][T29319]  ? panic+0x73e/0x73e
[  402.057146][T29319]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  402.062945][T29319]  should_fail+0x709/0x870
[  402.067333][T29319]  ? setup_fault_attr+0x3d0/0x3d0
[  402.072331][T29319]  ? __kernfs_new_node+0xdb/0x6d0
[  402.077326][T29319]  should_failslab+0x5/0x20
[  402.081796][T29319]  kmem_cache_alloc+0x24/0x210
[  402.086541][T29319]  __kernfs_new_node+0xdb/0x6d0
[  402.091366][T29319]  ? mutex_lock+0xa6/0x110
[  402.095768][T29319]  ? kernfs_new_node+0x160/0x160
[  402.100684][T29319]  kernfs_new_node+0x95/0x160
[  402.105336][T29319]  kernfs_create_link+0x9c/0x1f0
[  402.110256][T29319]  sysfs_do_create_link_sd+0x85/0x100
[  402.115610][T29319]  device_add_class_symlinks+0x211/0x2a0
[  402.121245][T29319]  device_add+0x4e4/0xbc0
[  402.125550][T29319]  device_create_vargs+0x1b8/0x210
[  402.130634][T29319]  device_create+0xea/0x130
[  402.135120][T29319]  ? device_create_vargs+0x210/0x210
[  402.140396][T29319]  bdi_register_va+0x89/0x5e0
[  402.145133][T29319]  bdi_register+0xd1/0x120
[  402.149695][T29319]  ? __device_add_disk+0x539/0x1200
[  402.154871][T29319]  ? bdi_register_va+0x5e0/0x5e0
[  402.159780][T29319]  ? percpu_ref_resurrect+0x113/0x190
[  402.165229][T29319]  bdi_register_owner+0x56/0xf0
[  402.170056][T29319]  __device_add_disk+0x5b8/0x1200
[  402.175066][T29319]  ? device_add_disk+0x30/0x30
[  402.179804][T29319]  ? vsprintf+0x30/0x30
[  402.183938][T29319]  ? device_initialize+0x1c7/0x3d0
[  402.189017][T29319]  ? __alloc_disk_node+0x326/0x380
[  402.194096][T29319]  loop_add+0x554/0x710
[  402.198228][T29319]  loop_control_ioctl+0x564/0x740
[  402.203221][T29319]  ? loop_remove+0xa0/0xa0
[  402.207606][T29319]  ? __lru_cache_add+0x1bf/0x210
[  402.212524][T29319]  ? memset+0x1f/0x40
[  402.216493][T29319]  ? fsnotify+0x1332/0x13f0
[  402.220973][T29319]  ? loop_remove+0xa0/0xa0
[  402.225362][T29319]  do_vfs_ioctl+0x744/0x1730
[  402.229959][T29319]  ? selinux_file_ioctl+0x723/0x970
[  402.235131][T29319]  ? ioctl_preallocate+0x250/0x250
[  402.240227][T29319]  ? __fget+0x40c/0x4a0
[  402.244377][T29319]  ? fget_many+0x20/0x20
[  402.248603][T29319]  ? check_preemption_disabled+0x154/0x330
[  402.254667][T29319]  ? debug_smp_processor_id+0x20/0x20
[  402.262099][T29319]  ? security_file_ioctl+0x9d/0xb0
[  402.267223][T29319]  __x64_sys_ioctl+0xd4/0x110
[  402.271869][T29319]  do_syscall_64+0xcb/0x1c0
[  402.276359][T29319]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  402.283328][T29319] ------------[ cut here ]------------
[  402.288787][T29319] WARNING: CPU: 0 PID: 29319 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  402.297853][T29319] Modules linked in:
[  402.301719][T29319] CPU: 0 PID: 29319 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  402.313331][T29319] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  402.323365][T29319] RIP: 0010:__device_add_disk+0xe83/0x1200
[  402.329410][T29319] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  402.348990][T29319] RSP: 0018:ffff8881e6c07a00 EFLAGS: 00010246
[  402.355093][T29319] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  402.363044][T29319] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  402.370986][T29319] RBP: ffff8881e6c07b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  402.378932][T29319] R10: ffffffff84800000 R11: 1ffff1103cd80e00 R12: ffff8881e951d000
[  402.386883][T29319] R13: dffffc0000000000 R14: ffff8881e951d070 R15: 1ffff1103d2a3a9d
[  402.394835][T29319] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  402.403737][T29319] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  402.410294][T29319] CR2: 00007fd4da47adc0 CR3: 00000001cd884000 CR4: 00000000003406f0
[  402.418239][T29319] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  402.426202][T29319] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  402.434143][T29319] Call Trace:
[  402.437424][T29319]  ? device_add_disk+0x30/0x30
[  402.442161][T29319]  ? vsprintf+0x30/0x30
[  402.446287][T29319]  ? device_initialize+0x1c7/0x3d0
[  402.451365][T29319]  ? __alloc_disk_node+0x326/0x380
[  402.456448][T29319]  loop_add+0x554/0x710
[  402.460584][T29319]  loop_control_ioctl+0x564/0x740
[  402.465583][T29319]  ? loop_remove+0xa0/0xa0
[  402.469967][T29319]  ? __lru_cache_add+0x1bf/0x210
[  402.474870][T29319]  ? memset+0x1f/0x40
[  402.478827][T29319]  ? fsnotify+0x1332/0x13f0
[  402.483303][T29319]  ? loop_remove+0xa0/0xa0
[  402.487702][T29319]  do_vfs_ioctl+0x744/0x1730
[  402.492261][T29319]  ? selinux_file_ioctl+0x723/0x970
[  402.497456][T29319]  ? ioctl_preallocate+0x250/0x250
[  402.502548][T29319]  ? __fget+0x40c/0x4a0
[  402.506677][T29319]  ? fget_many+0x20/0x20
[  402.510887][T29319]  ? check_preemption_disabled+0x154/0x330
[  402.516663][T29319]  ? debug_smp_processor_id+0x20/0x20
[  402.522017][T29319]  ? security_file_ioctl+0x9d/0xb0
[  402.527097][T29319]  __x64_sys_ioctl+0xd4/0x110
[  402.531743][T29319]  do_syscall_64+0xcb/0x1c0
[  402.536215][T29319]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  402.542163][T29319] ---[ end trace 25474f664d9331ea ]---
18:36:33 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 53)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x48000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x8, 0x202400)
read$FUSE(r0, 0x0, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))

18:36:33 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:33 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:33 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x8, 0x202400)
read$FUSE(r0, 0x0, 0x0) (async)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x4c000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  402.574865][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  402.605284][T29384] FAULT_INJECTION: forcing a failure.
[  402.605284][T29384] name failslab, interval 1, probability 0, space 0, times 0
18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x68000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x8, 0x202400)
read$FUSE(r0, 0x0, 0x0) (async)
fcntl$getownex(r0, 0x10, &(0x7f0000000000))

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x6c000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x74000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  402.618592][T29384] CPU: 0 PID: 29384 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  402.630220][T29384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  402.640259][T29384] Call Trace:
[  402.643537][T29384]  dump_stack+0x1d8/0x241
[  402.647863][T29384]  ? panic+0x73e/0x73e
[  402.651928][T29384]  ? idr_get_free+0x6a3/0x840
[  402.656594][T29384]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  402.662388][T29384]  ? mutex_unlock+0x19/0x40
[  402.666877][T29384]  ? kernfs_xattr_get+0x81/0x90
[  402.671712][T29384]  should_fail+0x709/0x870
[  402.676117][T29384]  ? setup_fault_attr+0x3d0/0x3d0
[  402.681108][T29384]  ? idr_alloc+0x2f0/0x2f0
[  402.685518][T29384]  ? __kernfs_new_node+0x99/0x6d0
[  402.690515][T29384]  should_failslab+0x5/0x20
[  402.694986][T29384]  __kmalloc_track_caller+0x4f/0x280
[  402.700240][T29384]  kstrdup_const+0x51/0x90
[  402.704626][T29384]  __kernfs_new_node+0x99/0x6d0
[  402.709447][T29384]  ? mutex_lock+0xa6/0x110
[  402.713831][T29384]  ? kernfs_new_node+0x160/0x160
[  402.718740][T29384]  kernfs_new_node+0x95/0x160
[  402.723384][T29384]  kernfs_create_link+0x9c/0x1f0
[  402.728289][T29384]  sysfs_do_create_link_sd+0x85/0x100
[  402.733661][T29384]  device_add_class_symlinks+0x211/0x2a0
[  402.739269][T29384]  device_add+0x4e4/0xbc0
[  402.743574][T29384]  device_create_vargs+0x1b8/0x210
[  402.748657][T29384]  device_create+0xea/0x130
[  402.753134][T29384]  ? device_create_vargs+0x210/0x210
[  402.758392][T29384]  bdi_register_va+0x89/0x5e0
[  402.763037][T29384]  bdi_register+0xd1/0x120
[  402.767423][T29384]  ? __device_add_disk+0x539/0x1200
[  402.772587][T29384]  ? bdi_register_va+0x5e0/0x5e0
[  402.777493][T29384]  ? percpu_ref_resurrect+0x113/0x190
[  402.782835][T29384]  bdi_register_owner+0x56/0xf0
[  402.787657][T29384]  __device_add_disk+0x5b8/0x1200
[  402.792648][T29384]  ? device_add_disk+0x30/0x30
[  402.797378][T29384]  ? vsprintf+0x30/0x30
[  402.801500][T29384]  ? device_initialize+0x1c7/0x3d0
[  402.806579][T29384]  ? __alloc_disk_node+0x326/0x380
[  402.811657][T29384]  loop_add+0x554/0x710
[  402.815779][T29384]  loop_control_ioctl+0x564/0x740
[  402.820768][T29384]  ? loop_remove+0xa0/0xa0
[  402.825151][T29384]  ? __lru_cache_add+0x1bf/0x210
[  402.830060][T29384]  ? memset+0x1f/0x40
[  402.834016][T29384]  ? fsnotify+0x1332/0x13f0
[  402.838486][T29384]  ? loop_remove+0xa0/0xa0
[  402.842873][T29384]  do_vfs_ioctl+0x744/0x1730
[  402.847441][T29384]  ? selinux_file_ioctl+0x723/0x970
[  402.852609][T29384]  ? ioctl_preallocate+0x250/0x250
[  402.857688][T29384]  ? __fget+0x40c/0x4a0
[  402.861898][T29384]  ? fget_many+0x20/0x20
[  402.866115][T29384]  ? check_preemption_disabled+0x154/0x330
[  402.871896][T29384]  ? debug_smp_processor_id+0x20/0x20
[  402.877237][T29384]  ? security_file_ioctl+0x9d/0xb0
[  402.882315][T29384]  __x64_sys_ioctl+0xd4/0x110
[  402.886963][T29384]  do_syscall_64+0xcb/0x1c0
[  402.891443][T29384]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  402.898919][T29384] ------------[ cut here ]------------
[  402.904381][T29384] WARNING: CPU: 0 PID: 29384 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  402.913449][T29384] Modules linked in:
[  402.917323][T29384] CPU: 0 PID: 29384 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  402.928916][T29384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  402.938967][T29384] RIP: 0010:__device_add_disk+0xe83/0x1200
[  402.944741][T29384] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  402.964318][T29384] RSP: 0018:ffff8881e7387a00 EFLAGS: 00010246
[  402.970352][T29384] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  402.978293][T29384] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  402.986231][T29384] RBP: ffff8881e7387b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  402.994175][T29384] R10: ffffffff84800000 R11: 1ffff1103ce70e00 R12: ffff8881d2d1c000
[  403.002120][T29384] R13: dffffc0000000000 R14: ffff8881d2d1c070 R15: 1ffff1103a5a389d
[  403.010069][T29384] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  403.018968][T29384] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  403.025537][T29384] CR2: 00007f000dd58db4 CR3: 00000001edd38000 CR4: 00000000003406f0
[  403.033484][T29384] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  403.041438][T29384] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  403.049382][T29384] Call Trace:
[  403.052649][T29384]  ? device_add_disk+0x30/0x30
[  403.057391][T29384]  ? vsprintf+0x30/0x30
[  403.061522][T29384]  ? device_initialize+0x1c7/0x3d0
[  403.066637][T29384]  ? __alloc_disk_node+0x326/0x380
[  403.071724][T29384]  loop_add+0x554/0x710
[  403.075977][T29384]  loop_control_ioctl+0x564/0x740
[  403.080982][T29384]  ? loop_remove+0xa0/0xa0
[  403.085372][T29384]  ? __lru_cache_add+0x1bf/0x210
[  403.090325][T29384]  ? memset+0x1f/0x40
[  403.094279][T29384]  ? fsnotify+0x1332/0x13f0
[  403.098757][T29384]  ? loop_remove+0xa0/0xa0
[  403.103146][T29384]  do_vfs_ioctl+0x744/0x1730
[  403.107710][T29384]  ? selinux_file_ioctl+0x723/0x970
[  403.112974][T29384]  ? ioctl_preallocate+0x250/0x250
[  403.118082][T29384]  ? __fget+0x40c/0x4a0
[  403.122212][T29384]  ? fget_many+0x20/0x20
[  403.126422][T29384]  ? check_preemption_disabled+0x154/0x330
[  403.132197][T29384]  ? debug_smp_processor_id+0x20/0x20
[  403.137541][T29384]  ? security_file_ioctl+0x9d/0xb0
[  403.142622][T29384]  __x64_sys_ioctl+0xd4/0x110
[  403.147271][T29384]  do_syscall_64+0xcb/0x1c0
[  403.151745][T29384]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  403.157608][T29384] ---[ end trace 25474f664d9331eb ]---
18:36:33 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 54)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x1f5d, 0x2, 0x3, 0x1}, {0x9109, 0x43, 0x0, 0x7fffffff}, {0xffff, 0x4, 0x4}]})
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000180))
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0x0, 0x80000001, 0x10}, 0xc)
r6 = inotify_init()
tee(r5, r6, 0x5, 0x4)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="000129bd7000fedbdf25170000000c0003800800030000000000100004800900010073797a31000000001c000980080002000b00000008000100000000000800010009000000340004800c00078008000400f9ffffff2400078008000400090000000800020008000000080003000001000008000400000000004400098008000200780400000800010001fcffff080001000900000008000200090000000800010000020000080002000000000008000100010400000800020005000000840006803e00040067636d2861657329000000000000000000000000000000000000000000000000160000000e98b44087c8ed9ed1b13c485308951af85256c6de5400003d00040067636d286165732900000000000000000000000000000000000000000000000015000000625b48a9844b55f4399e8bcda27b86ddd82ddb1ed00000001c000980080002000300000008000100008000000800010002000000"], 0x164}, 0x1, 0x0, 0x0, 0x4000}, 0x40880)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x2})
r7 = syz_open_dev$vcsn(&(0x7f0000000080), 0xfffffffffffffff7, 0x1)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x20cc80, 0x0)
ioctl$PPPIOCATTCHAN(r7, 0x40047438, &(0x7f00000000c0))

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x7a000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:33 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:33 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4a, 0x4, {'gcm(aes)\x00', 0x22, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async, rerun: 32)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (rerun: 32)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async, rerun: 64)
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x1f5d, 0x2, 0x3, 0x1}, {0x9109, 0x43, 0x0, 0x7fffffff}, {0xffff, 0x4, 0x4}]}) (async, rerun: 64)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000180)) (async)
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async, rerun: 64)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) (async, rerun: 64)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0x0, 0x80000001, 0x10}, 0xc)
r6 = inotify_init()
tee(r5, r6, 0x5, 0x4) (async)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="000129bd7000fedbdf25170000000c0003800800030000000000100004800900010073797a31000000001c000980080002000b00000008000100000000000800010009000000340004800c00078008000400f9ffffff2400078008000400090000000800020008000000080003000001000008000400000000004400098008000200780400000800010001fcffff080001000900000008000200090000000800010000020000080002000000000008000100010400000800020005000000840006803e00040067636d2861657329000000000000000000000000000000000000000000000000160000000e98b44087c8ed9ed1b13c485308951af85256c6de5400003d00040067636d286165732900000000000000000000000000000000000000000000000015000000625b48a9844b55f4399e8bcda27b86ddd82ddb1ed00000001c000980080002000300000008000100008000000800010002000000"], 0x164}, 0x1, 0x0, 0x0, 0x4000}, 0x40880)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x2}) (async, rerun: 32)
r7 = syz_open_dev$vcsn(&(0x7f0000000080), 0xfffffffffffffff7, 0x1) (rerun: 32)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x20cc80, 0x0) (async, rerun: 32)
ioctl$PPPIOCATTCHAN(r7, 0x40047438, &(0x7f00000000c0)) (rerun: 32)

[  403.204615][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  403.236854][T29411] FAULT_INJECTION: forcing a failure.
[  403.236854][T29411] name failslab, interval 1, probability 0, space 0, times 0
18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xd0000000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xe0ffffff, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xffff0f00, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  403.250422][T29411] CPU: 0 PID: 29411 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  403.262040][T29411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  403.272079][T29411] Call Trace:
[  403.275368][T29411]  dump_stack+0x1d8/0x241
[  403.279690][T29411]  ? panic+0x73e/0x73e
[  403.283745][T29411]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  403.289551][T29411]  ? mutex_lock+0xa6/0x110
[  403.293953][T29411]  should_fail+0x709/0x870
[  403.298361][T29411]  ? kstrdup_const+0x51/0x90
18:36:33 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f0000000040)={0x3, &(0x7f0000000000)=[{0x1f5d, 0x2, 0x3, 0x1}, {0x9109, 0x43, 0x0, 0x7fffffff}, {0xffff, 0x4, 0x4}]}) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$TIOCGPGRP(r2, 0x540f, &(0x7f0000000180))
r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000200), 0xffffffffffffffff) (async)
r5 = bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000440)={0x0, 0x80000001, 0x10}, 0xc) (async)
r6 = inotify_init()
tee(r5, r6, 0x5, 0x4)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000400)={&(0x7f00000001c0), 0xc, &(0x7f00000003c0)={&(0x7f0000000240)=ANY=[@ANYBLOB, @ANYRES16=r4, @ANYBLOB="000129bd7000fedbdf25170000000c0003800800030000000000100004800900010073797a31000000001c000980080002000b00000008000100000000000800010009000000340004800c00078008000400f9ffffff2400078008000400090000000800020008000000080003000001000008000400000000004400098008000200780400000800010001fcffff080001000900000008000200090000000800010000020000080002000000000008000100010400000800020005000000840006803e00040067636d2861657329000000000000000000000000000000000000000000000000160000000e98b44087c8ed9ed1b13c485308951af85256c6de5400003d00040067636d286165732900000000000000000000000000000000000000000000000015000000625b48a9844b55f4399e8bcda27b86ddd82ddb1ed00000001c000980080002000300000008000100008000000800010002000000"], 0x164}, 0x1, 0x0, 0x0, 0x4000}, 0x40880)
ioctl$KVM_IRQ_LINE(r3, 0x4008ae61, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1, 0x2}) (async)
r7 = syz_open_dev$vcsn(&(0x7f0000000080), 0xfffffffffffffff7, 0x1)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000140), 0x20cc80, 0x0) (async)
ioctl$PPPIOCATTCHAN(r7, 0x40047438, &(0x7f00000000c0))

18:36:33 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xffff8000, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  403.302952][T29411]  ? setup_fault_attr+0x3d0/0x3d0
[  403.307960][T29411]  ? mutex_lock+0xa6/0x110
[  403.312361][T29411]  ? mutex_trylock+0xa0/0xa0
[  403.316946][T29411]  ? __kernfs_new_node+0xdb/0x6d0
[  403.321951][T29411]  should_failslab+0x5/0x20
[  403.326437][T29411]  kmem_cache_alloc+0x24/0x210
[  403.331190][T29411]  __kernfs_new_node+0xdb/0x6d0
[  403.336026][T29411]  ? idr_alloc_cyclic+0x36e/0x5e0
[  403.341032][T29411]  ? kernfs_new_node+0x160/0x160
[  403.345942][T29411]  ? selinux_path_notify+0x6c0/0x6c0
[  403.351194][T29411]  ? idr_alloc+0x2f0/0x2f0
[  403.355581][T29411]  ? _raw_spin_lock+0xa3/0x1b0
[  403.360325][T29411]  kernfs_new_node+0x95/0x160
[  403.364985][T29411]  __kernfs_create_file+0x45/0x260
[  403.370066][T29411]  sysfs_add_file_mode_ns+0x292/0x340
[  403.375406][T29411]  internal_create_group+0x55e/0xf50
[  403.380661][T29411]  ? mutex_unlock+0x19/0x40
[  403.385147][T29411]  ? sysfs_create_group+0x20/0x20
[  403.390137][T29411]  sysfs_create_groups+0x5d/0x130
[  403.395129][T29411]  device_add_attrs+0x87/0x370
[  403.399861][T29411]  device_add+0x505/0xbc0
[  403.404158][T29411]  device_create_vargs+0x1b8/0x210
[  403.409236][T29411]  device_create+0xea/0x130
[  403.413708][T29411]  ? device_create_vargs+0x210/0x210
[  403.418962][T29411]  bdi_register_va+0x89/0x5e0
[  403.423605][T29411]  bdi_register+0xd1/0x120
[  403.427989][T29411]  ? __device_add_disk+0x539/0x1200
[  403.433166][T29411]  ? bdi_register_va+0x5e0/0x5e0
[  403.438073][T29411]  ? percpu_ref_resurrect+0x113/0x190
[  403.443419][T29411]  bdi_register_owner+0x56/0xf0
[  403.448248][T29411]  __device_add_disk+0x5b8/0x1200
[  403.453254][T29411]  ? device_add_disk+0x30/0x30
[  403.457984][T29411]  ? vsprintf+0x30/0x30
[  403.462106][T29411]  ? device_initialize+0x1c7/0x3d0
[  403.467184][T29411]  ? __alloc_disk_node+0x326/0x380
[  403.472262][T29411]  loop_add+0x554/0x710
[  403.476387][T29411]  loop_control_ioctl+0x564/0x740
[  403.481376][T29411]  ? loop_remove+0xa0/0xa0
[  403.485766][T29411]  ? __lru_cache_add+0x1bf/0x210
[  403.490670][T29411]  ? memset+0x1f/0x40
[  403.494623][T29411]  ? fsnotify+0x1332/0x13f0
[  403.499098][T29411]  ? loop_remove+0xa0/0xa0
[  403.503487][T29411]  do_vfs_ioctl+0x744/0x1730
[  403.508048][T29411]  ? selinux_file_ioctl+0x723/0x970
[  403.513215][T29411]  ? ioctl_preallocate+0x250/0x250
[  403.518298][T29411]  ? __fget+0x40c/0x4a0
[  403.522423][T29411]  ? fget_many+0x20/0x20
[  403.526650][T29411]  ? check_preemption_disabled+0x154/0x330
[  403.532512][T29411]  ? debug_smp_processor_id+0x20/0x20
[  403.537853][T29411]  ? security_file_ioctl+0x9d/0xb0
[  403.542935][T29411]  __x64_sys_ioctl+0xd4/0x110
[  403.547598][T29411]  do_syscall_64+0xcb/0x1c0
[  403.552079][T29411]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  403.560166][T29411] ------------[ cut here ]------------
[  403.565628][T29411] WARNING: CPU: 0 PID: 29411 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  403.574697][T29411] Modules linked in:
[  403.578573][T29411] CPU: 0 PID: 29411 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  403.590156][T29411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  403.600197][T29411] RIP: 0010:__device_add_disk+0xe83/0x1200
[  403.605974][T29411] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  403.625811][T29411] RSP: 0018:ffff8881cb31fa00 EFLAGS: 00010246
[  403.631860][T29411] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  403.639802][T29411] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  403.647742][T29411] RBP: ffff8881cb31fb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  403.655951][T29411] R10: ffffffff84800000 R11: 1ffff11039663e00 R12: ffff8881cf504000
[  403.663888][T29411] R13: dffffc0000000000 R14: ffff8881cf504070 R15: 1ffff11039ea089d
[  403.671836][T29411] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  403.680733][T29411] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  403.687314][T29411] CR2: 00007f87bcb17718 CR3: 00000001e9d6a000 CR4: 00000000003406f0
[  403.695256][T29411] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  403.703313][T29411] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  403.711254][T29411] Call Trace:
[  403.714530][T29411]  ? device_add_disk+0x30/0x30
[  403.719260][T29411]  ? vsprintf+0x30/0x30
[  403.723384][T29411]  ? device_initialize+0x1c7/0x3d0
[  403.728481][T29411]  ? __alloc_disk_node+0x326/0x380
[  403.733568][T29411]  loop_add+0x554/0x710
[  403.737705][T29411]  loop_control_ioctl+0x564/0x740
[  403.742700][T29411]  ? loop_remove+0xa0/0xa0
[  403.747091][T29411]  ? __lru_cache_add+0x1bf/0x210
[  403.752000][T29411]  ? memset+0x1f/0x40
[  403.755949][T29411]  ? fsnotify+0x1332/0x13f0
[  403.760420][T29411]  ? loop_remove+0xa0/0xa0
[  403.764803][T29411]  do_vfs_ioctl+0x744/0x1730
[  403.769365][T29411]  ? selinux_file_ioctl+0x723/0x970
[  403.774530][T29411]  ? ioctl_preallocate+0x250/0x250
[  403.779607][T29411]  ? __fget+0x40c/0x4a0
[  403.783735][T29411]  ? fget_many+0x20/0x20
[  403.787945][T29411]  ? check_preemption_disabled+0x154/0x330
[  403.793716][T29411]  ? debug_smp_processor_id+0x20/0x20
[  403.799054][T29411]  ? security_file_ioctl+0x9d/0xb0
[  403.804133][T29411]  __x64_sys_ioctl+0xd4/0x110
[  403.808775][T29411]  do_syscall_64+0xcb/0x1c0
[  403.813252][T29411]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  403.819116][T29411] ---[ end trace 25474f664d9331ec ]---
18:36:34 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 55)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:34 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x2102)
write$ppp(r0, &(0x7f0000000000)="67d37d7a503665bcb3a7c24387ecc7d5a9157698a7", 0x15)
read$FUSE(r0, 0x0, 0x0)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)={0x2d8, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x63d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5477}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x94, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x5c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffe0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0xbc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4cc9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xeb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5bd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3a}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff7e4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8c}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}]}, 0x2d8}}, 0x20044808)

18:36:34 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:34 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e07"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:34 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:34 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xffffffe0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:34 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e07"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:34 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0xffffffff, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:34 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x2102)
write$ppp(r0, &(0x7f0000000000)="67d37d7a503665bcb3a7c24387ecc7d5a9157698a7", 0x15)
read$FUSE(r0, 0x0, 0x0) (async)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)={0x2d8, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x63d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5477}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x94, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x5c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffe0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0xbc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4cc9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xeb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5bd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3a}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff7e4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8c}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}]}, 0x2d8}}, 0x20044808)

[  403.854976][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  403.886817][T29449] FAULT_INJECTION: forcing a failure.
[  403.886817][T29449] name failslab, interval 1, probability 0, space 0, times 0
18:36:34 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:34 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x2102)
write$ppp(r0, &(0x7f0000000000)="67d37d7a503665bcb3a7c24387ecc7d5a9157698a7", 0x15)
read$FUSE(r0, 0x0, 0x0)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)={0x2d8, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x63d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5477}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x94, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x5c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffe0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0xbc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4cc9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xeb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5bd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3a}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff7e4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8c}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}]}, 0x2d8}}, 0x20044808)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x2102) (async)
write$ppp(r0, &(0x7f0000000000)="67d37d7a503665bcb3a7c24387ecc7d5a9157698a7", 0x15) (async)
read$FUSE(r0, 0x0, 0x0) (async)
sendmsg$TIPC_NL_MON_PEER_GET(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000380)={&(0x7f0000000600)={0x2d8, 0x0, 0x800, 0x70bd29, 0x25dfdbfc, {}, [@TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x63d}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x5}, @TIPC_NLA_PUBL_LOWER={0x8}]}, @TIPC_NLA_LINK={0x54, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5477}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x80}]}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_SOCK={0x94, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x3f}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x9}, @TIPC_NLA_SOCK_CON={0x5c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3ff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffffffe0}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x7fff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x3}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfff}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8000}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8000}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}]}, @TIPC_NLA_LINK={0xbc, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffff8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4cc9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xeb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x401}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x40}]}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x10}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x5bd}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3a}]}]}, @TIPC_NLA_MON={0x3c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff7e4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x8}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7}]}, @TIPC_NLA_SOCK={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8c}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}]}, 0x2d8}}, 0x20044808) (async)

18:36:34 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xe, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  403.902493][T29449] CPU: 1 PID: 29449 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  403.914116][T29449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  403.924152][T29449] Call Trace:
[  403.927434][T29449]  dump_stack+0x1d8/0x241
[  403.931759][T29449]  ? panic+0x73e/0x73e
[  403.935812][T29449]  ? mutex_unlock+0x19/0x40
[  403.940397][T29449]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  403.946191][T29449]  ? selinux_kernfs_init_security+0x155/0x760
[  403.952242][T29449]  ? idr_alloc_cyclic+0x36e/0x5e0
[  403.957261][T29449]  should_fail+0x709/0x870
[  403.961655][T29449]  ? setup_fault_attr+0x3d0/0x3d0
[  403.966646][T29449]  ? _raw_spin_lock+0xa3/0x1b0
[  403.971403][T29449]  ? __kernfs_new_node+0xdb/0x6d0
[  403.976393][T29449]  should_failslab+0x5/0x20
[  403.980863][T29449]  kmem_cache_alloc+0x24/0x210
[  403.985598][T29449]  __kernfs_new_node+0xdb/0x6d0
[  403.990436][T29449]  ? mutex_lock+0xa6/0x110
[  403.994823][T29449]  ? kernfs_new_node+0x160/0x160
[  403.999736][T29449]  kernfs_new_node+0x95/0x160
[  404.004389][T29449]  __kernfs_create_file+0x45/0x260
[  404.009489][T29449]  sysfs_add_file_mode_ns+0x292/0x340
[  404.014833][T29449]  internal_create_group+0x55e/0xf50
[  404.020095][T29449]  ? mutex_unlock+0x19/0x40
[  404.024571][T29449]  ? sysfs_create_group+0x20/0x20
[  404.029562][T29449]  sysfs_create_groups+0x5d/0x130
[  404.034557][T29449]  device_add_attrs+0x87/0x370
[  404.039286][T29449]  device_add+0x505/0xbc0
[  404.043584][T29449]  device_create_vargs+0x1b8/0x210
[  404.048664][T29449]  device_create+0xea/0x130
[  404.053142][T29449]  ? device_create_vargs+0x210/0x210
[  404.058396][T29449]  bdi_register_va+0x89/0x5e0
[  404.063047][T29449]  bdi_register+0xd1/0x120
[  404.067436][T29449]  ? __device_add_disk+0x539/0x1200
[  404.072690][T29449]  ? bdi_register_va+0x5e0/0x5e0
[  404.077615][T29449]  ? percpu_ref_resurrect+0x113/0x190
[  404.083145][T29449]  bdi_register_owner+0x56/0xf0
[  404.087966][T29449]  __device_add_disk+0x5b8/0x1200
[  404.092959][T29449]  ? device_add_disk+0x30/0x30
[  404.097696][T29449]  ? vsprintf+0x30/0x30
[  404.101834][T29449]  ? device_initialize+0x1c7/0x3d0
[  404.106923][T29449]  ? __alloc_disk_node+0x326/0x380
[  404.112006][T29449]  loop_add+0x554/0x710
[  404.116148][T29449]  loop_control_ioctl+0x564/0x740
[  404.121146][T29449]  ? loop_remove+0xa0/0xa0
[  404.125532][T29449]  ? __lru_cache_add+0x1bf/0x210
[  404.130438][T29449]  ? memset+0x1f/0x40
[  404.134404][T29449]  ? fsnotify+0x1332/0x13f0
[  404.138883][T29449]  ? loop_remove+0xa0/0xa0
[  404.143280][T29449]  do_vfs_ioctl+0x744/0x1730
[  404.147847][T29449]  ? selinux_file_ioctl+0x723/0x970
[  404.153015][T29449]  ? ioctl_preallocate+0x250/0x250
[  404.158092][T29449]  ? __fget+0x40c/0x4a0
[  404.162266][T29449]  ? fget_many+0x20/0x20
[  404.166482][T29449]  ? check_preemption_disabled+0x154/0x330
[  404.172258][T29449]  ? debug_smp_processor_id+0x20/0x20
[  404.177606][T29449]  ? security_file_ioctl+0x9d/0xb0
[  404.182687][T29449]  __x64_sys_ioctl+0xd4/0x110
[  404.187335][T29449]  do_syscall_64+0xcb/0x1c0
[  404.191813][T29449]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  404.200602][T29449] ------------[ cut here ]------------
[  404.206080][T29449] WARNING: CPU: 1 PID: 29449 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  404.215157][T29449] Modules linked in:
[  404.219026][T29449] CPU: 1 PID: 29449 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  404.230616][T29449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  404.240665][T29449] RIP: 0010:__device_add_disk+0xe83/0x1200
[  404.246509][T29449] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  404.266105][T29449] RSP: 0018:ffff8881df147a00 EFLAGS: 00010246
[  404.272143][T29449] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  404.280090][T29449] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  404.288075][T29449] RBP: ffff8881df147b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  404.296220][T29449] R10: ffffffff84800000 R11: 1ffff1103be28e00 R12: ffff8881ed047000
[  404.304166][T29449] R13: dffffc0000000000 R14: ffff8881ed047070 R15: 1ffff1103da08e9d
[  404.312110][T29449] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  404.321009][T29449] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  404.327589][T29449] CR2: 00007ff61b829718 CR3: 00000001f0ab2000 CR4: 00000000003406e0
[  404.335534][T29449] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  404.343495][T29449] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  404.351437][T29449] Call Trace:
[  404.354724][T29449]  ? device_add_disk+0x30/0x30
[  404.359481][T29449]  ? vsprintf+0x30/0x30
[  404.363628][T29449]  ? device_initialize+0x1c7/0x3d0
[  404.368733][T29449]  ? __alloc_disk_node+0x326/0x380
[  404.373819][T29449]  loop_add+0x554/0x710
[  404.377949][T29449]  loop_control_ioctl+0x564/0x740
[  404.382951][T29449]  ? loop_remove+0xa0/0xa0
[  404.387773][T29449]  ? __lru_cache_add+0x1bf/0x210
[  404.392695][T29449]  ? memset+0x1f/0x40
[  404.396647][T29449]  ? fsnotify+0x1332/0x13f0
[  404.401116][T29449]  ? loop_remove+0xa0/0xa0
[  404.405504][T29449]  do_vfs_ioctl+0x744/0x1730
[  404.410072][T29449]  ? selinux_file_ioctl+0x723/0x970
[  404.415242][T29449]  ? ioctl_preallocate+0x250/0x250
[  404.420339][T29449]  ? __fget+0x40c/0x4a0
[  404.424469][T29449]  ? fget_many+0x20/0x20
[  404.428687][T29449]  ? check_preemption_disabled+0x154/0x330
[  404.434479][T29449]  ? debug_smp_processor_id+0x20/0x20
[  404.439827][T29449]  ? security_file_ioctl+0x9d/0xb0
[  404.444912][T29449]  __x64_sys_ioctl+0xd4/0x110
[  404.449563][T29449]  do_syscall_64+0xcb/0x1c0
18:36:35 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 56)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x64, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0xffffffffffffff31)

18:36:35 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:35 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4b, 0x4, {'gcm(aes)\x00', 0x23, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e07"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:35 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x87, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  404.454041][T29449]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  404.460077][T29449] ---[ end trace 25474f664d9331ed ]---
[  404.493841][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0xffffffffffffff31)

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xa0, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:35 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:35 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0xffffffffffffff31)

[  404.528945][T29482] FAULT_INJECTION: forcing a failure.
[  404.528945][T29482] name failslab, interval 1, probability 0, space 0, times 0
[  404.545232][T29482] CPU: 1 PID: 29482 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  404.556869][T29482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  404.566910][T29482] Call Trace:
[  404.570197][T29482]  dump_stack+0x1d8/0x241
[  404.574622][T29482]  ? panic+0x73e/0x73e
[  404.578678][T29482]  ? mutex_unlock+0x19/0x40
[  404.583178][T29482]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  404.588968][T29482]  ? selinux_kernfs_init_security+0x155/0x760
[  404.595015][T29482]  ? idr_alloc_cyclic+0x36e/0x5e0
[  404.600044][T29482]  should_fail+0x709/0x870
[  404.604438][T29482]  ? setup_fault_attr+0x3d0/0x3d0
[  404.609431][T29482]  ? _raw_spin_lock+0xa3/0x1b0
[  404.614172][T29482]  ? __kernfs_new_node+0xdb/0x6d0
[  404.619176][T29482]  should_failslab+0x5/0x20
[  404.623660][T29482]  kmem_cache_alloc+0x24/0x210
[  404.628397][T29482]  __kernfs_new_node+0xdb/0x6d0
[  404.633226][T29482]  ? mutex_lock+0xa6/0x110
[  404.637620][T29482]  ? kernfs_new_node+0x160/0x160
[  404.642531][T29482]  kernfs_new_node+0x95/0x160
[  404.647289][T29482]  __kernfs_create_file+0x45/0x260
[  404.652398][T29482]  sysfs_add_file_mode_ns+0x292/0x340
[  404.657746][T29482]  internal_create_group+0x55e/0xf50
[  404.663029][T29482]  ? mutex_unlock+0x19/0x40
[  404.667516][T29482]  ? sysfs_create_group+0x20/0x20
[  404.672525][T29482]  sysfs_create_groups+0x5d/0x130
[  404.677538][T29482]  device_add_attrs+0x87/0x370
[  404.682270][T29482]  device_add+0x505/0xbc0
[  404.686572][T29482]  device_create_vargs+0x1b8/0x210
[  404.691660][T29482]  device_create+0xea/0x130
[  404.696145][T29482]  ? device_create_vargs+0x210/0x210
[  404.701401][T29482]  bdi_register_va+0x89/0x5e0
[  404.706057][T29482]  bdi_register+0xd1/0x120
[  404.710478][T29482]  ? __device_add_disk+0x539/0x1200
[  404.715649][T29482]  ? bdi_register_va+0x5e0/0x5e0
[  404.720575][T29482]  ? percpu_ref_resurrect+0x113/0x190
[  404.725921][T29482]  bdi_register_owner+0x56/0xf0
[  404.730742][T29482]  __device_add_disk+0x5b8/0x1200
[  404.735759][T29482]  ? device_add_disk+0x30/0x30
[  404.740495][T29482]  ? vsprintf+0x30/0x30
[  404.744639][T29482]  ? device_initialize+0x1c7/0x3d0
[  404.749719][T29482]  ? __alloc_disk_node+0x326/0x380
[  404.754798][T29482]  loop_add+0x554/0x710
[  404.758922][T29482]  loop_control_ioctl+0x564/0x740
[  404.763914][T29482]  ? loop_remove+0xa0/0xa0
[  404.768302][T29482]  ? __lru_cache_add+0x1bf/0x210
[  404.773237][T29482]  ? memset+0x1f/0x40
[  404.777198][T29482]  ? fsnotify+0x1332/0x13f0
[  404.781673][T29482]  ? loop_remove+0xa0/0xa0
[  404.786066][T29482]  do_vfs_ioctl+0x744/0x1730
[  404.790635][T29482]  ? selinux_file_ioctl+0x723/0x970
[  404.795805][T29482]  ? ioctl_preallocate+0x250/0x250
[  404.800890][T29482]  ? __fget+0x40c/0x4a0
[  404.805027][T29482]  ? fget_many+0x20/0x20
[  404.809268][T29482]  ? check_preemption_disabled+0x154/0x330
[  404.815229][T29482]  ? debug_smp_processor_id+0x20/0x20
[  404.820663][T29482]  ? security_file_ioctl+0x9d/0xb0
[  404.825769][T29482]  __x64_sys_ioctl+0xd4/0x110
[  404.830425][T29482]  do_syscall_64+0xcb/0x1c0
[  404.834923][T29482]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  404.842140][T29482] ------------[ cut here ]------------
[  404.847597][T29482] WARNING: CPU: 1 PID: 29482 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  404.856662][T29482] Modules linked in:
[  404.860529][T29482] CPU: 1 PID: 29482 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  404.872115][T29482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  404.882149][T29482] RIP: 0010:__device_add_disk+0xe83/0x1200
[  404.887922][T29482] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  404.907493][T29482] RSP: 0018:ffff8881e27efa00 EFLAGS: 00010246
[  404.913526][T29482] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  404.921464][T29482] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  404.929408][T29482] RBP: ffff8881e27efb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  404.937349][T29482] R10: ffffffff84800000 R11: 1ffff1103c4fde00 R12: ffff8881eec3e000
[  404.945287][T29482] R13: dffffc0000000000 R14: ffff8881eec3e070 R15: 1ffff1103dd87c9d
[  404.953227][T29482] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  404.962128][T29482] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  404.968682][T29482] CR2: 00007ffe71821fc8 CR3: 00000001e6ddf000 CR4: 00000000003406e0
[  404.976646][T29482] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  404.984597][T29482] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  404.992542][T29482] Call Trace:
[  404.995824][T29482]  ? device_add_disk+0x30/0x30
[  405.000557][T29482]  ? vsprintf+0x30/0x30
[  405.004681][T29482]  ? device_initialize+0x1c7/0x3d0
[  405.009760][T29482]  ? __alloc_disk_node+0x326/0x380
[  405.014836][T29482]  loop_add+0x554/0x710
[  405.018959][T29482]  loop_control_ioctl+0x564/0x740
[  405.023953][T29482]  ? loop_remove+0xa0/0xa0
[  405.028348][T29482]  ? __lru_cache_add+0x1bf/0x210
[  405.033251][T29482]  ? memset+0x1f/0x40
[  405.037205][T29482]  ? fsnotify+0x1332/0x13f0
[  405.041673][T29482]  ? loop_remove+0xa0/0xa0
[  405.046057][T29482]  do_vfs_ioctl+0x744/0x1730
[  405.050617][T29482]  ? selinux_file_ioctl+0x723/0x970
[  405.055783][T29482]  ? ioctl_preallocate+0x250/0x250
[  405.060861][T29482]  ? __fget+0x40c/0x4a0
[  405.064984][T29482]  ? fget_many+0x20/0x20
[  405.069212][T29482]  ? check_preemption_disabled+0x154/0x330
[  405.074995][T29482]  ? debug_smp_processor_id+0x20/0x20
[  405.080341][T29482]  ? security_file_ioctl+0x9d/0xb0
[  405.085438][T29482]  __x64_sys_ioctl+0xd4/0x110
[  405.090091][T29482]  do_syscall_64+0xcb/0x1c0
[  405.094573][T29482]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  405.100438][T29482] ---[ end trace 25474f664d9331ee ]---
18:36:35 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 57)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x7fffff7f, 0x260001)
read$FUSE(r0, 0x0, 0x0)
sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x17, 0x2, 0x5, 0x39, 0x0, 0x70bd2b, 0x25dfdbfe, [@sadb_lifetime={0x4, 0x4, 0x6, 0xdf, 0x3134, 0xb1}, @sadb_address={0x5, 0x7, 0x32, 0x20, 0x0, @in6={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x68d93ee3}}, @sadb_x_sec_ctx={0x1e, 0x18, 0x1, 0x80, 0xe4, "2ccf99404a01cd6c3e6636be88b57cac70dee6a824bbeb5d84d87a55b5cc700bf235d2dfa13bb4a9d184aae4747506d56b3bd7999be23f2c52f673df20ba340b5aec25e15252b5d66c87cb8204e587ef4a7846fafe0ff7849981be1af15adfeef0f5b2d7081361e716fd4fb9e1337fc610db76965b50c6915766b792f57eb2a8e002e612e872c52cf9845140dcff19d6592e45c2f34bab4d34f96e2f1579e4130f213cff048456e60f266b9279c5b3ab3c49d26c82378621dda4e094de371709daf040e03a84716707b58fc085f65b11e040db0c3bd036fcfe4f44da264ecd5ae14b3755"}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x100, @remote, 0xffffffff}, @in6={0xa, 0x4e22, 0x7, @local, 0x40}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0xff, 0xfb, 0x2, 0x20000001}, @sadb_x_sa2={0x2, 0x13, 0x9, 0x0, 0x0, 0x70bd25, 0x3500}, @sadb_lifetime={0x4, 0x3, 0x1, 0x424, 0x7, 0x9}]}, 0x1c8}}, 0x20004080)
r1 = gettid()
syz_open_procfs$namespace(r1, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/time_for_children\x00')
pipe2(&(0x7f00000000c0), 0x0)
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r0, 0x4068aea3, &(0x7f0000000000)={0x9f, 0x0, 0x1})

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xac, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:35 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:35 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:35 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x3fe, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  405.154693][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  405.182314][T29504] FAULT_INJECTION: forcing a failure.
[  405.182314][T29504] name failslab, interval 1, probability 0, space 0, times 0
18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x7fffff7f, 0x260001)
read$FUSE(r0, 0x0, 0x0)
sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x17, 0x2, 0x5, 0x39, 0x0, 0x70bd2b, 0x25dfdbfe, [@sadb_lifetime={0x4, 0x4, 0x6, 0xdf, 0x3134, 0xb1}, @sadb_address={0x5, 0x7, 0x32, 0x20, 0x0, @in6={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x68d93ee3}}, @sadb_x_sec_ctx={0x1e, 0x18, 0x1, 0x80, 0xe4, "2ccf99404a01cd6c3e6636be88b57cac70dee6a824bbeb5d84d87a55b5cc700bf235d2dfa13bb4a9d184aae4747506d56b3bd7999be23f2c52f673df20ba340b5aec25e15252b5d66c87cb8204e587ef4a7846fafe0ff7849981be1af15adfeef0f5b2d7081361e716fd4fb9e1337fc610db76965b50c6915766b792f57eb2a8e002e612e872c52cf9845140dcff19d6592e45c2f34bab4d34f96e2f1579e4130f213cff048456e60f266b9279c5b3ab3c49d26c82378621dda4e094de371709daf040e03a84716707b58fc085f65b11e040db0c3bd036fcfe4f44da264ecd5ae14b3755"}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x100, @remote, 0xffffffff}, @in6={0xa, 0x4e22, 0x7, @local, 0x40}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0xff, 0xfb, 0x2, 0x20000001}, @sadb_x_sa2={0x2, 0x13, 0x9, 0x0, 0x0, 0x70bd25, 0x3500}, @sadb_lifetime={0x4, 0x3, 0x1, 0x424, 0x7, 0x9}]}, 0x1c8}}, 0x20004080)
r1 = gettid()
syz_open_procfs$namespace(r1, 0x0)
syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/time_for_children\x00')
pipe2(&(0x7f00000000c0), 0x0)
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r0, 0x4068aea3, &(0x7f0000000000)={0x9f, 0x0, 0x1})
syz_open_dev$vcsn(&(0x7f00000005c0), 0x7fffff7f, 0x260001) (async)
read$FUSE(r0, 0x0, 0x0) (async)
sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x17, 0x2, 0x5, 0x39, 0x0, 0x70bd2b, 0x25dfdbfe, [@sadb_lifetime={0x4, 0x4, 0x6, 0xdf, 0x3134, 0xb1}, @sadb_address={0x5, 0x7, 0x32, 0x20, 0x0, @in6={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x68d93ee3}}, @sadb_x_sec_ctx={0x1e, 0x18, 0x1, 0x80, 0xe4, "2ccf99404a01cd6c3e6636be88b57cac70dee6a824bbeb5d84d87a55b5cc700bf235d2dfa13bb4a9d184aae4747506d56b3bd7999be23f2c52f673df20ba340b5aec25e15252b5d66c87cb8204e587ef4a7846fafe0ff7849981be1af15adfeef0f5b2d7081361e716fd4fb9e1337fc610db76965b50c6915766b792f57eb2a8e002e612e872c52cf9845140dcff19d6592e45c2f34bab4d34f96e2f1579e4130f213cff048456e60f266b9279c5b3ab3c49d26c82378621dda4e094de371709daf040e03a84716707b58fc085f65b11e040db0c3bd036fcfe4f44da264ecd5ae14b3755"}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x100, @remote, 0xffffffff}, @in6={0xa, 0x4e22, 0x7, @local, 0x40}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0xff, 0xfb, 0x2, 0x20000001}, @sadb_x_sa2={0x2, 0x13, 0x9, 0x0, 0x0, 0x70bd25, 0x3500}, @sadb_lifetime={0x4, 0x3, 0x1, 0x424, 0x7, 0x9}]}, 0x1c8}}, 0x20004080) (async)
gettid() (async)
syz_open_procfs$namespace(r1, 0x0) (async)
syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/time_for_children\x00') (async)
pipe2(&(0x7f00000000c0), 0x0) (async)
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r0, 0x4068aea3, &(0x7f0000000000)={0x9f, 0x0, 0x1}) (async)

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x5f5e0ff, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x2000029a, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:35 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x7fffff7f, 0x260001)
read$FUSE(r0, 0x0, 0x0) (async)
sendmsg$key(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000100)={0x2, 0x17, 0x2, 0x5, 0x39, 0x0, 0x70bd2b, 0x25dfdbfe, [@sadb_lifetime={0x4, 0x4, 0x6, 0xdf, 0x3134, 0xb1}, @sadb_address={0x5, 0x7, 0x32, 0x20, 0x0, @in6={0xa, 0x4e21, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x68d93ee3}}, @sadb_x_sec_ctx={0x1e, 0x18, 0x1, 0x80, 0xe4, "2ccf99404a01cd6c3e6636be88b57cac70dee6a824bbeb5d84d87a55b5cc700bf235d2dfa13bb4a9d184aae4747506d56b3bd7999be23f2c52f673df20ba340b5aec25e15252b5d66c87cb8204e587ef4a7846fafe0ff7849981be1af15adfeef0f5b2d7081361e716fd4fb9e1337fc610db76965b50c6915766b792f57eb2a8e002e612e872c52cf9845140dcff19d6592e45c2f34bab4d34f96e2f1579e4130f213cff048456e60f266b9279c5b3ab3c49d26c82378621dda4e094de371709daf040e03a84716707b58fc085f65b11e040db0c3bd036fcfe4f44da264ecd5ae14b3755"}, @sadb_x_kmaddress={0x8, 0x19, 0x0, @in6={0xa, 0x4e22, 0x100, @remote, 0xffffffff}, @in6={0xa, 0x4e22, 0x7, @local, 0x40}}, @sadb_sa={0x2, 0x1, 0x4d4, 0x0, 0xff, 0xfb, 0x2, 0x20000001}, @sadb_x_sa2={0x2, 0x13, 0x9, 0x0, 0x0, 0x70bd25, 0x3500}, @sadb_lifetime={0x4, 0x3, 0x1, 0x424, 0x7, 0x9}]}, 0x1c8}}, 0x20004080) (async)
r1 = gettid()
syz_open_procfs$namespace(r1, 0x0) (async)
syz_open_procfs$namespace(r1, &(0x7f0000000080)='ns/time_for_children\x00') (async)
pipe2(&(0x7f00000000c0), 0x0) (async)
ioctl$KVM_CAP_MSR_PLATFORM_INFO(r0, 0x4068aea3, &(0x7f0000000000)={0x9f, 0x0, 0x1})

18:36:35 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x200002a5, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  405.194973][T29504] CPU: 0 PID: 29504 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  405.206574][T29504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  405.216789][T29504] Call Trace:
[  405.220070][T29504]  dump_stack+0x1d8/0x241
[  405.224387][T29504]  ? panic+0x73e/0x73e
[  405.228444][T29504]  ? arch_stack_walk+0x114/0x140
[  405.233372][T29504]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  405.239166][T29504]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  405.245220][T29504]  should_fail+0x709/0x870
[  405.249624][T29504]  ? setup_fault_attr+0x3d0/0x3d0
[  405.254640][T29504]  ? radix_tree_node_alloc+0x18c/0x370
[  405.260084][T29504]  should_failslab+0x5/0x20
[  405.264557][T29504]  kmem_cache_alloc+0x24/0x210
[  405.269293][T29504]  radix_tree_node_alloc+0x18c/0x370
[  405.274549][T29504]  ? __kernfs_create_file+0x45/0x260
[  405.279801][T29504]  ? sysfs_add_file_mode_ns+0x292/0x340
[  405.285314][T29504]  ? internal_create_group+0x55e/0xf50
[  405.290757][T29504]  ? sysfs_create_groups+0x5d/0x130
[  405.295930][T29504]  idr_get_free+0x299/0x840
[  405.300406][T29504]  idr_alloc_cyclic+0x1f3/0x5e0
[  405.305223][T29504]  ? idr_alloc+0x2f0/0x2f0
[  405.309605][T29504]  ? _raw_spin_lock+0xa3/0x1b0
[  405.314343][T29504]  ? __kernfs_new_node+0xdb/0x6d0
[  405.319346][T29504]  __kernfs_new_node+0x122/0x6d0
[  405.324252][T29504]  ? kernfs_new_node+0x160/0x160
[  405.329189][T29504]  kernfs_new_node+0x95/0x160
[  405.333843][T29504]  __kernfs_create_file+0x45/0x260
[  405.338934][T29504]  sysfs_add_file_mode_ns+0x292/0x340
[  405.344280][T29504]  internal_create_group+0x55e/0xf50
[  405.349534][T29504]  ? mutex_unlock+0x19/0x40
[  405.354004][T29504]  ? sysfs_create_group+0x20/0x20
[  405.359009][T29504]  sysfs_create_groups+0x5d/0x130
[  405.364000][T29504]  device_add_attrs+0x87/0x370
[  405.368732][T29504]  device_add+0x505/0xbc0
[  405.373045][T29504]  device_create_vargs+0x1b8/0x210
[  405.378125][T29504]  device_create+0xea/0x130
[  405.382619][T29504]  ? device_create_vargs+0x210/0x210
[  405.387876][T29504]  bdi_register_va+0x89/0x5e0
[  405.392528][T29504]  bdi_register+0xd1/0x120
[  405.396930][T29504]  ? __device_add_disk+0x539/0x1200
[  405.402108][T29504]  ? bdi_register_va+0x5e0/0x5e0
[  405.407015][T29504]  ? percpu_ref_resurrect+0x113/0x190
[  405.412369][T29504]  bdi_register_owner+0x56/0xf0
[  405.417202][T29504]  __device_add_disk+0x5b8/0x1200
[  405.422204][T29504]  ? device_add_disk+0x30/0x30
[  405.426938][T29504]  ? vsprintf+0x30/0x30
[  405.431063][T29504]  ? device_initialize+0x1c7/0x3d0
[  405.436145][T29504]  ? __alloc_disk_node+0x326/0x380
[  405.441228][T29504]  loop_add+0x554/0x710
[  405.445466][T29504]  loop_control_ioctl+0x564/0x740
[  405.450460][T29504]  ? loop_remove+0xa0/0xa0
[  405.454847][T29504]  ? __lru_cache_add+0x1bf/0x210
[  405.459753][T29504]  ? memset+0x1f/0x40
[  405.463712][T29504]  ? fsnotify+0x1332/0x13f0
[  405.468195][T29504]  ? loop_remove+0xa0/0xa0
[  405.472580][T29504]  do_vfs_ioctl+0x744/0x1730
[  405.477143][T29504]  ? selinux_file_ioctl+0x723/0x970
[  405.482314][T29504]  ? ioctl_preallocate+0x250/0x250
[  405.487394][T29504]  ? __fget+0x40c/0x4a0
[  405.491516][T29504]  ? fget_many+0x20/0x20
[  405.495728][T29504]  ? check_preemption_disabled+0x154/0x330
[  405.501500][T29504]  ? debug_smp_processor_id+0x20/0x20
[  405.506840][T29504]  ? security_file_ioctl+0x9d/0xb0
[  405.511920][T29504]  __x64_sys_ioctl+0xd4/0x110
[  405.516565][T29504]  do_syscall_64+0xcb/0x1c0
[  405.521040][T29504]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:36 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 58)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x200002e1, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:36 executing program 2:
sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x88, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:36 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b4, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b4}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xa, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  405.603935][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  405.640628][T29549] FAULT_INJECTION: forcing a failure.
[  405.640628][T29549] name failslab, interval 1, probability 0, space 0, times 0
18:36:36 executing program 2:
sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x88, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xe, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:36 executing program 2:
sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x9c, 0x0, 0x2, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_SOCK={0x88, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80000001}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x800}, @TIPC_NLA_SOCK_CON={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8, 0x2, 0x5}]}, @TIPC_NLA_SOCK_CON={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x80}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x5}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x80000000}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x800}]}]}, 0x9c}, 0x1, 0x0, 0x0, 0x4}, 0x4000000) (async)
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x64, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  405.654115][T29549] CPU: 0 PID: 29549 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  405.665728][T29549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  405.675767][T29549] Call Trace:
[  405.679047][T29549]  dump_stack+0x1d8/0x241
[  405.683368][T29549]  ? panic+0x73e/0x73e
[  405.687423][T29549]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  405.693214][T29549]  ? idr_alloc+0x2f0/0x2f0
[  405.697626][T29549]  should_fail+0x709/0x870
[  405.702014][T29549]  ? setup_fault_attr+0x3d0/0x3d0
[  405.707007][T29549]  ? security_kernfs_init_security+0x9a/0xb0
[  405.712957][T29549]  ? __kernfs_new_node+0x465/0x6d0
[  405.718042][T29549]  ? __kernfs_new_node+0xdb/0x6d0
[  405.723043][T29549]  should_failslab+0x5/0x20
[  405.727520][T29549]  kmem_cache_alloc+0x24/0x210
[  405.732268][T29549]  __kernfs_new_node+0xdb/0x6d0
[  405.737093][T29549]  ? kernfs_new_node+0x160/0x160
[  405.742001][T29549]  ? kernfs_activate+0x3fc/0x420
[  405.746906][T29549]  ? mutex_unlock+0x19/0x40
[  405.751493][T29549]  ? kernfs_add_one+0x4a3/0x5c0
[  405.756321][T29549]  kernfs_new_node+0x95/0x160
[  405.760967][T29549]  __kernfs_create_file+0x45/0x260
[  405.766052][T29549]  sysfs_add_file_mode_ns+0x292/0x340
[  405.771390][T29549]  sysfs_create_file_ns+0x191/0x2a0
[  405.776556][T29549]  ? sysfs_create_group+0x20/0x20
[  405.781547][T29549]  ? sysfs_add_file_mode_ns+0x340/0x340
[  405.787074][T29549]  ? device_create_file+0xe8/0x1b0
[  405.792169][T29549]  device_add_attrs+0x2be/0x370
[  405.796989][T29549]  device_add+0x505/0xbc0
[  405.801287][T29549]  device_create_vargs+0x1b8/0x210
[  405.806370][T29549]  device_create+0xea/0x130
[  405.810841][T29549]  ? device_create_vargs+0x210/0x210
[  405.816093][T29549]  bdi_register_va+0x89/0x5e0
[  405.820739][T29549]  bdi_register+0xd1/0x120
[  405.825122][T29549]  ? __device_add_disk+0x539/0x1200
[  405.830296][T29549]  ? bdi_register_va+0x5e0/0x5e0
[  405.835206][T29549]  ? percpu_ref_resurrect+0x113/0x190
[  405.840545][T29549]  bdi_register_owner+0x56/0xf0
[  405.845366][T29549]  __device_add_disk+0x5b8/0x1200
[  405.850359][T29549]  ? device_add_disk+0x30/0x30
[  405.855111][T29549]  ? vsprintf+0x30/0x30
[  405.859234][T29549]  ? device_initialize+0x1c7/0x3d0
[  405.864312][T29549]  ? __alloc_disk_node+0x326/0x380
[  405.869391][T29549]  loop_add+0x554/0x710
[  405.873516][T29549]  loop_control_ioctl+0x564/0x740
[  405.878515][T29549]  ? loop_remove+0xa0/0xa0
[  405.882915][T29549]  ? __lru_cache_add+0x1bf/0x210
[  405.887842][T29549]  ? memset+0x1f/0x40
[  405.891792][T29549]  ? fsnotify+0x1332/0x13f0
[  405.896261][T29549]  ? loop_remove+0xa0/0xa0
[  405.900648][T29549]  do_vfs_ioctl+0x744/0x1730
[  405.905206][T29549]  ? selinux_file_ioctl+0x723/0x970
[  405.910370][T29549]  ? ioctl_preallocate+0x250/0x250
[  405.915451][T29549]  ? __fget+0x40c/0x4a0
[  405.919587][T29549]  ? fget_many+0x20/0x20
[  405.923796][T29549]  ? check_preemption_disabled+0x154/0x330
[  405.929569][T29549]  ? debug_smp_processor_id+0x20/0x20
[  405.934908][T29549]  ? security_file_ioctl+0x9d/0xb0
[  405.939987][T29549]  __x64_sys_ioctl+0xd4/0x110
[  405.944808][T29549]  do_syscall_64+0xcb/0x1c0
[  405.949296][T29549]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  405.956568][T29549] ------------[ cut here ]------------
[  405.962021][T29549] WARNING: CPU: 0 PID: 29549 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  405.971095][T29549] Modules linked in:
[  405.974964][T29549] CPU: 0 PID: 29549 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  405.986553][T29549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  405.996588][T29549] RIP: 0010:__device_add_disk+0xe83/0x1200
[  406.002360][T29549] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  406.021932][T29549] RSP: 0018:ffff8881cb31fa00 EFLAGS: 00010246
[  406.027972][T29549] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  406.035914][T29549] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  406.043857][T29549] RBP: ffff8881cb31fb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  406.051800][T29549] R10: ffffffff84800000 R11: 1ffff11039663e00 R12: ffff8881cf834000
[  406.059740][T29549] R13: dffffc0000000000 R14: ffff8881cf834070 R15: 1ffff11039f0689d
[  406.067696][T29549] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  406.076592][T29549] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  406.083142][T29549] CR2: 00007fc14c10a718 CR3: 00000001e5ee8000 CR4: 00000000003406f0
[  406.091082][T29549] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  406.099118][T29549] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  406.107057][T29549] Call Trace:
[  406.110320][T29549]  ? device_add_disk+0x30/0x30
[  406.115056][T29549]  ? vsprintf+0x30/0x30
[  406.119179][T29549]  ? device_initialize+0x1c7/0x3d0
[  406.124269][T29549]  ? __alloc_disk_node+0x326/0x380
[  406.129348][T29549]  loop_add+0x554/0x710
[  406.133478][T29549]  loop_control_ioctl+0x564/0x740
[  406.138470][T29549]  ? loop_remove+0xa0/0xa0
[  406.142863][T29549]  ? __lru_cache_add+0x1bf/0x210
[  406.147773][T29549]  ? memset+0x1f/0x40
[  406.151721][T29549]  ? fsnotify+0x1332/0x13f0
[  406.156187][T29549]  ? loop_remove+0xa0/0xa0
[  406.160580][T29549]  do_vfs_ioctl+0x744/0x1730
[  406.165144][T29549]  ? selinux_file_ioctl+0x723/0x970
[  406.170312][T29549]  ? ioctl_preallocate+0x250/0x250
[  406.175485][T29549]  ? __fget+0x40c/0x4a0
[  406.179616][T29549]  ? fget_many+0x20/0x20
[  406.183833][T29549]  ? check_preemption_disabled+0x154/0x330
[  406.189605][T29549]  ? debug_smp_processor_id+0x20/0x20
[  406.194948][T29549]  ? security_file_ioctl+0x9d/0xb0
[  406.200023][T29549]  __x64_sys_ioctl+0xd4/0x110
[  406.204667][T29549]  do_syscall_64+0xcb/0x1c0
[  406.209141][T29549]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  406.214997][T29549] ---[ end trace 25474f664d9331ef ]---
18:36:36 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 59)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:36 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x2, 0x4, 0x2000, &(0x7f0000ffc000/0x2000)=nil})

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x87, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:36 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xa0, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:36 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x2, 0x4, 0x2000, &(0x7f0000ffc000/0x2000)=nil})

18:36:36 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:36 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:36 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xac, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  406.283859][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  406.337071][T29579] FAULT_INJECTION: forcing a failure.
[  406.337071][T29579] name failslab, interval 1, probability 0, space 0, times 0
[  406.350830][T29579] CPU: 1 PID: 29579 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  406.362442][T29579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  406.372487][T29579] Call Trace:
[  406.375750][T29579]  dump_stack+0x1d8/0x241
[  406.380056][T29579]  ? panic+0x73e/0x73e
[  406.384094][T29579]  ? idr_alloc_cyclic+0x36e/0x5e0
[  406.389084][T29579]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  406.394853][T29579]  ? selinux_path_notify+0x6c0/0x6c0
[  406.400104][T29579]  should_fail+0x709/0x870
[  406.404486][T29579]  ? setup_fault_attr+0x3d0/0x3d0
[  406.409478][T29579]  ? security_kernfs_init_security+0x9a/0xb0
[  406.415424][T29579]  ? __kernfs_new_node+0xdb/0x6d0
[  406.420421][T29579]  should_failslab+0x5/0x20
[  406.424895][T29579]  kmem_cache_alloc+0x24/0x210
[  406.429630][T29579]  __kernfs_new_node+0xdb/0x6d0
[  406.434452][T29579]  ? kernfs_new_node+0x160/0x160
[  406.439361][T29579]  ? kernfs_activate+0x3fc/0x420
[  406.444266][T29579]  ? mutex_unlock+0x19/0x40
[  406.448739][T29579]  ? kernfs_add_one+0x4a3/0x5c0
[  406.453560][T29579]  kernfs_create_dir_ns+0x90/0x220
[  406.458656][T29579]  internal_create_group+0x29d/0xf50
[  406.463909][T29579]  ? sysfs_create_group+0x20/0x20
[  406.468903][T29579]  ? device_create_file+0xe8/0x1b0
[  406.474037][T29579]  ? bus_add_device+0x92/0x3f0
[  406.478787][T29579]  dpm_sysfs_add+0x59/0x260
[  406.483257][T29579]  device_add+0x547/0xbc0
[  406.487552][T29579]  device_create_vargs+0x1b8/0x210
[  406.492627][T29579]  device_create+0xea/0x130
[  406.497097][T29579]  ? device_create_vargs+0x210/0x210
[  406.502347][T29579]  bdi_register_va+0x89/0x5e0
[  406.506990][T29579]  bdi_register+0xd1/0x120
[  406.511372][T29579]  ? __device_add_disk+0x539/0x1200
[  406.516535][T29579]  ? bdi_register_va+0x5e0/0x5e0
[  406.521439][T29579]  ? percpu_ref_resurrect+0x113/0x190
[  406.526775][T29579]  bdi_register_owner+0x56/0xf0
[  406.531590][T29579]  __device_add_disk+0x5b8/0x1200
[  406.536581][T29579]  ? device_add_disk+0x30/0x30
[  406.541312][T29579]  ? vsprintf+0x30/0x30
[  406.545434][T29579]  ? device_initialize+0x1c7/0x3d0
[  406.550524][T29579]  ? __alloc_disk_node+0x326/0x380
[  406.555599][T29579]  loop_add+0x554/0x710
[  406.559723][T29579]  loop_control_ioctl+0x564/0x740
[  406.564821][T29579]  ? loop_remove+0xa0/0xa0
[  406.569217][T29579]  ? __lru_cache_add+0x1bf/0x210
[  406.574122][T29579]  ? memset+0x1f/0x40
[  406.578069][T29579]  ? fsnotify+0x1332/0x13f0
[  406.582537][T29579]  ? loop_remove+0xa0/0xa0
[  406.586924][T29579]  do_vfs_ioctl+0x744/0x1730
[  406.591480][T29579]  ? selinux_file_ioctl+0x723/0x970
[  406.596644][T29579]  ? ioctl_preallocate+0x250/0x250
[  406.601723][T29579]  ? __fget+0x40c/0x4a0
[  406.605862][T29579]  ? fget_many+0x20/0x20
[  406.610075][T29579]  ? check_preemption_disabled+0x154/0x330
[  406.615844][T29579]  ? debug_smp_processor_id+0x20/0x20
[  406.621200][T29579]  ? security_file_ioctl+0x9d/0xb0
[  406.626277][T29579]  __x64_sys_ioctl+0xd4/0x110
[  406.630917][T29579]  do_syscall_64+0xcb/0x1c0
[  406.635390][T29579]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  406.645108][T29579] ------------[ cut here ]------------
[  406.650575][T29579] WARNING: CPU: 0 PID: 29579 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  406.659740][T29579] Modules linked in:
[  406.663604][T29579] CPU: 0 PID: 29579 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  406.675190][T29579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  406.685222][T29579] RIP: 0010:__device_add_disk+0xe83/0x1200
[  406.691208][T29579] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  406.710885][T29579] RSP: 0018:ffff8881e0defa00 EFLAGS: 00010246
[  406.716935][T29579] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  406.724900][T29579] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  406.732846][T29579] RBP: ffff8881e0defb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  406.740798][T29579] R10: ffffffff84800000 R11: 1ffff1103c1bde00 R12: ffff8881ed56a000
[  406.748741][T29579] R13: dffffc0000000000 R14: ffff8881ed56a070 R15: 1ffff1103daad49d
[  406.756689][T29579] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  406.765589][T29579] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  406.772141][T29579] CR2: 000055555618e728 CR3: 00000001e0c7a000 CR4: 00000000003406f0
[  406.780092][T29579] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  406.788048][T29579] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  406.795991][T29579] Call Trace:
[  406.799255][T29579]  ? device_add_disk+0x30/0x30
[  406.804028][T29579]  ? vsprintf+0x30/0x30
[  406.808154][T29579]  ? device_initialize+0x1c7/0x3d0
[  406.813242][T29579]  ? __alloc_disk_node+0x326/0x380
[  406.818341][T29579]  loop_add+0x554/0x710
[  406.822466][T29579]  loop_control_ioctl+0x564/0x740
[  406.827468][T29579]  ? loop_remove+0xa0/0xa0
[  406.831857][T29579]  ? __lru_cache_add+0x1bf/0x210
[  406.836771][T29579]  ? memset+0x1f/0x40
[  406.840726][T29579]  ? fsnotify+0x1332/0x13f0
[  406.845212][T29579]  ? loop_remove+0xa0/0xa0
[  406.849609][T29579]  do_vfs_ioctl+0x744/0x1730
[  406.854178][T29579]  ? selinux_file_ioctl+0x723/0x970
[  406.859345][T29579]  ? ioctl_preallocate+0x250/0x250
[  406.864427][T29579]  ? __fget+0x40c/0x4a0
[  406.868582][T29579]  ? fget_many+0x20/0x20
[  406.872802][T29579]  ? check_preemption_disabled+0x154/0x330
[  406.878574][T29579]  ? debug_smp_processor_id+0x20/0x20
[  406.883914][T29579]  ? security_file_ioctl+0x9d/0xb0
18:36:37 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 60)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:37 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x2, 0x4, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f0000000000)={0x1fe, 0x2, 0x4, 0x2000, &(0x7f0000ffc000/0x2000)=nil}) (async)

18:36:37 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x3fe, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:37 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:37 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:37 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0x9c, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:37 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x5f5e0ff, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:37 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000040)=0x1)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x1}, @volatile={0x10, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f0000000080)=""/252, 0x39, 0xfc}, 0x20)

[  406.888991][T29579]  __x64_sys_ioctl+0xd4/0x110
[  406.893646][T29579]  do_syscall_64+0xcb/0x1c0
[  406.898129][T29579]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  406.903987][T29579] ---[ end trace 25474f664d9331f0 ]---
18:36:37 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x2000029a, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:37 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000040)=0x1)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x1}, @volatile={0x10, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f0000000080)=""/252, 0x39, 0xfc}, 0x20)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000040)=0x1) (async)
read$FUSE(r0, 0x0, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x1}, @volatile={0x10, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f0000000080)=""/252, 0x39, 0xfc}, 0x20) (async)

18:36:37 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:37 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x200002a5, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  406.956853][T29609] FAULT_INJECTION: forcing a failure.
[  406.956853][T29609] name failslab, interval 1, probability 0, space 0, times 0
[  406.971303][T29609] CPU: 1 PID: 29609 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  406.982928][T29609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  406.992970][T29609] Call Trace:
[  406.996676][T29609]  dump_stack+0x1d8/0x241
[  407.001003][T29609]  ? panic+0x73e/0x73e
[  407.005052][T29609]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  407.010843][T29609]  ? idr_get_free+0x6a3/0x840
[  407.015574][T29609]  ? mutex_unlock+0x19/0x40
[  407.020052][T29609]  should_fail+0x709/0x870
[  407.024449][T29609]  ? setup_fault_attr+0x3d0/0x3d0
[  407.029441][T29609]  ? idr_alloc+0x2f0/0x2f0
[  407.033825][T29609]  ? __kernfs_new_node+0xdb/0x6d0
[  407.039183][T29609]  should_failslab+0x5/0x20
[  407.043666][T29609]  kmem_cache_alloc+0x24/0x210
[  407.048404][T29609]  __kernfs_new_node+0xdb/0x6d0
[  407.053227][T29609]  ? kernfs_new_node+0x160/0x160
[  407.058133][T29609]  ? mutex_lock+0xa6/0x110
[  407.062516][T29609]  ? mutex_trylock+0xa0/0xa0
[  407.067172][T29609]  ? kernfs_activate+0x3fc/0x420
[  407.072085][T29609]  kernfs_new_node+0x95/0x160
[  407.076748][T29609]  __kernfs_create_file+0x45/0x260
[  407.081861][T29609]  sysfs_add_file_mode_ns+0x292/0x340
[  407.087228][T29609]  sysfs_merge_group+0x207/0x460
[  407.092161][T29609]  ? sysfs_remove_groups+0xb0/0xb0
[  407.097247][T29609]  ? device_create_file+0xe8/0x1b0
[  407.102338][T29609]  ? bus_add_device+0x92/0x3f0
[  407.107079][T29609]  dpm_sysfs_add+0xc0/0x260
[  407.111558][T29609]  device_add+0x547/0xbc0
[  407.115878][T29609]  device_create_vargs+0x1b8/0x210
[  407.120983][T29609]  device_create+0xea/0x130
[  407.125466][T29609]  ? device_create_vargs+0x210/0x210
[  407.130725][T29609]  bdi_register_va+0x89/0x5e0
[  407.135377][T29609]  bdi_register+0xd1/0x120
[  407.139767][T29609]  ? __device_add_disk+0x539/0x1200
[  407.144943][T29609]  ? bdi_register_va+0x5e0/0x5e0
[  407.149848][T29609]  ? percpu_ref_resurrect+0x113/0x190
[  407.155192][T29609]  bdi_register_owner+0x56/0xf0
[  407.160031][T29609]  __device_add_disk+0x5b8/0x1200
[  407.165029][T29609]  ? device_add_disk+0x30/0x30
[  407.169777][T29609]  ? vsprintf+0x30/0x30
[  407.173929][T29609]  ? device_initialize+0x1c7/0x3d0
[  407.179014][T29609]  ? __alloc_disk_node+0x326/0x380
[  407.184107][T29609]  loop_add+0x554/0x710
[  407.188235][T29609]  loop_control_ioctl+0x564/0x740
[  407.193227][T29609]  ? loop_remove+0xa0/0xa0
[  407.197758][T29609]  ? __lru_cache_add+0x1bf/0x210
[  407.202681][T29609]  ? memset+0x1f/0x40
[  407.206642][T29609]  ? fsnotify+0x1332/0x13f0
[  407.211115][T29609]  ? loop_remove+0xa0/0xa0
[  407.215518][T29609]  do_vfs_ioctl+0x744/0x1730
[  407.220093][T29609]  ? selinux_file_ioctl+0x723/0x970
[  407.225270][T29609]  ? ioctl_preallocate+0x250/0x250
[  407.230390][T29609]  ? __fget+0x40c/0x4a0
[  407.234528][T29609]  ? fget_many+0x20/0x20
[  407.238752][T29609]  ? check_preemption_disabled+0x154/0x330
[  407.244529][T29609]  ? debug_smp_processor_id+0x20/0x20
[  407.249871][T29609]  ? security_file_ioctl+0x9d/0xb0
[  407.254953][T29609]  __x64_sys_ioctl+0xd4/0x110
[  407.259606][T29609]  do_syscall_64+0xcb/0x1c0
[  407.264100][T29609]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  407.271436][T29609] ------------[ cut here ]------------
[  407.276915][T29609] WARNING: CPU: 1 PID: 29609 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  407.286000][T29609] Modules linked in:
[  407.289868][T29609] CPU: 1 PID: 29609 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  407.301486][T29609] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  407.311532][T29609] RIP: 0010:__device_add_disk+0xe83/0x1200
[  407.317310][T29609] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  407.336885][T29609] RSP: 0018:ffff8881e8e5fa00 EFLAGS: 00010246
[  407.342926][T29609] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  407.350871][T29609] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  407.358822][T29609] RBP: ffff8881e8e5fb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  407.366772][T29609] R10: ffffffff84800000 R11: 1ffff1103d1cbe00 R12: ffff8881edf0f000
[  407.374737][T29609] R13: dffffc0000000000 R14: ffff8881edf0f070 R15: 1ffff1103dbe1e9d
[  407.382693][T29609] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  407.391609][T29609] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  407.398165][T29609] CR2: 00007fd4da648d38 CR3: 00000001f0f9d000 CR4: 00000000003406e0
[  407.406118][T29609] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  407.414078][T29609] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  407.422024][T29609] Call Trace:
[  407.425379][T29609]  ? device_add_disk+0x30/0x30
[  407.430116][T29609]  ? vsprintf+0x30/0x30
[  407.434246][T29609]  ? device_initialize+0x1c7/0x3d0
[  407.439327][T29609]  ? __alloc_disk_node+0x326/0x380
[  407.444409][T29609]  loop_add+0x554/0x710
[  407.448539][T29609]  loop_control_ioctl+0x564/0x740
[  407.453533][T29609]  ? loop_remove+0xa0/0xa0
[  407.457920][T29609]  ? __lru_cache_add+0x1bf/0x210
[  407.462847][T29609]  ? memset+0x1f/0x40
[  407.466821][T29609]  ? fsnotify+0x1332/0x13f0
[  407.471298][T29609]  ? loop_remove+0xa0/0xa0
[  407.475683][T29609]  do_vfs_ioctl+0x744/0x1730
[  407.480264][T29609]  ? selinux_file_ioctl+0x723/0x970
[  407.485429][T29609]  ? ioctl_preallocate+0x250/0x250
[  407.490523][T29609]  ? __fget+0x40c/0x4a0
[  407.494665][T29609]  ? fget_many+0x20/0x20
[  407.498906][T29609]  ? check_preemption_disabled+0x154/0x330
[  407.504696][T29609]  ? debug_smp_processor_id+0x20/0x20
[  407.510049][T29609]  ? security_file_ioctl+0x9d/0xb0
[  407.515131][T29609]  __x64_sys_ioctl+0xd4/0x110
[  407.519788][T29609]  do_syscall_64+0xcb/0x1c0
[  407.524291][T29609]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  407.530154][T29609] ---[ end trace 25474f664d9331f1 ]---
18:36:38 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 61)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:38 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000040)=0x1)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x1}, @volatile={0x10, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f0000000080)=""/252, 0x39, 0xfc}, 0x20)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
ioctl$PPPIOCSDEBUG(r1, 0x40047440, &(0x7f0000000040)=0x1) (async)
read$FUSE(r0, 0x0, 0x0) (async)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000180)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x1c, 0x1c, 0x5, [@var={0x4, 0x0, 0x0, 0xe, 0x1}, @volatile={0x10, 0x0, 0x0, 0x9, 0x4}]}, {0x0, [0x0, 0x0, 0x30]}}, &(0x7f0000000080)=""/252, 0x39, 0xfc}, 0x20) (async)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0x200002e1, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:38 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:38 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:38 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0xa, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  407.585390][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x3fe, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 2:
inotify_init()
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0)
read$FUSE(r0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200280, 0x0)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x1001, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  407.630543][T29647] FAULT_INJECTION: forcing a failure.
[  407.630543][T29647] name failslab, interval 1, probability 0, space 0, times 0
[  407.650457][T29647] CPU: 1 PID: 29647 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  407.662084][T29647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  407.672122][T29647] Call Trace:
[  407.675400][T29647]  dump_stack+0x1d8/0x241
[  407.679741][T29647]  ? panic+0x73e/0x73e
[  407.683790][T29647]  ? mutex_unlock+0x19/0x40
[  407.688286][T29647]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  407.694069][T29647]  ? selinux_kernfs_init_security+0x155/0x760
[  407.700110][T29647]  ? idr_alloc_cyclic+0x36e/0x5e0
[  407.705112][T29647]  should_fail+0x709/0x870
[  407.709497][T29647]  ? setup_fault_attr+0x3d0/0x3d0
[  407.714491][T29647]  ? _raw_spin_lock+0xa3/0x1b0
[  407.719226][T29647]  ? __kernfs_new_node+0xdb/0x6d0
[  407.724218][T29647]  should_failslab+0x5/0x20
[  407.728689][T29647]  kmem_cache_alloc+0x24/0x210
[  407.733422][T29647]  __kernfs_new_node+0xdb/0x6d0
[  407.738319][T29647]  ? mutex_lock+0xa6/0x110
[  407.742808][T29647]  ? kernfs_new_node+0x160/0x160
[  407.747713][T29647]  ? mutex_lock+0xa6/0x110
[  407.752103][T29647]  ? mutex_trylock+0xa0/0xa0
[  407.756667][T29647]  kernfs_new_node+0x95/0x160
[  407.761322][T29647]  __kernfs_create_file+0x45/0x260
[  407.766409][T29647]  sysfs_add_file_mode_ns+0x292/0x340
[  407.771763][T29647]  sysfs_merge_group+0x207/0x460
[  407.776756][T29647]  ? sysfs_remove_groups+0xb0/0xb0
[  407.781834][T29647]  ? device_create_file+0xe8/0x1b0
[  407.786921][T29647]  ? bus_add_device+0x92/0x3f0
[  407.791656][T29647]  dpm_sysfs_add+0xc0/0x260
[  407.796135][T29647]  device_add+0x547/0xbc0
[  407.800447][T29647]  device_create_vargs+0x1b8/0x210
[  407.805537][T29647]  device_create+0xea/0x130
[  407.810032][T29647]  ? device_create_vargs+0x210/0x210
[  407.815306][T29647]  bdi_register_va+0x89/0x5e0
[  407.819955][T29647]  bdi_register+0xd1/0x120
[  407.824342][T29647]  ? __device_add_disk+0x539/0x1200
[  407.829507][T29647]  ? bdi_register_va+0x5e0/0x5e0
[  407.834413][T29647]  ? percpu_ref_resurrect+0x113/0x190
[  407.839768][T29647]  bdi_register_owner+0x56/0xf0
[  407.844599][T29647]  __device_add_disk+0x5b8/0x1200
[  407.849596][T29647]  ? device_add_disk+0x30/0x30
[  407.854328][T29647]  ? vsprintf+0x30/0x30
[  407.858452][T29647]  ? device_initialize+0x1c7/0x3d0
[  407.863533][T29647]  ? __alloc_disk_node+0x326/0x380
[  407.868614][T29647]  loop_add+0x554/0x710
[  407.872751][T29647]  loop_control_ioctl+0x564/0x740
[  407.877761][T29647]  ? loop_remove+0xa0/0xa0
[  407.882147][T29647]  ? __lru_cache_add+0x1bf/0x210
[  407.887062][T29647]  ? memset+0x1f/0x40
[  407.891021][T29647]  ? fsnotify+0x1332/0x13f0
[  407.895499][T29647]  ? loop_remove+0xa0/0xa0
[  407.899992][T29647]  do_vfs_ioctl+0x744/0x1730
[  407.904552][T29647]  ? selinux_file_ioctl+0x723/0x970
[  407.909719][T29647]  ? ioctl_preallocate+0x250/0x250
[  407.914803][T29647]  ? __fget+0x40c/0x4a0
[  407.918928][T29647]  ? fget_many+0x20/0x20
[  407.923149][T29647]  ? check_preemption_disabled+0x154/0x330
[  407.928924][T29647]  ? debug_smp_processor_id+0x20/0x20
[  407.934267][T29647]  ? security_file_ioctl+0x9d/0xb0
[  407.939346][T29647]  __x64_sys_ioctl+0xd4/0x110
[  407.944012][T29647]  do_syscall_64+0xcb/0x1c0
[  407.948616][T29647]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  407.958401][T29647] ------------[ cut here ]------------
[  407.963896][T29647] WARNING: CPU: 1 PID: 29647 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  407.972966][T29647] Modules linked in:
[  407.976837][T29647] CPU: 1 PID: 29647 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  407.988432][T29647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  407.998467][T29647] RIP: 0010:__device_add_disk+0xe83/0x1200
[  408.004244][T29647] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  408.023817][T29647] RSP: 0018:ffff8881e4677a00 EFLAGS: 00010246
[  408.029872][T29647] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  408.037814][T29647] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  408.045764][T29647] RBP: ffff8881e4677b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  408.053717][T29647] R10: ffffffff84800000 R11: 1ffff1103c8cee00 R12: ffff8881ea3f3000
[  408.061663][T29647] R13: dffffc0000000000 R14: ffff8881ea3f3070 R15: 1ffff1103d47e69d
[  408.069607][T29647] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  408.078506][T29647] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.085412][T29647] CR2: 00007ff61b829718 CR3: 00000001e6656000 CR4: 00000000003406e0
[  408.093357][T29647] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  408.101299][T29647] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  408.109240][T29647] Call Trace:
[  408.112505][T29647]  ? device_add_disk+0x30/0x30
[  408.117241][T29647]  ? vsprintf+0x30/0x30
[  408.121374][T29647]  ? device_initialize+0x1c7/0x3d0
[  408.126490][T29647]  ? __alloc_disk_node+0x326/0x380
[  408.131586][T29647]  loop_add+0x554/0x710
[  408.135724][T29647]  loop_control_ioctl+0x564/0x740
[  408.140715][T29647]  ? loop_remove+0xa0/0xa0
[  408.145100][T29647]  ? __lru_cache_add+0x1bf/0x210
[  408.150006][T29647]  ? memset+0x1f/0x40
[  408.153957][T29647]  ? fsnotify+0x1332/0x13f0
[  408.158434][T29647]  ? loop_remove+0xa0/0xa0
[  408.162826][T29647]  do_vfs_ioctl+0x744/0x1730
[  408.167382][T29647]  ? selinux_file_ioctl+0x723/0x970
[  408.172559][T29647]  ? ioctl_preallocate+0x250/0x250
[  408.177664][T29647]  ? __fget+0x40c/0x4a0
[  408.181789][T29647]  ? fget_many+0x20/0x20
[  408.186365][T29647]  ? check_preemption_disabled+0x154/0x330
[  408.192235][T29647]  ? debug_smp_processor_id+0x20/0x20
[  408.197581][T29647]  ? security_file_ioctl+0x9d/0xb0
[  408.202689][T29647]  __x64_sys_ioctl+0xd4/0x110
[  408.207343][T29647]  do_syscall_64+0xcb/0x1c0
[  408.211827][T29647]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  408.217692][T29647] ---[ end trace 25474f664d9331f2 ]---
18:36:38 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 62)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x20000312, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 2:
inotify_init() (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200280, 0x0)

18:36:38 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:38 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:38 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  408.254378][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  408.273126][T29669] FAULT_INJECTION: forcing a failure.
[  408.273126][T29669] name failslab, interval 1, probability 0, space 0, times 0
[  408.290499][T29669] CPU: 1 PID: 29669 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x2}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x3}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x5}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:38 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x6}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  408.302123][T29669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  408.312513][T29669] Call Trace:
[  408.315804][T29669]  dump_stack+0x1d8/0x241
[  408.320132][T29669]  ? panic+0x73e/0x73e
[  408.324185][T29669]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  408.329972][T29669]  ? idr_get_free+0x6a3/0x840
[  408.334653][T29669]  ? mutex_unlock+0x19/0x40
[  408.339146][T29669]  should_fail+0x709/0x870
[  408.343550][T29669]  ? setup_fault_attr+0x3d0/0x3d0
[  408.348564][T29669]  ? idr_alloc+0x2f0/0x2f0
[  408.352977][T29669]  ? __kernfs_new_node+0xdb/0x6d0
[  408.357981][T29669]  should_failslab+0x5/0x20
[  408.362456][T29669]  kmem_cache_alloc+0x24/0x210
[  408.367192][T29669]  __kernfs_new_node+0xdb/0x6d0
[  408.372012][T29669]  ? kernfs_new_node+0x160/0x160
[  408.376919][T29669]  ? mutex_lock+0xa6/0x110
[  408.381304][T29669]  ? mutex_trylock+0xa0/0xa0
[  408.385867][T29669]  ? kernfs_activate+0x3fc/0x420
[  408.390773][T29669]  kernfs_new_node+0x95/0x160
[  408.395423][T29669]  __kernfs_create_file+0x45/0x260
[  408.400509][T29669]  sysfs_add_file_mode_ns+0x292/0x340
[  408.405857][T29669]  sysfs_merge_group+0x207/0x460
[  408.410766][T29669]  ? sysfs_remove_groups+0xb0/0xb0
[  408.415854][T29669]  ? device_create_file+0xe8/0x1b0
[  408.420966][T29669]  ? bus_add_device+0x92/0x3f0
[  408.425706][T29669]  dpm_sysfs_add+0xc0/0x260
[  408.430181][T29669]  device_add+0x547/0xbc0
[  408.434479][T29669]  device_create_vargs+0x1b8/0x210
[  408.439558][T29669]  device_create+0xea/0x130
[  408.444061][T29669]  ? device_create_vargs+0x210/0x210
[  408.449316][T29669]  bdi_register_va+0x89/0x5e0
[  408.453979][T29669]  bdi_register+0xd1/0x120
[  408.458368][T29669]  ? __device_add_disk+0x539/0x1200
[  408.463645][T29669]  ? bdi_register_va+0x5e0/0x5e0
[  408.468821][T29669]  ? percpu_ref_resurrect+0x113/0x190
[  408.474163][T29669]  bdi_register_owner+0x56/0xf0
[  408.478982][T29669]  __device_add_disk+0x5b8/0x1200
[  408.483978][T29669]  ? device_add_disk+0x30/0x30
[  408.488825][T29669]  ? vsprintf+0x30/0x30
[  408.492957][T29669]  ? device_initialize+0x1c7/0x3d0
[  408.498037][T29669]  ? __alloc_disk_node+0x326/0x380
[  408.503143][T29669]  loop_add+0x554/0x710
[  408.507269][T29669]  loop_control_ioctl+0x564/0x740
[  408.512260][T29669]  ? loop_remove+0xa0/0xa0
[  408.516648][T29669]  ? __lru_cache_add+0x1bf/0x210
[  408.521558][T29669]  ? memset+0x1f/0x40
[  408.525514][T29669]  ? fsnotify+0x1332/0x13f0
[  408.530012][T29669]  ? loop_remove+0xa0/0xa0
[  408.534398][T29669]  do_vfs_ioctl+0x744/0x1730
[  408.538976][T29669]  ? selinux_file_ioctl+0x723/0x970
[  408.544146][T29669]  ? ioctl_preallocate+0x250/0x250
[  408.549248][T29669]  ? __fget+0x40c/0x4a0
[  408.553372][T29669]  ? fget_many+0x20/0x20
[  408.557591][T29669]  ? check_preemption_disabled+0x154/0x330
[  408.563363][T29669]  ? debug_smp_processor_id+0x20/0x20
[  408.568706][T29669]  ? security_file_ioctl+0x9d/0xb0
[  408.573785][T29669]  __x64_sys_ioctl+0xd4/0x110
[  408.578585][T29669]  do_syscall_64+0xcb/0x1c0
[  408.583191][T29669]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  408.593170][T29669] ------------[ cut here ]------------
[  408.598638][T29669] WARNING: CPU: 0 PID: 29669 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  408.607713][T29669] Modules linked in:
[  408.611596][T29669] CPU: 0 PID: 29669 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  408.623185][T29669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  408.633235][T29669] RIP: 0010:__device_add_disk+0xe83/0x1200
[  408.639015][T29669] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  408.658590][T29669] RSP: 0018:ffff8881e74d7a00 EFLAGS: 00010246
[  408.664628][T29669] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  408.672572][T29669] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  408.680527][T29669] RBP: ffff8881e74d7b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  408.688589][T29669] R10: ffffffff84800000 R11: 1ffff1103ce9ae00 R12: ffff8881cffc9000
[  408.696543][T29669] R13: dffffc0000000000 R14: ffff8881cffc9070 R15: 1ffff11039ff929d
[  408.704555][T29669] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  408.713470][T29669] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  408.720025][T29669] CR2: 00007fc14c10a718 CR3: 00000001e9863000 CR4: 00000000003406f0
[  408.727987][T29669] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  408.735932][T29669] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  408.744010][T29669] Call Trace:
[  408.747279][T29669]  ? device_add_disk+0x30/0x30
[  408.752014][T29669]  ? vsprintf+0x30/0x30
[  408.756240][T29669]  ? device_initialize+0x1c7/0x3d0
[  408.761386][T29669]  ? __alloc_disk_node+0x326/0x380
[  408.766485][T29669]  loop_add+0x554/0x710
[  408.770627][T29669]  loop_control_ioctl+0x564/0x740
[  408.775624][T29669]  ? loop_remove+0xa0/0xa0
[  408.780445][T29669]  ? __lru_cache_add+0x1bf/0x210
[  408.785355][T29669]  ? memset+0x1f/0x40
[  408.789317][T29669]  ? fsnotify+0x1332/0x13f0
[  408.793798][T29669]  ? loop_remove+0xa0/0xa0
[  408.798190][T29669]  do_vfs_ioctl+0x744/0x1730
[  408.802754][T29669]  ? selinux_file_ioctl+0x723/0x970
[  408.807930][T29669]  ? ioctl_preallocate+0x250/0x250
[  408.813097][T29669]  ? __fget+0x40c/0x4a0
[  408.817234][T29669]  ? fget_many+0x20/0x20
[  408.821446][T29669]  ? check_preemption_disabled+0x154/0x330
[  408.827239][T29669]  ? debug_smp_processor_id+0x20/0x20
[  408.832584][T29669]  ? security_file_ioctl+0x9d/0xb0
[  408.837667][T29669]  __x64_sys_ioctl+0xd4/0x110
[  408.842323][T29669]  do_syscall_64+0xcb/0x1c0
[  408.846800][T29669]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:39 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 63)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:39 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x7}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:39 executing program 2:
inotify_init() (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) (async)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0) (async)
read$FUSE(r0, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x200280, 0x0)

18:36:39 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:39 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:39 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x17c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:39 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x8}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  408.852671][T29669] ---[ end trace 25474f664d9331f3 ]---
18:36:39 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x400)
read$FUSE(r0, 0x0, 0x0)

18:36:39 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x9}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:39 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x400)
read$FUSE(r0, 0x0, 0x0)

18:36:39 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xa}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:39 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x17c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  408.921357][T29708] FAULT_INJECTION: forcing a failure.
[  408.921357][T29708] name failslab, interval 1, probability 0, space 0, times 0
[  408.936942][T29708] CPU: 0 PID: 29708 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  408.948584][T29708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  408.958726][T29708] Call Trace:
[  408.962021][T29708]  dump_stack+0x1d8/0x241
[  408.966339][T29708]  ? panic+0x73e/0x73e
[  408.970376][T29708]  ? mutex_unlock+0x19/0x40
[  408.974850][T29708]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  408.980629][T29708]  ? selinux_kernfs_init_security+0x155/0x760
[  408.986670][T29708]  ? idr_alloc_cyclic+0x36e/0x5e0
[  408.991676][T29708]  should_fail+0x709/0x870
[  408.996074][T29708]  ? setup_fault_attr+0x3d0/0x3d0
[  409.001066][T29708]  ? _raw_spin_lock+0xa3/0x1b0
[  409.005900][T29708]  ? __kernfs_new_node+0xdb/0x6d0
[  409.010907][T29708]  should_failslab+0x5/0x20
[  409.015387][T29708]  kmem_cache_alloc+0x24/0x210
[  409.020127][T29708]  __kernfs_new_node+0xdb/0x6d0
[  409.024950][T29708]  ? mutex_lock+0xa6/0x110
[  409.029353][T29708]  ? kernfs_new_node+0x160/0x160
[  409.034265][T29708]  ? mutex_lock+0xa6/0x110
[  409.038649][T29708]  kernfs_new_node+0x95/0x160
[  409.043294][T29708]  __kernfs_create_file+0x45/0x260
[  409.048372][T29708]  sysfs_add_file_mode_ns+0x292/0x340
[  409.053713][T29708]  sysfs_merge_group+0x207/0x460
[  409.058629][T29708]  ? sysfs_remove_groups+0xb0/0xb0
[  409.063734][T29708]  ? device_create_file+0xe8/0x1b0
[  409.068821][T29708]  ? bus_add_device+0x92/0x3f0
[  409.073562][T29708]  dpm_sysfs_add+0xc0/0x260
[  409.078385][T29708]  device_add+0x547/0xbc0
[  409.082687][T29708]  device_create_vargs+0x1b8/0x210
[  409.087776][T29708]  device_create+0xea/0x130
[  409.092269][T29708]  ? device_create_vargs+0x210/0x210
[  409.097527][T29708]  bdi_register_va+0x89/0x5e0
[  409.102179][T29708]  bdi_register+0xd1/0x120
[  409.106566][T29708]  ? __device_add_disk+0x539/0x1200
[  409.111736][T29708]  ? bdi_register_va+0x5e0/0x5e0
[  409.116642][T29708]  ? percpu_ref_resurrect+0x113/0x190
[  409.121994][T29708]  bdi_register_owner+0x56/0xf0
[  409.126821][T29708]  __device_add_disk+0x5b8/0x1200
[  409.131829][T29708]  ? device_add_disk+0x30/0x30
[  409.136570][T29708]  ? vsprintf+0x30/0x30
[  409.140696][T29708]  ? device_initialize+0x1c7/0x3d0
[  409.145786][T29708]  ? __alloc_disk_node+0x326/0x380
[  409.150872][T29708]  loop_add+0x554/0x710
[  409.155004][T29708]  loop_control_ioctl+0x564/0x740
[  409.159998][T29708]  ? loop_remove+0xa0/0xa0
[  409.164387][T29708]  ? __lru_cache_add+0x1bf/0x210
[  409.169296][T29708]  ? memset+0x1f/0x40
[  409.173245][T29708]  ? fsnotify+0x1332/0x13f0
[  409.177722][T29708]  ? loop_remove+0xa0/0xa0
[  409.182117][T29708]  do_vfs_ioctl+0x744/0x1730
[  409.186679][T29708]  ? selinux_file_ioctl+0x723/0x970
[  409.191851][T29708]  ? ioctl_preallocate+0x250/0x250
[  409.196962][T29708]  ? __fget+0x40c/0x4a0
[  409.201085][T29708]  ? fget_many+0x20/0x20
[  409.205296][T29708]  ? check_preemption_disabled+0x154/0x330
[  409.211070][T29708]  ? debug_smp_processor_id+0x20/0x20
[  409.216416][T29708]  ? security_file_ioctl+0x9d/0xb0
[  409.221500][T29708]  __x64_sys_ioctl+0xd4/0x110
[  409.226150][T29708]  do_syscall_64+0xcb/0x1c0
[  409.230623][T29708]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  409.237525][T29708] ------------[ cut here ]------------
[  409.242992][T29708] WARNING: CPU: 0 PID: 29708 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  409.252066][T29708] Modules linked in:
[  409.255936][T29708] CPU: 0 PID: 29708 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  409.267528][T29708] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  409.277560][T29708] RIP: 0010:__device_add_disk+0xe83/0x1200
[  409.283346][T29708] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  409.302924][T29708] RSP: 0018:ffff8881e30bfa00 EFLAGS: 00010246
[  409.308966][T29708] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  409.316904][T29708] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  409.324845][T29708] RBP: ffff8881e30bfb40 R08: ffffffff821fdb73 R09: 0000000000000010
[  409.332782][T29708] R10: ffffffff84800000 R11: 1ffff1103c617e00 R12: ffff8881e708f000
[  409.340727][T29708] R13: dffffc0000000000 R14: ffff8881e708f070 R15: 1ffff1103ce11e9d
[  409.348673][T29708] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  409.357565][T29708] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  409.364115][T29708] CR2: 00007f87bcb17718 CR3: 00000001e9d6a000 CR4: 00000000003406f0
[  409.372076][T29708] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  409.380028][T29708] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  409.387969][T29708] Call Trace:
[  409.391236][T29708]  ? device_add_disk+0x30/0x30
[  409.395978][T29708]  ? vsprintf+0x30/0x30
[  409.400106][T29708]  ? device_initialize+0x1c7/0x3d0
[  409.405187][T29708]  ? __alloc_disk_node+0x326/0x380
[  409.410275][T29708]  loop_add+0x554/0x710
[  409.414413][T29708]  loop_control_ioctl+0x564/0x740
[  409.419405][T29708]  ? loop_remove+0xa0/0xa0
[  409.423786][T29708]  ? __lru_cache_add+0x1bf/0x210
[  409.428700][T29708]  ? memset+0x1f/0x40
[  409.432659][T29708]  ? fsnotify+0x1332/0x13f0
[  409.437128][T29708]  ? loop_remove+0xa0/0xa0
[  409.441514][T29708]  do_vfs_ioctl+0x744/0x1730
[  409.446088][T29708]  ? selinux_file_ioctl+0x723/0x970
[  409.451264][T29708]  ? ioctl_preallocate+0x250/0x250
[  409.456348][T29708]  ? __fget+0x40c/0x4a0
[  409.460475][T29708]  ? fget_many+0x20/0x20
[  409.464693][T29708]  ? check_preemption_disabled+0x154/0x330
[  409.470480][T29708]  ? debug_smp_processor_id+0x20/0x20
[  409.475824][T29708]  ? security_file_ioctl+0x9d/0xb0
[  409.480906][T29708]  __x64_sys_ioctl+0xd4/0x110
[  409.485555][T29708]  do_syscall_64+0xcb/0x1c0
[  409.490115][T29708]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  409.495979][T29708] ---[ end trace 25474f664d9331f4 ]---
18:36:40 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 64)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:40 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x28, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x400)
read$FUSE(r0, 0x0, 0x0)

18:36:40 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xb}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x21c, r2, 0x105, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xbc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0xf8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x74e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1739}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5244}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @remote, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1ff, @private0, 0x800}}}}]}, @TIPC_NLA_SOCK={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4000084}, 0x20000000)
read$FUSE(r0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)

18:36:40 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x17c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x17c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x21c, r2, 0x105, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xbc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0xf8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x74e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1739}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5244}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @remote, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1ff, @private0, 0x800}}}}]}, @TIPC_NLA_SOCK={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4000084}, 0x20000000)
read$FUSE(r0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
socket$vsock_stream(0x28, 0x1, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (async)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0) (async)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x21c, r2, 0x105, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xbc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0xf8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x74e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1739}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5244}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @remote, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1ff, @private0, 0x800}}}}]}, @TIPC_NLA_SOCK={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4000084}, 0x20000000) (async)
read$FUSE(r0, 0x0, 0x0) (async)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0) (async)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xc}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  409.524830][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:40 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:40 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xd}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  409.576692][T29734] FAULT_INJECTION: forcing a failure.
[  409.576692][T29734] name failslab, interval 1, probability 0, space 0, times 0
[  409.592085][T29734] CPU: 0 PID: 29734 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  409.603698][T29734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  409.613742][T29734] Call Trace:
[  409.617018][T29734]  dump_stack+0x1d8/0x241
[  409.621334][T29734]  ? panic+0x73e/0x73e
[  409.625390][T29734]  ? mutex_unlock+0x19/0x40
[  409.629870][T29734]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  409.635659][T29734]  ? selinux_kernfs_init_security+0x155/0x760
[  409.641704][T29734]  ? idr_alloc_cyclic+0x36e/0x5e0
[  409.646712][T29734]  should_fail+0x709/0x870
[  409.651099][T29734]  ? setup_fault_attr+0x3d0/0x3d0
[  409.656097][T29734]  ? _raw_spin_lock+0xa3/0x1b0
[  409.660828][T29734]  ? __kernfs_new_node+0xdb/0x6d0
[  409.665838][T29734]  should_failslab+0x5/0x20
[  409.670311][T29734]  kmem_cache_alloc+0x24/0x210
[  409.675070][T29734]  __kernfs_new_node+0xdb/0x6d0
[  409.679899][T29734]  ? mutex_lock+0xa6/0x110
[  409.684282][T29734]  ? kernfs_new_node+0x160/0x160
[  409.689206][T29734]  ? mutex_lock+0xa6/0x110
[  409.693599][T29734]  kernfs_new_node+0x95/0x160
[  409.698262][T29734]  __kernfs_create_file+0x45/0x260
[  409.703341][T29734]  sysfs_add_file_mode_ns+0x292/0x340
[  409.708686][T29734]  sysfs_merge_group+0x207/0x460
[  409.713602][T29734]  ? sysfs_remove_groups+0xb0/0xb0
[  409.718680][T29734]  ? device_create_file+0xe8/0x1b0
[  409.723773][T29734]  ? bus_add_device+0x92/0x3f0
[  409.728519][T29734]  dpm_sysfs_add+0xc0/0x260
[  409.732992][T29734]  device_add+0x547/0xbc0
[  409.737293][T29734]  device_create_vargs+0x1b8/0x210
[  409.742372][T29734]  device_create+0xea/0x130
[  409.746851][T29734]  ? device_create_vargs+0x210/0x210
[  409.752199][T29734]  bdi_register_va+0x89/0x5e0
[  409.756842][T29734]  bdi_register+0xd1/0x120
[  409.761228][T29734]  ? __device_add_disk+0x539/0x1200
[  409.766392][T29734]  ? bdi_register_va+0x5e0/0x5e0
[  409.771298][T29734]  ? percpu_ref_resurrect+0x113/0x190
[  409.776638][T29734]  bdi_register_owner+0x56/0xf0
[  409.781497][T29734]  __device_add_disk+0x5b8/0x1200
[  409.786514][T29734]  ? device_add_disk+0x30/0x30
[  409.791259][T29734]  ? vsprintf+0x30/0x30
[  409.795399][T29734]  ? device_initialize+0x1c7/0x3d0
[  409.800495][T29734]  ? __alloc_disk_node+0x326/0x380
[  409.805571][T29734]  loop_add+0x554/0x710
[  409.809696][T29734]  loop_control_ioctl+0x564/0x740
[  409.814691][T29734]  ? loop_remove+0xa0/0xa0
[  409.819077][T29734]  ? __lru_cache_add+0x1bf/0x210
[  409.823996][T29734]  ? memset+0x1f/0x40
[  409.827949][T29734]  ? fsnotify+0x1332/0x13f0
[  409.832433][T29734]  ? loop_remove+0xa0/0xa0
[  409.836828][T29734]  do_vfs_ioctl+0x744/0x1730
[  409.841391][T29734]  ? selinux_file_ioctl+0x723/0x970
[  409.846573][T29734]  ? ioctl_preallocate+0x250/0x250
[  409.851652][T29734]  ? __fget+0x40c/0x4a0
[  409.855789][T29734]  ? fget_many+0x20/0x20
[  409.860004][T29734]  ? check_preemption_disabled+0x154/0x330
[  409.865782][T29734]  ? debug_smp_processor_id+0x20/0x20
[  409.871121][T29734]  ? security_file_ioctl+0x9d/0xb0
[  409.876204][T29734]  __x64_sys_ioctl+0xd4/0x110
[  409.880856][T29734]  do_syscall_64+0xcb/0x1c0
[  409.885338][T29734]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  409.895254][T29734] ------------[ cut here ]------------
[  409.900725][T29734] WARNING: CPU: 1 PID: 29734 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  409.909791][T29734] Modules linked in:
[  409.913656][T29734] CPU: 1 PID: 29734 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  409.925240][T29734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  409.935269][T29734] RIP: 0010:__device_add_disk+0xe83/0x1200
[  409.941042][T29734] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  409.960613][T29734] RSP: 0018:ffff8881e7057a00 EFLAGS: 00010246
[  409.966648][T29734] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  409.974586][T29734] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  409.982526][T29734] RBP: ffff8881e7057b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  409.990469][T29734] R10: ffffffff84800000 R11: 1ffff1103ce0ae00 R12: ffff8881e7a1f000
[  409.998421][T29734] R13: dffffc0000000000 R14: ffff8881e7a1f070 R15: 1ffff1103cf43e9d
[  410.006362][T29734] FS:  00007ff61b84a700(0000) GS:ffff8881f6f00000(0000) knlGS:0000000000000000
[  410.015267][T29734] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  410.021817][T29734] CR2: 00007ffdc86f5fd8 CR3: 00000001e1893000 CR4: 00000000003406e0
[  410.029757][T29734] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  410.037703][T29734] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  410.045641][T29734] Call Trace:
[  410.048925][T29734]  ? device_add_disk+0x30/0x30
[  410.053658][T29734]  ? vsprintf+0x30/0x30
[  410.057784][T29734]  ? device_initialize+0x1c7/0x3d0
[  410.062863][T29734]  ? __alloc_disk_node+0x326/0x380
[  410.067941][T29734]  loop_add+0x554/0x710
[  410.072066][T29734]  loop_control_ioctl+0x564/0x740
[  410.077058][T29734]  ? loop_remove+0xa0/0xa0
[  410.081442][T29734]  ? __lru_cache_add+0x1bf/0x210
[  410.086345][T29734]  ? memset+0x1f/0x40
[  410.090293][T29734]  ? fsnotify+0x1332/0x13f0
[  410.094762][T29734]  ? loop_remove+0xa0/0xa0
[  410.099144][T29734]  do_vfs_ioctl+0x744/0x1730
[  410.103702][T29734]  ? selinux_file_ioctl+0x723/0x970
[  410.108864][T29734]  ? ioctl_preallocate+0x250/0x250
[  410.113950][T29734]  ? __fget+0x40c/0x4a0
[  410.118080][T29734]  ? fget_many+0x20/0x20
[  410.122294][T29734]  ? check_preemption_disabled+0x154/0x330
[  410.128070][T29734]  ? debug_smp_processor_id+0x20/0x20
[  410.133410][T29734]  ? security_file_ioctl+0x9d/0xb0
[  410.138514][T29734]  __x64_sys_ioctl+0xd4/0x110
[  410.143168][T29734]  do_syscall_64+0xcb/0x1c0
[  410.147644][T29734]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  410.153502][T29734] ---[ end trace 25474f664d9331f5 ]---
18:36:40 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 65)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xe}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), r0)
sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000340)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000300)={&(0x7f00000000c0)={0x21c, r2, 0x105, 0x70bd2b, 0x25dfdbfc, {}, [@TIPC_NLA_MEDIA={0xbc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xcb}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x13}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x80000001}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xa9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x200}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0xf8, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffe01}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}, @TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xc0}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xfffffffa}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8001}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x74e}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1739}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_MEDIA_PROP={0x24, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7fffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5244}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}]}, @TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9}, @TIPC_NLA_BEARER_UDP_OPTS={0x44, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e20, 0x7, @remote, 0x7}}, {0x20, 0x2, @in6={0xa, 0x4e23, 0x1ff, @private0, 0x800}}}}]}, @TIPC_NLA_SOCK={0x4}]}, 0x21c}, 0x1, 0x0, 0x0, 0x4000084}, 0x20000000)
read$FUSE(r0, 0x0, 0x0)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) (async)
socket$vsock_stream(0x28, 0x1, 0x0)

18:36:40 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x170, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x170}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:40 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:40 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xf}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x10}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  410.183852][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  410.208786][T29764] FAULT_INJECTION: forcing a failure.
[  410.208786][T29764] name failslab, interval 1, probability 0, space 0, times 0
18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x11}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:40 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x12}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:40 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

[  410.223964][T29764] CPU: 0 PID: 29764 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  410.235577][T29764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  410.245616][T29764] Call Trace:
[  410.248904][T29764]  dump_stack+0x1d8/0x241
[  410.253309][T29764]  ? panic+0x73e/0x73e
[  410.257373][T29764]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  410.263166][T29764]  ? mutex_unlock+0x19/0x40
[  410.267653][T29764]  ? kernfs_add_one+0x4a3/0x5c0
[  410.272489][T29764]  should_fail+0x709/0x870
[  410.276892][T29764]  ? setup_fault_attr+0x3d0/0x3d0
[  410.282007][T29764]  ? _raw_spin_lock_irqsave+0xf8/0x210
[  410.287445][T29764]  ? _raw_spin_lock+0x1b0/0x1b0
[  410.292264][T29764]  ? sysfs_merge_group+0x3bc/0x460
[  410.297350][T29764]  ? kobject_uevent_env+0x26d/0x700
[  410.302612][T29764]  should_failslab+0x5/0x20
[  410.307098][T29764]  kmem_cache_alloc_trace+0x28/0x240
[  410.312361][T29764]  ? dev_uevent_filter+0xb0/0xb0
[  410.317274][T29764]  kobject_uevent_env+0x26d/0x700
[  410.322270][T29764]  device_add+0x7a7/0xbc0
[  410.326566][T29764]  device_create_vargs+0x1b8/0x210
[  410.331647][T29764]  device_create+0xea/0x130
[  410.336121][T29764]  ? device_create_vargs+0x210/0x210
[  410.341391][T29764]  bdi_register_va+0x89/0x5e0
[  410.346044][T29764]  bdi_register+0xd1/0x120
[  410.350435][T29764]  ? __device_add_disk+0x539/0x1200
[  410.355608][T29764]  ? bdi_register_va+0x5e0/0x5e0
[  410.360513][T29764]  ? percpu_ref_resurrect+0x113/0x190
[  410.365853][T29764]  bdi_register_owner+0x56/0xf0
[  410.370679][T29764]  __device_add_disk+0x5b8/0x1200
[  410.375671][T29764]  ? device_add_disk+0x30/0x30
[  410.380424][T29764]  ? vsprintf+0x30/0x30
[  410.384563][T29764]  ? device_initialize+0x1c7/0x3d0
[  410.389642][T29764]  ? __alloc_disk_node+0x326/0x380
[  410.394736][T29764]  loop_add+0x554/0x710
[  410.398876][T29764]  loop_control_ioctl+0x564/0x740
[  410.403876][T29764]  ? loop_remove+0xa0/0xa0
[  410.408263][T29764]  ? __lru_cache_add+0x1bf/0x210
[  410.413171][T29764]  ? memset+0x1f/0x40
[  410.417137][T29764]  ? fsnotify+0x1332/0x13f0
[  410.421609][T29764]  ? loop_remove+0xa0/0xa0
[  410.425992][T29764]  do_vfs_ioctl+0x744/0x1730
[  410.430548][T29764]  ? selinux_file_ioctl+0x723/0x970
[  410.435726][T29764]  ? ioctl_preallocate+0x250/0x250
[  410.440804][T29764]  ? __fget+0x40c/0x4a0
[  410.444926][T29764]  ? fget_many+0x20/0x20
[  410.449135][T29764]  ? check_preemption_disabled+0x154/0x330
[  410.454921][T29764]  ? debug_smp_processor_id+0x20/0x20
[  410.460269][T29764]  ? security_file_ioctl+0x9d/0xb0
[  410.465367][T29764]  __x64_sys_ioctl+0xd4/0x110
[  410.470015][T29764]  do_syscall_64+0xcb/0x1c0
[  410.474497][T29764]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:41 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 66)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:41 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x17}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)

18:36:41 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:41 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:41 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x51b001)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x200, 0x59, 0x7ff, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x480d5)
read$FUSE(r0, 0x0, 0x0)

18:36:41 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xcc, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  410.514124][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  410.546694][T29795] FAULT_INJECTION: forcing a failure.
[  410.546694][T29795] name failslab, interval 1, probability 0, space 0, times 0
18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x51b001)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x200, 0x59, 0x7ff, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x480d5)
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x51b001) (async)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0) (async)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x200, 0x59, 0x7ff, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x480d5) (async)
read$FUSE(r0, 0x0, 0x0) (async)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f0000000000), 0x5, 0x51b001)
ioctl$AUTOFS_IOC_CATATONIC(r0, 0x9362, 0x0)
sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x0, 0x200, 0x70bd2d, 0x25dfdbfb, {{}, {}, {0x14, 0x19, {0x200, 0x59, 0x7ff, 0x8}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x480d5) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x20, &(0x7f00000001c0)={&(0x7f0000000040)=""/206, 0xce, 0x0, &(0x7f0000000140)=""/121, 0x79}}, 0x10)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x0, 0xd21f})

[  410.560756][T29795] CPU: 0 PID: 29795 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  410.572376][T29795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  410.582418][T29795] Call Trace:
[  410.585690][T29795]  dump_stack+0x1d8/0x241
[  410.590001][T29795]  ? panic+0x73e/0x73e
[  410.594061][T29795]  ? mutex_unlock+0x19/0x40
[  410.598570][T29795]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  410.604358][T29795]  ? selinux_kernfs_init_security+0x155/0x760
18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x20, &(0x7f00000001c0)={&(0x7f0000000040)=""/206, 0xce, 0x0, &(0x7f0000000140)=""/121, 0x79}}, 0x10)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x0, 0xd21f})
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x20, &(0x7f00000001c0)={&(0x7f0000000040)=""/206, 0xce, 0x0, &(0x7f0000000140)=""/121, 0x79}}, 0x10) (async)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x0, 0xd21f}) (async)

[  410.610405][T29795]  ? idr_alloc_cyclic+0x36e/0x5e0
[  410.615410][T29795]  should_fail+0x709/0x870
[  410.619803][T29795]  ? setup_fault_attr+0x3d0/0x3d0
[  410.624797][T29795]  ? _raw_spin_lock+0xa3/0x1b0
[  410.629532][T29795]  ? __kernfs_new_node+0xdb/0x6d0
[  410.634622][T29795]  should_failslab+0x5/0x20
[  410.639097][T29795]  kmem_cache_alloc+0x24/0x210
[  410.643842][T29795]  __kernfs_new_node+0xdb/0x6d0
[  410.648687][T29795]  ? mutex_lock+0xa6/0x110
[  410.653095][T29795]  ? kernfs_new_node+0x160/0x160
[  410.658007][T29795]  ? mutex_lock+0xa6/0x110
[  410.662406][T29795]  kernfs_new_node+0x95/0x160
[  410.667064][T29795]  __kernfs_create_file+0x45/0x260
[  410.672156][T29795]  sysfs_add_file_mode_ns+0x292/0x340
[  410.677505][T29795]  sysfs_merge_group+0x207/0x460
[  410.682423][T29795]  ? sysfs_remove_groups+0xb0/0xb0
[  410.687503][T29795]  ? device_create_file+0xe8/0x1b0
[  410.692584][T29795]  ? bus_add_device+0x92/0x3f0
[  410.697345][T29795]  dpm_sysfs_add+0xc0/0x260
[  410.701821][T29795]  device_add+0x547/0xbc0
[  410.706221][T29795]  device_create_vargs+0x1b8/0x210
[  410.711306][T29795]  device_create+0xea/0x130
[  410.716045][T29795]  ? device_create_vargs+0x210/0x210
[  410.721302][T29795]  bdi_register_va+0x89/0x5e0
[  410.725963][T29795]  bdi_register+0xd1/0x120
[  410.730441][T29795]  ? __device_add_disk+0x539/0x1200
[  410.735608][T29795]  ? bdi_register_va+0x5e0/0x5e0
[  410.740527][T29795]  ? percpu_ref_resurrect+0x113/0x190
[  410.745880][T29795]  bdi_register_owner+0x56/0xf0
[  410.750723][T29795]  __device_add_disk+0x5b8/0x1200
[  410.755740][T29795]  ? device_add_disk+0x30/0x30
[  410.760582][T29795]  ? vsprintf+0x30/0x30
[  410.764711][T29795]  ? device_initialize+0x1c7/0x3d0
[  410.769793][T29795]  ? __alloc_disk_node+0x326/0x380
[  410.774909][T29795]  loop_add+0x554/0x710
[  410.779046][T29795]  loop_control_ioctl+0x564/0x740
[  410.784064][T29795]  ? loop_remove+0xa0/0xa0
[  410.788451][T29795]  ? __lru_cache_add+0x1bf/0x210
[  410.793356][T29795]  ? memset+0x1f/0x40
[  410.797324][T29795]  ? fsnotify+0x1332/0x13f0
[  410.801798][T29795]  ? loop_remove+0xa0/0xa0
[  410.806183][T29795]  do_vfs_ioctl+0x744/0x1730
[  410.810744][T29795]  ? selinux_file_ioctl+0x723/0x970
[  410.815914][T29795]  ? ioctl_preallocate+0x250/0x250
[  410.820995][T29795]  ? __fget+0x40c/0x4a0
[  410.825124][T29795]  ? fget_many+0x20/0x20
[  410.829336][T29795]  ? check_preemption_disabled+0x154/0x330
[  410.835109][T29795]  ? debug_smp_processor_id+0x20/0x20
[  410.840453][T29795]  ? security_file_ioctl+0x9d/0xb0
[  410.845542][T29795]  __x64_sys_ioctl+0xd4/0x110
[  410.850192][T29795]  do_syscall_64+0xcb/0x1c0
[  410.854666][T29795]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  410.865051][T29795] ------------[ cut here ]------------
[  410.870517][T29795] WARNING: CPU: 0 PID: 29795 at block/genhd.c:742 __device_add_disk+0xe83/0x1200
[  410.879616][T29795] Modules linked in:
[  410.883494][T29795] CPU: 0 PID: 29795 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  410.895106][T29795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  410.905162][T29795] RIP: 0010:__device_add_disk+0xe83/0x1200
[  410.910949][T29795] Code: ff ff e8 00 9b 45 ff 0f 0b e9 29 f3 ff ff e8 f4 9a 45 ff 0f 0b 42 80 3c 2b 00 0f 85 ae f8 ff ff e9 b1 f8 ff ff e8 dd 9a 45 ff <0f> 0b e9 46 f7 ff ff e8 d1 9a 45 ff e9 18 ff ff ff 44 89 f9 80 e1
[  410.930530][T29795] RSP: 0018:ffff8881eb337a00 EFLAGS: 00010246
[  410.936658][T29795] RAX: ffffffff821fe433 RBX: 00000000fffffff4 RCX: 0000000000040000
[  410.944611][T29795] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  410.952570][T29795] RBP: ffff8881eb337b40 R08: ffffffff821fdb73 R09: 0000000000000010
[  410.960530][T29795] R10: ffffffff84800000 R11: 1ffff1103d666e00 R12: ffff8881ed644000
[  410.968992][T29795] R13: dffffc0000000000 R14: ffff8881ed644070 R15: 1ffff1103dac889d
[  410.977038][T29795] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  410.985939][T29795] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  410.992493][T29795] CR2: 00007fd4da648d38 CR3: 00000001e6cda000 CR4: 00000000003406f0
[  411.000443][T29795] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  411.008384][T29795] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  411.016319][T29795] Call Trace:
[  411.019583][T29795]  ? device_add_disk+0x30/0x30
[  411.024314][T29795]  ? vsprintf+0x30/0x30
[  411.028457][T29795]  ? device_initialize+0x1c7/0x3d0
[  411.033535][T29795]  ? __alloc_disk_node+0x326/0x380
[  411.038615][T29795]  loop_add+0x554/0x710
[  411.042743][T29795]  loop_control_ioctl+0x564/0x740
[  411.047743][T29795]  ? loop_remove+0xa0/0xa0
[  411.052132][T29795]  ? __lru_cache_add+0x1bf/0x210
[  411.057141][T29795]  ? memset+0x1f/0x40
[  411.061092][T29795]  ? fsnotify+0x1332/0x13f0
[  411.065568][T29795]  ? loop_remove+0xa0/0xa0
[  411.069952][T29795]  do_vfs_ioctl+0x744/0x1730
[  411.074538][T29795]  ? selinux_file_ioctl+0x723/0x970
[  411.079834][T29795]  ? ioctl_preallocate+0x250/0x250
[  411.084920][T29795]  ? __fget+0x40c/0x4a0
[  411.089053][T29795]  ? fget_many+0x20/0x20
[  411.093267][T29795]  ? check_preemption_disabled+0x154/0x330
[  411.099057][T29795]  ? debug_smp_processor_id+0x20/0x20
[  411.104406][T29795]  ? security_file_ioctl+0x9d/0xb0
[  411.109496][T29795]  __x64_sys_ioctl+0xd4/0x110
[  411.114145][T29795]  do_syscall_64+0xcb/0x1c0
[  411.118655][T29795]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  411.124546][T29795] ---[ end trace 25474f664d9331f6 ]---
18:36:41 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 67)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000200)={r0, 0x20, &(0x7f00000001c0)={&(0x7f0000000040)=""/206, 0xce, 0x0, &(0x7f0000000140)=""/121, 0x79}}, 0x10)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x0, 0xd21f})

18:36:41 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x25}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:41 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:41 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:41 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xcc, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0xffffffffffffffff, 0x0)
read$FUSE(r0, 0x0, 0xffffff86)

18:36:41 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xcc, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xcc}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:41 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x43}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:41 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0xffffffffffffffff, 0x0)
read$FUSE(r0, 0x0, 0xffffff86)
syz_open_dev$vcsn(&(0x7f00000005c0), 0xffffffffffffffff, 0x0) (async)
read$FUSE(r0, 0x0, 0xffffff86) (async)

18:36:41 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  411.164033][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  411.197954][T29837] FAULT_INJECTION: forcing a failure.
[  411.197954][T29837] name failslab, interval 1, probability 0, space 0, times 0
18:36:41 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1ac, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1ac}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  411.222045][T29837] CPU: 0 PID: 29837 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  411.233759][T29837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  411.243800][T29837] Call Trace:
[  411.247075][T29837]  dump_stack+0x1d8/0x241
[  411.251376][T29837]  ? panic+0x73e/0x73e
[  411.255412][T29837]  ? bdi_register_owner+0x56/0xf0
[  411.260404][T29837]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  411.266178][T29837]  ? do_vfs_ioctl+0x744/0x1730
[  411.270909][T29837]  ? do_syscall_64+0xcb/0x1c0
[  411.275553][T29837]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  411.281595][T29837]  should_fail+0x709/0x870
[  411.286000][T29837]  ? setup_fault_attr+0x3d0/0x3d0
[  411.291014][T29837]  ? kobject_get_path+0xbb/0x1a0
[  411.295921][T29837]  should_failslab+0x5/0x20
[  411.300401][T29837]  __kmalloc+0x51/0x2b0
[  411.304527][T29837]  kobject_get_path+0xbb/0x1a0
[  411.309266][T29837]  kobject_uevent_env+0x284/0x700
[  411.314262][T29837]  device_add+0x7a7/0xbc0
[  411.318560][T29837]  device_create_vargs+0x1b8/0x210
[  411.323642][T29837]  device_create+0xea/0x130
[  411.328136][T29837]  ? device_create_vargs+0x210/0x210
[  411.333395][T29837]  bdi_register_va+0x89/0x5e0
[  411.338040][T29837]  bdi_register+0xd1/0x120
[  411.342427][T29837]  ? __device_add_disk+0x539/0x1200
[  411.347591][T29837]  ? bdi_register_va+0x5e0/0x5e0
[  411.352496][T29837]  ? percpu_ref_resurrect+0x113/0x190
[  411.357846][T29837]  bdi_register_owner+0x56/0xf0
[  411.362679][T29837]  __device_add_disk+0x5b8/0x1200
[  411.367676][T29837]  ? device_add_disk+0x30/0x30
[  411.372420][T29837]  ? vsprintf+0x30/0x30
[  411.376542][T29837]  ? device_initialize+0x1c7/0x3d0
[  411.381625][T29837]  ? __alloc_disk_node+0x326/0x380
[  411.386728][T29837]  loop_add+0x554/0x710
[  411.390858][T29837]  loop_control_ioctl+0x564/0x740
[  411.395849][T29837]  ? loop_remove+0xa0/0xa0
[  411.400233][T29837]  ? __lru_cache_add+0x1bf/0x210
[  411.405139][T29837]  ? memset+0x1f/0x40
[  411.409093][T29837]  ? fsnotify+0x1332/0x13f0
[  411.413561][T29837]  ? loop_remove+0xa0/0xa0
[  411.417943][T29837]  do_vfs_ioctl+0x744/0x1730
[  411.422502][T29837]  ? selinux_file_ioctl+0x723/0x970
[  411.427667][T29837]  ? ioctl_preallocate+0x250/0x250
[  411.432761][T29837]  ? __fget+0x40c/0x4a0
[  411.436884][T29837]  ? fget_many+0x20/0x20
[  411.441097][T29837]  ? check_preemption_disabled+0x154/0x330
[  411.446875][T29837]  ? debug_smp_processor_id+0x20/0x20
[  411.452217][T29837]  ? security_file_ioctl+0x9d/0xb0
[  411.457301][T29837]  __x64_sys_ioctl+0xd4/0x110
[  411.461949][T29837]  do_syscall_64+0xcb/0x1c0
[  411.466448][T29837]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:42 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 68)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x48}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0xffffffffffffffff, 0x0)
read$FUSE(r0, 0x0, 0xffffff86)
syz_open_dev$vcsn(&(0x7f00000005c0), 0xffffffffffffffff, 0x0) (async)
read$FUSE(r0, 0x0, 0xffffff86) (async)

18:36:42 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:42 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x108, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4c}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44090}, 0x40)
read$FUSE(r0, 0x0, 0x0)

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x68}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  411.514124][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
[  411.539593][T29860] FAULT_INJECTION: forcing a failure.
[  411.539593][T29860] name failslab, interval 1, probability 0, space 0, times 0
[  411.567179][T29860] CPU: 1 PID: 29860 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  411.578804][T29860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  411.588832][T29860] Call Trace:
[  411.592102][T29860]  dump_stack+0x1d8/0x241
[  411.596401][T29860]  ? panic+0x73e/0x73e
[  411.600442][T29860]  ? bdi_register_owner+0x56/0xf0
[  411.605442][T29860]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  411.611227][T29860]  ? do_vfs_ioctl+0x744/0x1730
[  411.615959][T29860]  ? do_syscall_64+0xcb/0x1c0
[  411.620608][T29860]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  411.626657][T29860]  should_fail+0x709/0x870
[  411.631045][T29860]  ? setup_fault_attr+0x3d0/0x3d0
[  411.636046][T29860]  ? kobject_get_path+0xbb/0x1a0
[  411.640952][T29860]  should_failslab+0x5/0x20
[  411.645439][T29860]  __kmalloc+0x51/0x2b0
[  411.649739][T29860]  kobject_get_path+0xbb/0x1a0
[  411.654479][T29860]  kobject_uevent_env+0x284/0x700
[  411.659491][T29860]  device_add+0x7a7/0xbc0
[  411.663793][T29860]  device_create_vargs+0x1b8/0x210
[  411.668871][T29860]  device_create+0xea/0x130
[  411.673354][T29860]  ? device_create_vargs+0x210/0x210
[  411.678610][T29860]  bdi_register_va+0x89/0x5e0
[  411.683264][T29860]  bdi_register+0xd1/0x120
[  411.687841][T29860]  ? __device_add_disk+0x539/0x1200
[  411.693023][T29860]  ? bdi_register_va+0x5e0/0x5e0
[  411.697930][T29860]  ? percpu_ref_resurrect+0x113/0x190
[  411.703353][T29860]  bdi_register_owner+0x56/0xf0
[  411.708485][T29860]  __device_add_disk+0x5b8/0x1200
[  411.713494][T29860]  ? device_add_disk+0x30/0x30
[  411.718233][T29860]  ? vsprintf+0x30/0x30
[  411.722375][T29860]  ? device_initialize+0x1c7/0x3d0
[  411.727461][T29860]  ? __alloc_disk_node+0x326/0x380
[  411.732544][T29860]  loop_add+0x554/0x710
[  411.736674][T29860]  loop_control_ioctl+0x564/0x740
[  411.741675][T29860]  ? loop_remove+0xa0/0xa0
[  411.746066][T29860]  ? __lru_cache_add+0x1bf/0x210
[  411.750973][T29860]  ? memset+0x1f/0x40
[  411.754944][T29860]  ? fsnotify+0x1332/0x13f0
[  411.759415][T29860]  ? loop_remove+0xa0/0xa0
[  411.763801][T29860]  do_vfs_ioctl+0x744/0x1730
18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x6c}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44090}, 0x40) (async)
read$FUSE(r0, 0x0, 0x0)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44090}, 0x40)
read$FUSE(r0, 0x0, 0x0)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f00000000c0)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x2c, 0x0, 0x400, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_GW_MODE={0x5}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xff}]}, 0x2c}, 0x1, 0x0, 0x0, 0x44090}, 0x40) (async)
read$FUSE(r0, 0x0, 0x0) (async)

[  411.768369][T29860]  ? selinux_file_ioctl+0x723/0x970
[  411.773539][T29860]  ? ioctl_preallocate+0x250/0x250
[  411.778645][T29860]  ? __fget+0x40c/0x4a0
[  411.782772][T29860]  ? fget_many+0x20/0x20
[  411.786983][T29860]  ? check_preemption_disabled+0x154/0x330
[  411.792767][T29860]  ? debug_smp_processor_id+0x20/0x20
[  411.798237][T29860]  ? security_file_ioctl+0x9d/0xb0
[  411.803321][T29860]  __x64_sys_ioctl+0xd4/0x110
[  411.807992][T29860]  do_syscall_64+0xcb/0x1c0
[  411.812480][T29860]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:42 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 69)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x74}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = eventfd2(0x3, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x8, 0x5, 0x5, 0x1000, 0x7, [{0x8, 0x4, 0x1ff, '\x00', 0x208}, {0x6, 0x3, 0xb5, '\x00', 0x210f}, {0x2, 0x5, 0x1ff, '\x00', 0x100}, {0x0, 0x8000000000000000, 0x401, '\x00', 0xc}, {0xbf, 0xc67, 0x3ff, '\x00', 0x190c}, {0x15, 0x6, 0x8, '\x00', 0x604}, {0x841, 0xffffffffffffffff, 0x6b, '\x00', 0x2}]})

18:36:42 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:42 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x108, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x7a}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x18c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x18c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  411.854950][T28753] udevd[28753]: inotify_add_watch(7, /dev/loop0, 10) failed: No such file or directory
18:36:42 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:42 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x108, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x3c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x108}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = eventfd2(0x3, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x8, 0x5, 0x5, 0x1000, 0x7, [{0x8, 0x4, 0x1ff, '\x00', 0x208}, {0x6, 0x3, 0xb5, '\x00', 0x210f}, {0x2, 0x5, 0x1ff, '\x00', 0x100}, {0x0, 0x8000000000000000, 0x401, '\x00', 0xc}, {0xbf, 0xc67, 0x3ff, '\x00', 0x190c}, {0x15, 0x6, 0x8, '\x00', 0x604}, {0x841, 0xffffffffffffffff, 0x6b, '\x00', 0x2}]})

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xd0}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  411.895184][T29898] FAULT_INJECTION: forcing a failure.
[  411.895184][T29898] name failslab, interval 1, probability 0, space 0, times 0
[  411.913226][T29898] CPU: 0 PID: 29898 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  411.924982][T29898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  411.935022][T29898] Call Trace:
[  411.938298][T29898]  dump_stack+0x1d8/0x241
[  411.942615][T29898]  ? panic+0x73e/0x73e
[  411.946656][T29898]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  411.952430][T29898]  ? vsnprintf+0x1cd0/0x1cd0
[  411.956986][T29898]  ? bdi_register_va+0x89/0x5e0
[  411.961803][T29898]  ? bdi_register_owner+0x56/0xf0
[  411.966820][T29898]  ? __device_add_disk+0x5b8/0x1200
[  411.971999][T29898]  ? loop_add+0x554/0x710
[  411.976389][T29898]  should_fail+0x709/0x870
[  411.980789][T29898]  ? setup_fault_attr+0x3d0/0x3d0
[  411.985786][T29898]  ? skb_clone+0x1b7/0x380
[  411.990172][T29898]  should_failslab+0x5/0x20
[  411.994650][T29898]  kmem_cache_alloc+0x24/0x210
[  411.999418][T29898]  skb_clone+0x1b7/0x380
[  412.003633][T29898]  ? netlink_broadcast_filtered+0x64d/0x11d0
[  412.009611][T29898]  netlink_broadcast_filtered+0x65b/0x11d0
[  412.015411][T29898]  netlink_broadcast+0x35/0x50
[  412.020149][T29898]  kobject_uevent_net_broadcast+0x385/0x570
[  412.026066][T29898]  kobject_uevent_env+0x552/0x700
[  412.031060][T29898]  device_add+0x7a7/0xbc0
[  412.035358][T29898]  device_create_vargs+0x1b8/0x210
[  412.040541][T29898]  device_create+0xea/0x130
[  412.045018][T29898]  ? device_create_vargs+0x210/0x210
[  412.050272][T29898]  bdi_register_va+0x89/0x5e0
[  412.054919][T29898]  bdi_register+0xd1/0x120
[  412.059317][T29898]  ? __device_add_disk+0x539/0x1200
[  412.064483][T29898]  ? bdi_register_va+0x5e0/0x5e0
[  412.069390][T29898]  ? percpu_ref_resurrect+0x113/0x190
[  412.074731][T29898]  bdi_register_owner+0x56/0xf0
[  412.079553][T29898]  __device_add_disk+0x5b8/0x1200
[  412.084567][T29898]  ? device_add_disk+0x30/0x30
[  412.089298][T29898]  ? vsprintf+0x30/0x30
[  412.093424][T29898]  ? device_initialize+0x1c7/0x3d0
[  412.098512][T29898]  ? __alloc_disk_node+0x326/0x380
[  412.103602][T29898]  loop_add+0x554/0x710
[  412.107740][T29898]  loop_control_ioctl+0x564/0x740
[  412.112740][T29898]  ? loop_remove+0xa0/0xa0
[  412.117130][T29898]  ? __lru_cache_add+0x1bf/0x210
[  412.122473][T29898]  ? memset+0x1f/0x40
[  412.126430][T29898]  ? fsnotify+0x1332/0x13f0
[  412.130910][T29898]  ? loop_remove+0xa0/0xa0
[  412.135319][T29898]  do_vfs_ioctl+0x744/0x1730
[  412.139881][T29898]  ? selinux_file_ioctl+0x723/0x970
[  412.145053][T29898]  ? ioctl_preallocate+0x250/0x250
[  412.150136][T29898]  ? __fget+0x40c/0x4a0
[  412.154261][T29898]  ? fget_many+0x20/0x20
[  412.158495][T29898]  ? check_preemption_disabled+0x154/0x330
[  412.164285][T29898]  ? debug_smp_processor_id+0x20/0x20
[  412.169626][T29898]  ? security_file_ioctl+0x9d/0xb0
[  412.174706][T29898]  __x64_sys_ioctl+0xd4/0x110
[  412.179368][T29898]  do_syscall_64+0xcb/0x1c0
[  412.183841][T29898]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:42 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 70)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:42 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = eventfd2(0x3, 0x0)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x8, 0x5, 0x5, 0x1000, 0x7, [{0x8, 0x4, 0x1ff, '\x00', 0x208}, {0x6, 0x3, 0xb5, '\x00', 0x210f}, {0x2, 0x5, 0x1ff, '\x00', 0x100}, {0x0, 0x8000000000000000, 0x401, '\x00', 0xc}, {0xbf, 0xc67, 0x3ff, '\x00', 0x190c}, {0x15, 0x6, 0x8, '\x00', 0x604}, {0x841, 0xffffffffffffffff, 0x6b, '\x00', 0x2}]})
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
read$FUSE(r0, 0x0, 0x0) (async)
eventfd2(0x3, 0x0) (async)
ioctl$FS_IOC_FIEMAP(r1, 0xc020660b, &(0x7f0000000000)={0x8, 0x5, 0x5, 0x1000, 0x7, [{0x8, 0x4, 0x1ff, '\x00', 0x208}, {0x6, 0x3, 0xb5, '\x00', 0x210f}, {0x2, 0x5, 0x1ff, '\x00', 0x100}, {0x0, 0x8000000000000000, 0x401, '\x00', 0xc}, {0xbf, 0xc67, 0x3ff, '\x00', 0x190c}, {0x15, 0x6, 0x8, '\x00', 0x604}, {0x841, 0xffffffffffffffff, 0x6b, '\x00', 0x2}]}) (async)

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xe0}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:42 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:42 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x300}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  412.270892][T29922] FAULT_INJECTION: forcing a failure.
[  412.270892][T29922] name failslab, interval 1, probability 0, space 0, times 0
[  412.286116][T29922] CPU: 0 PID: 29922 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  412.297744][T29922] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  412.307791][T29922] Call Trace:
[  412.311076][T29922]  dump_stack+0x1d8/0x241
[  412.315401][T29922]  ? panic+0x73e/0x73e
[  412.319462][T29922]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  412.325261][T29922]  ? vsnprintf+0x1cd0/0x1cd0
[  412.329862][T29922]  ? bdi_register_va+0x89/0x5e0
[  412.334876][T29922]  ? bdi_register_owner+0x56/0xf0
[  412.339893][T29922]  ? __device_add_disk+0x5b8/0x1200
[  412.345088][T29922]  ? loop_add+0x554/0x710
[  412.349402][T29922]  should_fail+0x709/0x870
[  412.354424][T29922]  ? setup_fault_attr+0x3d0/0x3d0
[  412.359439][T29922]  ? skb_clone+0x1b7/0x380
[  412.363845][T29922]  should_failslab+0x5/0x20
[  412.368594][T29922]  kmem_cache_alloc+0x24/0x210
[  412.373434][T29922]  skb_clone+0x1b7/0x380
[  412.377682][T29922]  ? netlink_broadcast_filtered+0x64d/0x11d0
[  412.383649][T29922]  netlink_broadcast_filtered+0x65b/0x11d0
[  412.389449][T29922]  netlink_broadcast+0x35/0x50
[  412.394197][T29922]  kobject_uevent_net_broadcast+0x385/0x570
[  412.400077][T29922]  kobject_uevent_env+0x552/0x700
[  412.405095][T29922]  device_add+0x7a7/0xbc0
[  412.409418][T29922]  device_create_vargs+0x1b8/0x210
[  412.414519][T29922]  device_create+0xea/0x130
18:36:42 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x500}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  412.419017][T29922]  ? device_create_vargs+0x210/0x210
[  412.424298][T29922]  bdi_register_va+0x89/0x5e0
[  412.428965][T29922]  bdi_register+0xd1/0x120
[  412.433373][T29922]  ? __device_add_disk+0x539/0x1200
[  412.438558][T29922]  ? bdi_register_va+0x5e0/0x5e0
[  412.443488][T29922]  ? percpu_ref_resurrect+0x113/0x190
[  412.448854][T29922]  bdi_register_owner+0x56/0xf0
[  412.453705][T29922]  __device_add_disk+0x5b8/0x1200
[  412.458723][T29922]  ? device_add_disk+0x30/0x30
[  412.463476][T29922]  ? vsprintf+0x30/0x30
18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x600}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  412.467619][T29922]  ? device_initialize+0x1c7/0x3d0
[  412.472717][T29922]  ? __alloc_disk_node+0x326/0x380
[  412.477821][T29922]  loop_add+0x554/0x710
[  412.481973][T29922]  loop_control_ioctl+0x564/0x740
[  412.486988][T29922]  ? loop_remove+0xa0/0xa0
[  412.491431][T29922]  ? __lru_cache_add+0x1bf/0x210
[  412.496355][T29922]  ? memset+0x1f/0x40
[  412.500334][T29922]  ? fsnotify+0x1332/0x13f0
[  412.504823][T29922]  ? loop_remove+0xa0/0xa0
[  412.509228][T29922]  do_vfs_ioctl+0x744/0x1730
[  412.513807][T29922]  ? selinux_file_ioctl+0x723/0x970
18:36:43 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1001)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="3c1f034cfde284fb2543328b7fd903770e433ec685fa72056c151d9326d9c50d0475166ffb011fe565f2a03bc8842a512dee6305741308dc2ca73ff301c7c9aea90f16f3657229feb6e92960b112e099cf1e5dbe1d779036e6362f47c5e01a7edf5052f6a2a8e0a460c06ad1b85370e7197f37a12f934d882bef36c0d06f3f7879bb4e8ec27dc4ddd8e58260cf63a7bf5e32656d9b90610c5f8f978d5235d9881e0c1942560b61e2cff0ef4c0db801f17f37e044614d37ceac5862b39a50df2ae5c967caec84519c38dd74b511392bd1009903a59b9ee6f40d0d6326bae775c21506637267c260d6321fe9ba61", 0xed}, {&(0x7f0000000140)="380eef23b4868a0f0f91612be0a6f53631cf55a79202d9", 0x17}, {&(0x7f0000000180)="9240286b5d8b047faddf4e912daa154a060045885146a080da47b7382c45556a544fd7ce4dbcdf225f50c623810071f0592f3b", 0x33}, {&(0x7f00000001c0)="26d46268740cffa79091b9ed18f1d9780709a95ec78dc4f34a69502041fea85194542adf8e7a878b9eb71ee03d9bbd1235c72b70682407949b980dc0775e7a28d8c0986dc997cffff3d3e86c9fc1bd5c88024773e090759e37e69c1bbbc254f7a24f9f4910e2fc396c425fce3e57bca89e9ffd92343dfeed57a3b0613330269d99e061edc61a42f680b396e252b55c086ac34071fa2a9d32164573a1e99ea2bfff8af9943eb8237bb847b39255cf85093f02ac8776c3f8ddcbfc59f1af32ca16961963bedb5644d3acbf03d95b16f9ecc00dcd2a2e2bd46ae098f4d80468c1b4de6e98", 0xe3}, {&(0x7f00000002c0)="76b7d57d33c949e11e4d85cdeed9d9865d2518263abf5cbeb1464d5714df56b58a7278b9d0dd7cd670b41693f5db1d15934a533302771599df15970a56a7404b89e9367df5d0fa4576b794d21bb0da017ff3a1bb4a44ba03a8c1884b36267287096d863cd3d544", 0x67}], 0x5, 0x8)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x700}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x900}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  412.518994][T29922]  ? ioctl_preallocate+0x250/0x250
[  412.524094][T29922]  ? __fget+0x40c/0x4a0
[  412.528246][T29922]  ? fget_many+0x20/0x20
[  412.532478][T29922]  ? check_preemption_disabled+0x154/0x330
[  412.538276][T29922]  ? debug_smp_processor_id+0x20/0x20
[  412.543640][T29922]  ? security_file_ioctl+0x9d/0xb0
[  412.548740][T29922]  __x64_sys_ioctl+0xd4/0x110
[  412.553403][T29922]  do_syscall_64+0xcb/0x1c0
[  412.557900][T29922]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:43 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 71)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:43 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:43 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1001)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="3c1f034cfde284fb2543328b7fd903770e433ec685fa72056c151d9326d9c50d0475166ffb011fe565f2a03bc8842a512dee6305741308dc2ca73ff301c7c9aea90f16f3657229feb6e92960b112e099cf1e5dbe1d779036e6362f47c5e01a7edf5052f6a2a8e0a460c06ad1b85370e7197f37a12f934d882bef36c0d06f3f7879bb4e8ec27dc4ddd8e58260cf63a7bf5e32656d9b90610c5f8f978d5235d9881e0c1942560b61e2cff0ef4c0db801f17f37e044614d37ceac5862b39a50df2ae5c967caec84519c38dd74b511392bd1009903a59b9ee6f40d0d6326bae775c21506637267c260d6321fe9ba61", 0xed}, {&(0x7f0000000140)="380eef23b4868a0f0f91612be0a6f53631cf55a79202d9", 0x17}, {&(0x7f0000000180)="9240286b5d8b047faddf4e912daa154a060045885146a080da47b7382c45556a544fd7ce4dbcdf225f50c623810071f0592f3b", 0x33}, {&(0x7f00000001c0)="26d46268740cffa79091b9ed18f1d9780709a95ec78dc4f34a69502041fea85194542adf8e7a878b9eb71ee03d9bbd1235c72b70682407949b980dc0775e7a28d8c0986dc997cffff3d3e86c9fc1bd5c88024773e090759e37e69c1bbbc254f7a24f9f4910e2fc396c425fce3e57bca89e9ffd92343dfeed57a3b0613330269d99e061edc61a42f680b396e252b55c086ac34071fa2a9d32164573a1e99ea2bfff8af9943eb8237bb847b39255cf85093f02ac8776c3f8ddcbfc59f1af32ca16961963bedb5644d3acbf03d95b16f9ecc00dcd2a2e2bd46ae098f4d80468c1b4de6e98", 0xe3}, {&(0x7f00000002c0)="76b7d57d33c949e11e4d85cdeed9d9865d2518263abf5cbeb1464d5714df56b58a7278b9d0dd7cd670b41693f5db1d15934a533302771599df15970a56a7404b89e9367df5d0fa4576b794d21bb0da017ff3a1bb4a44ba03a8c1884b36267287096d863cd3d544", 0x67}], 0x5, 0x8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1001) (async)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020) (async)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="3c1f034cfde284fb2543328b7fd903770e433ec685fa72056c151d9326d9c50d0475166ffb011fe565f2a03bc8842a512dee6305741308dc2ca73ff301c7c9aea90f16f3657229feb6e92960b112e099cf1e5dbe1d779036e6362f47c5e01a7edf5052f6a2a8e0a460c06ad1b85370e7197f37a12f934d882bef36c0d06f3f7879bb4e8ec27dc4ddd8e58260cf63a7bf5e32656d9b90610c5f8f978d5235d9881e0c1942560b61e2cff0ef4c0db801f17f37e044614d37ceac5862b39a50df2ae5c967caec84519c38dd74b511392bd1009903a59b9ee6f40d0d6326bae775c21506637267c260d6321fe9ba61", 0xed}, {&(0x7f0000000140)="380eef23b4868a0f0f91612be0a6f53631cf55a79202d9", 0x17}, {&(0x7f0000000180)="9240286b5d8b047faddf4e912daa154a060045885146a080da47b7382c45556a544fd7ce4dbcdf225f50c623810071f0592f3b", 0x33}, {&(0x7f00000001c0)="26d46268740cffa79091b9ed18f1d9780709a95ec78dc4f34a69502041fea85194542adf8e7a878b9eb71ee03d9bbd1235c72b70682407949b980dc0775e7a28d8c0986dc997cffff3d3e86c9fc1bd5c88024773e090759e37e69c1bbbc254f7a24f9f4910e2fc396c425fce3e57bca89e9ffd92343dfeed57a3b0613330269d99e061edc61a42f680b396e252b55c086ac34071fa2a9d32164573a1e99ea2bfff8af9943eb8237bb847b39255cf85093f02ac8776c3f8ddcbfc59f1af32ca16961963bedb5644d3acbf03d95b16f9ecc00dcd2a2e2bd46ae098f4d80468c1b4de6e98", 0xe3}, {&(0x7f00000002c0)="76b7d57d33c949e11e4d85cdeed9d9865d2518263abf5cbeb1464d5714df56b58a7278b9d0dd7cd670b41693f5db1d15934a533302771599df15970a56a7404b89e9367df5d0fa4576b794d21bb0da017ff3a1bb4a44ba03a8c1884b36267287096d863cd3d544", 0x67}], 0x5, 0x8) (async)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xa00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xb00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:43 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1001)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="3c1f034cfde284fb2543328b7fd903770e433ec685fa72056c151d9326d9c50d0475166ffb011fe565f2a03bc8842a512dee6305741308dc2ca73ff301c7c9aea90f16f3657229feb6e92960b112e099cf1e5dbe1d779036e6362f47c5e01a7edf5052f6a2a8e0a460c06ad1b85370e7197f37a12f934d882bef36c0d06f3f7879bb4e8ec27dc4ddd8e58260cf63a7bf5e32656d9b90610c5f8f978d5235d9881e0c1942560b61e2cff0ef4c0db801f17f37e044614d37ceac5862b39a50df2ae5c967caec84519c38dd74b511392bd1009903a59b9ee6f40d0d6326bae775c21506637267c260d6321fe9ba61", 0xed}, {&(0x7f0000000140)="380eef23b4868a0f0f91612be0a6f53631cf55a79202d9", 0x17}, {&(0x7f0000000180)="9240286b5d8b047faddf4e912daa154a060045885146a080da47b7382c45556a544fd7ce4dbcdf225f50c623810071f0592f3b", 0x33}, {&(0x7f00000001c0)="26d46268740cffa79091b9ed18f1d9780709a95ec78dc4f34a69502041fea85194542adf8e7a878b9eb71ee03d9bbd1235c72b70682407949b980dc0775e7a28d8c0986dc997cffff3d3e86c9fc1bd5c88024773e090759e37e69c1bbbc254f7a24f9f4910e2fc396c425fce3e57bca89e9ffd92343dfeed57a3b0613330269d99e061edc61a42f680b396e252b55c086ac34071fa2a9d32164573a1e99ea2bfff8af9943eb8237bb847b39255cf85093f02ac8776c3f8ddcbfc59f1af32ca16961963bedb5644d3acbf03d95b16f9ecc00dcd2a2e2bd46ae098f4d80468c1b4de6e98", 0xe3}, {&(0x7f00000002c0)="76b7d57d33c949e11e4d85cdeed9d9865d2518263abf5cbeb1464d5714df56b58a7278b9d0dd7cd670b41693f5db1d15934a533302771599df15970a56a7404b89e9367df5d0fa4576b794d21bb0da017ff3a1bb4a44ba03a8c1884b36267287096d863cd3d544", 0x67}], 0x5, 0x8)
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
open_tree(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x1001) (async)
read$FUSE(r0, &(0x7f0000000400)={0x2020}, 0x2020) (async)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f0000000040)="3c1f034cfde284fb2543328b7fd903770e433ec685fa72056c151d9326d9c50d0475166ffb011fe565f2a03bc8842a512dee6305741308dc2ca73ff301c7c9aea90f16f3657229feb6e92960b112e099cf1e5dbe1d779036e6362f47c5e01a7edf5052f6a2a8e0a460c06ad1b85370e7197f37a12f934d882bef36c0d06f3f7879bb4e8ec27dc4ddd8e58260cf63a7bf5e32656d9b90610c5f8f978d5235d9881e0c1942560b61e2cff0ef4c0db801f17f37e044614d37ceac5862b39a50df2ae5c967caec84519c38dd74b511392bd1009903a59b9ee6f40d0d6326bae775c21506637267c260d6321fe9ba61", 0xed}, {&(0x7f0000000140)="380eef23b4868a0f0f91612be0a6f53631cf55a79202d9", 0x17}, {&(0x7f0000000180)="9240286b5d8b047faddf4e912daa154a060045885146a080da47b7382c45556a544fd7ce4dbcdf225f50c623810071f0592f3b", 0x33}, {&(0x7f00000001c0)="26d46268740cffa79091b9ed18f1d9780709a95ec78dc4f34a69502041fea85194542adf8e7a878b9eb71ee03d9bbd1235c72b70682407949b980dc0775e7a28d8c0986dc997cffff3d3e86c9fc1bd5c88024773e090759e37e69c1bbbc254f7a24f9f4910e2fc396c425fce3e57bca89e9ffd92343dfeed57a3b0613330269d99e061edc61a42f680b396e252b55c086ac34071fa2a9d32164573a1e99ea2bfff8af9943eb8237bb847b39255cf85093f02ac8776c3f8ddcbfc59f1af32ca16961963bedb5644d3acbf03d95b16f9ecc00dcd2a2e2bd46ae098f4d80468c1b4de6e98", 0xe3}, {&(0x7f00000002c0)="76b7d57d33c949e11e4d85cdeed9d9865d2518263abf5cbeb1464d5714df56b58a7278b9d0dd7cd670b41693f5db1d15934a533302771599df15970a56a7404b89e9367df5d0fa4576b794d21bb0da017ff3a1bb4a44ba03a8c1884b36267287096d863cd3d544", 0x67}], 0x5, 0x8) (async)

[  412.678708][T29956] FAULT_INJECTION: forcing a failure.
[  412.678708][T29956] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  412.705002][T29956] CPU: 0 PID: 29956 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  412.716633][T29956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  412.726679][T29956] Call Trace:
[  412.729969][T29956]  dump_stack+0x1d8/0x241
[  412.734300][T29956]  ? panic+0x73e/0x73e
[  412.738363][T29956]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  412.744166][T29956]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  412.750221][T29956]  should_fail+0x709/0x870
[  412.754626][T29956]  ? setup_fault_attr+0x3d0/0x3d0
[  412.759635][T29956]  ? __unwind_start+0x72f/0x8e0
[  412.764478][T29956]  __alloc_pages_nodemask+0x1b6/0x860
[  412.769841][T29956]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  412.775894][T29956]  ? arch_stack_walk+0x114/0x140
[  412.780815][T29956]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  412.786348][T29956]  ? stack_trace_save+0x200/0x200
[  412.791363][T29956]  ? entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  412.797426][T29956]  alloc_slab_page+0x39/0x3e0
[  412.802090][T29956]  new_slab+0x97/0x450
[  412.806147][T29956]  ? check_preemption_disabled+0x154/0x330
[  412.811939][T29956]  ___slab_alloc+0x320/0x4a0
[  412.816523][T29956]  ? setup_fault_attr+0x3d0/0x3d0
[  412.821541][T29956]  ? __kasan_slab_free+0x1fa/0x240
[  412.826641][T29956]  ? __d_alloc+0x2a/0x6a0
[  412.830960][T29956]  ? slab_free_freelist_hook+0x80/0x150
[  412.836588][T29956]  ? __d_alloc+0x2a/0x6a0
[  412.840906][T29956]  __slab_alloc+0x5a/0x90
[  412.845223][T29956]  ? bdi_register_owner+0x56/0xf0
[  412.850231][T29956]  ? __d_alloc+0x2a/0x6a0
[  412.854547][T29956]  kmem_cache_alloc+0x100/0x210
[  412.859391][T29956]  __d_alloc+0x2a/0x6a0
[  412.863538][T29956]  d_alloc_parallel+0xe6/0x1310
[  412.868414][T29956]  ? avc_has_perm_noaudit+0x30c/0x400
[  412.873789][T29956]  ? avc_denied+0x1c0/0x1c0
18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xc00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xd00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  412.878279][T29956]  ? d_hash_and_lookup+0x1e0/0x1e0
[  412.883404][T29956]  ? slab_free_freelist_hook+0x80/0x150
[  412.888940][T29956]  ? selinux_inode_permission+0x374/0x670
[  412.894643][T29956]  ? selinux_inode_permission+0x438/0x670
[  412.900354][T29956]  __lookup_slow+0x15a/0x450
[  412.904940][T29956]  ? lookup_one_len+0x680/0x680
[  412.909781][T29956]  lookup_one_len+0x426/0x680
[  412.914454][T29956]  ? try_lookup_one_len+0x650/0x650
[  412.919742][T29956]  start_creating+0xec/0x270
[  412.924322][T29956]  debugfs_create_dir+0x24/0x380
[  412.929255][T29956]  bdi_register_va+0x232/0x5e0
[  412.934010][T29956]  bdi_register+0xd1/0x120
[  412.938419][T29956]  ? __device_add_disk+0x539/0x1200
[  412.943631][T29956]  ? bdi_register_va+0x5e0/0x5e0
[  412.948558][T29956]  ? percpu_ref_resurrect+0x113/0x190
[  412.953918][T29956]  bdi_register_owner+0x56/0xf0
[  412.958767][T29956]  __device_add_disk+0x5b8/0x1200
[  412.963782][T29956]  ? device_add_disk+0x30/0x30
[  412.968529][T29956]  ? vsprintf+0x30/0x30
[  412.972679][T29956]  ? device_initialize+0x1c7/0x3d0
[  412.977778][T29956]  ? __alloc_disk_node+0x326/0x380
[  412.982880][T29956]  loop_add+0x554/0x710
[  412.987021][T29956]  loop_control_ioctl+0x564/0x740
[  412.992031][T29956]  ? loop_remove+0xa0/0xa0
[  412.996431][T29956]  ? __lru_cache_add+0x1bf/0x210
[  413.001355][T29956]  ? memset+0x1f/0x40
[  413.005329][T29956]  ? fsnotify+0x1332/0x13f0
[  413.009819][T29956]  ? loop_remove+0xa0/0xa0
[  413.014222][T29956]  do_vfs_ioctl+0x744/0x1730
[  413.019372][T29956]  ? selinux_file_ioctl+0x723/0x970
[  413.024564][T29956]  ? ioctl_preallocate+0x250/0x250
[  413.029663][T29956]  ? __fget+0x40c/0x4a0
[  413.033809][T29956]  ? fget_many+0x20/0x20
[  413.038036][T29956]  ? check_preemption_disabled+0x154/0x330
[  413.043826][T29956]  ? debug_smp_processor_id+0x20/0x20
[  413.049183][T29956]  ? security_file_ioctl+0x9d/0xb0
[  413.054289][T29956]  __x64_sys_ioctl+0xd4/0x110
[  413.058978][T29956]  do_syscall_64+0xcb/0x1c0
[  413.063478][T29956]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:43 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 72)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xe00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x2, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000080)={0x4, 0x17})
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000100)={0xc1, 0x0, 0x2})
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x22100, 0x0)
tee(r0, r1, 0x7, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
accept$inet(r2, &(0x7f0000000000), &(0x7f0000000040)=0x10)
read$FUSE(r0, 0x0, 0x0)
r3 = open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x800)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x38, 0x0, &(0x7f0000000200)=[@dead_binder_done, @decrefs={0x40046307, 0x2}, @clear_death={0x400c630f, 0x3}, @acquire_done={0x40106309, 0x3}], 0x14, 0x0, &(0x7f0000000240)="8b24b0c402ef4195ff1a223a92191ade2a776766"})

18:36:43 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0xe8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x1c, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:43 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x1100}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:43 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x2, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000080)={0x4, 0x17}) (async)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000100)={0xc1, 0x0, 0x2})
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x22100, 0x0)
tee(r0, r1, 0x7, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
accept$inet(r2, &(0x7f0000000000), &(0x7f0000000040)=0x10) (async)
read$FUSE(r0, 0x0, 0x0) (async, rerun: 64)
r3 = open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x800) (rerun: 64)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r3) (async)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0) (async)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x38, 0x0, &(0x7f0000000200)=[@dead_binder_done, @decrefs={0x40046307, 0x2}, @clear_death={0x400c630f, 0x3}, @acquire_done={0x40106309, 0x3}], 0x14, 0x0, &(0x7f0000000240)="8b24b0c402ef4195ff1a223a92191ade2a776766"})

18:36:43 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x1200}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:43 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  413.166319][T29993] FAULT_INJECTION: forcing a failure.
[  413.166319][T29993] name failslab, interval 1, probability 0, space 0, times 0
[  413.207728][T29993] CPU: 1 PID: 29993 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  413.219361][T29993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  413.229409][T29993] Call Trace:
[  413.232694][T29993]  dump_stack+0x1d8/0x241
[  413.237017][T29993]  ? panic+0x73e/0x73e
[  413.241075][T29993]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  413.246878][T29993]  ? __lookup_slow+0x340/0x450
[  413.251636][T29993]  should_fail+0x709/0x870
[  413.256046][T29993]  ? setup_fault_attr+0x3d0/0x3d0
[  413.261061][T29993]  ? lookup_one_len+0x426/0x680
[  413.265900][T29993]  ? new_inode_pseudo+0x78/0x210
[  413.270832][T29993]  should_failslab+0x5/0x20
[  413.275323][T29993]  kmem_cache_alloc+0x24/0x210
[  413.280077][T29993]  new_inode_pseudo+0x78/0x210
[  413.284838][T29993]  new_inode+0x25/0x1d0
[  413.288983][T29993]  ? start_creating+0x183/0x270
[  413.293820][T29993]  debugfs_create_dir+0x66/0x380
[  413.298835][T29993]  bdi_register_va+0x232/0x5e0
[  413.303640][T29993]  bdi_register+0xd1/0x120
[  413.308042][T29993]  ? __device_add_disk+0x539/0x1200
[  413.313241][T29993]  ? bdi_register_va+0x5e0/0x5e0
[  413.318164][T29993]  ? percpu_ref_resurrect+0x113/0x190
[  413.323528][T29993]  bdi_register_owner+0x56/0xf0
[  413.328371][T29993]  __device_add_disk+0x5b8/0x1200
[  413.333392][T29993]  ? device_add_disk+0x30/0x30
[  413.338146][T29993]  ? vsprintf+0x30/0x30
[  413.342295][T29993]  ? device_initialize+0x1c7/0x3d0
[  413.347401][T29993]  ? __alloc_disk_node+0x326/0x380
[  413.352513][T29993]  loop_add+0x554/0x710
[  413.356664][T29993]  loop_control_ioctl+0x564/0x740
[  413.361682][T29993]  ? loop_remove+0xa0/0xa0
[  413.366090][T29993]  ? __lru_cache_add+0x1bf/0x210
[  413.371020][T29993]  ? memset+0x1f/0x40
[  413.375011][T29993]  ? fsnotify+0x1332/0x13f0
[  413.379498][T29993]  ? loop_remove+0xa0/0xa0
[  413.383910][T29993]  do_vfs_ioctl+0x744/0x1730
[  413.388495][T29993]  ? selinux_file_ioctl+0x723/0x970
[  413.393686][T29993]  ? ioctl_preallocate+0x250/0x250
[  413.398786][T29993]  ? __fget+0x40c/0x4a0
[  413.402960][T29993]  ? fget_many+0x20/0x20
[  413.407195][T29993]  ? check_preemption_disabled+0x154/0x330
[  413.412990][T29993]  ? debug_smp_processor_id+0x20/0x20
[  413.418358][T29993]  ? security_file_ioctl+0x9d/0xb0
[  413.423556][T29993]  __x64_sys_ioctl+0xd4/0x110
[  413.428233][T29993]  do_syscall_64+0xcb/0x1c0
[  413.432921][T29993]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  413.456579][T29993] debugfs: out of free dentries, can not create directory '7:0'
18:36:44 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 73)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:44 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x2, 0x0)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r0, 0x4008ae73, &(0x7f0000000080)={0x4, 0x17})
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(r0, 0x4068aea3, &(0x7f0000000100)={0xc1, 0x0, 0x2})
r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x22100, 0x0)
tee(r0, r1, 0x7, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
accept$inet(r2, &(0x7f0000000000), &(0x7f0000000040)=0x10) (async)
read$FUSE(r0, 0x0, 0x0) (async)
r3 = open_tree(r0, &(0x7f00000001c0)='./file0\x00', 0x800)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r3)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000280)={0x38, 0x0, &(0x7f0000000200)=[@dead_binder_done, @decrefs={0x40046307, 0x2}, @clear_death={0x400c630f, 0x3}, @acquire_done={0x40106309, 0x3}], 0x14, 0x0, &(0x7f0000000240)="8b24b0c402ef4195ff1a223a92191ade2a776766"})

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x1700}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x2000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x2500}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  413.551546][T30022] FAULT_INJECTION: forcing a failure.
[  413.551546][T30022] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  413.566354][T30022] CPU: 0 PID: 30022 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  413.578058][T30022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  413.588098][T30022] Call Trace:
[  413.591393][T30022]  dump_stack+0x1d8/0x241
[  413.595710][T30022]  ? panic+0x73e/0x73e
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4300}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  413.599768][T30022]  ? stack_trace_save+0x132/0x200
[  413.604780][T30022]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  413.610577][T30022]  ? stack_trace_snprint+0x170/0x170
[  413.615855][T30022]  should_fail+0x709/0x870
[  413.620261][T30022]  ? setup_fault_attr+0x3d0/0x3d0
[  413.625283][T30022]  ? __kasan_kmalloc+0x131/0x1e0
[  413.630552][T30022]  ? kmem_cache_alloc+0xd0/0x210
[  413.635472][T30022]  ? inode_init_always+0x5db/0x800
[  413.640571][T30022]  ? new_inode_pseudo+0x8f/0x210
[  413.645500][T30022]  __alloc_pages_nodemask+0x1b6/0x860
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4800}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4c00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  413.650856][T30022]  ? __x64_sys_ioctl+0xd4/0x110
[  413.655692][T30022]  ? do_syscall_64+0xcb/0x1c0
[  413.660381][T30022]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  413.665920][T30022]  ? lockref_get+0x1b3/0x2a0
[  413.670499][T30022]  ? asan.module_dtor+0x20/0x20
[  413.675339][T30022]  __get_free_pages+0xa/0x30
[  413.679930][T30022]  selinux_genfs_get_sid+0x55/0x250
[  413.685120][T30022]  inode_doinit_with_dentry+0x87c/0x1020
[  413.690741][T30022]  ? sb_finish_set_opts+0x7a0/0x7a0
[  413.695928][T30022]  ? current_time+0x1c4/0x310
[  413.700770][T30022]  ? atime_needs_update+0x580/0x580
[  413.705957][T30022]  security_d_instantiate+0xa5/0x100
[  413.711230][T30022]  d_instantiate+0x51/0x90
[  413.715639][T30022]  debugfs_create_dir+0x1a1/0x380
[  413.720647][T30022]  bdi_register_va+0x232/0x5e0
[  413.725395][T30022]  bdi_register+0xd1/0x120
[  413.729803][T30022]  ? __device_add_disk+0x539/0x1200
[  413.734994][T30022]  ? bdi_register_va+0x5e0/0x5e0
[  413.739918][T30022]  ? percpu_ref_resurrect+0x113/0x190
[  413.745281][T30022]  bdi_register_owner+0x56/0xf0
[  413.750120][T30022]  __device_add_disk+0x5b8/0x1200
[  413.755133][T30022]  ? device_add_disk+0x30/0x30
[  413.759882][T30022]  ? vsprintf+0x30/0x30
[  413.764029][T30022]  ? device_initialize+0x1c7/0x3d0
[  413.769207][T30022]  ? __alloc_disk_node+0x326/0x380
[  413.774301][T30022]  loop_add+0x554/0x710
[  413.778440][T30022]  loop_control_ioctl+0x564/0x740
[  413.783450][T30022]  ? loop_remove+0xa0/0xa0
[  413.787855][T30022]  ? __lru_cache_add+0x1bf/0x210
[  413.792781][T30022]  ? memset+0x1f/0x40
[  413.796749][T30022]  ? fsnotify+0x1332/0x13f0
[  413.801233][T30022]  ? loop_remove+0xa0/0xa0
[  413.805636][T30022]  do_vfs_ioctl+0x744/0x1730
[  413.810212][T30022]  ? selinux_file_ioctl+0x723/0x970
[  413.815396][T30022]  ? ioctl_preallocate+0x250/0x250
[  413.820492][T30022]  ? __fget+0x40c/0x4a0
[  413.824637][T30022]  ? fget_many+0x20/0x20
[  413.828863][T30022]  ? check_preemption_disabled+0x154/0x330
[  413.834656][T30022]  ? debug_smp_processor_id+0x20/0x20
[  413.840015][T30022]  ? security_file_ioctl+0x9d/0xb0
[  413.845114][T30022]  __x64_sys_ioctl+0xd4/0x110
[  413.849774][T30022]  do_syscall_64+0xcb/0x1c0
[  413.854276][T30022]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:44 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 74)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:44 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x6800}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="69eb4ee76017412de9e3", @ANYRES16=r1, @ANYBLOB="000026bd7000fbdbdf2509000000ec0005800c00028008000300c60b00002c0002800800010004000000080003000300000008000200060000000800030004000000080003000000000007000100696200000c00028008000200090000003400028008000200ff7f000008000200ff000000080004005d000000080004000100000008000400ff7f000008000200ff0f000008000100657468002c000280080004000000000008000100130000000800020001000000080002000180000008000300ff07000008000100657468002c0002800800030009000000080004000500000008000400000001000800020009000000080004000000000028000780080002000500000008000200080000000c0004000800000000000000080002004e000000"], 0x128}, 0x1, 0x0, 0x0, 0x24040051}, 0x884)
read$FUSE(r0, 0x0, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000))

18:36:44 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="69eb4ee76017412de9e3", @ANYRES16=r1, @ANYBLOB="000026bd7000fbdbdf2509000000ec0005800c00028008000300c60b00002c0002800800010004000000080003000300000008000200060000000800030004000000080003000000000007000100696200000c00028008000200090000003400028008000200ff7f000008000200ff000000080004005d000000080004000100000008000400ff7f000008000200ff0f000008000100657468002c000280080004000000000008000100130000000800020001000000080002000180000008000300ff07000008000100657468002c0002800800030009000000080004000500000008000400000001000800020009000000080004000000000028000780080002000500000008000200080000000c0004000800000000000000080002004e000000"], 0x128}, 0x1, 0x0, 0x0, 0x24040051}, 0x884)
read$FUSE(r0, 0x0, 0x0) (async)
ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000))

18:36:44 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x6c00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x7400}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  413.957485][T30051] FAULT_INJECTION: forcing a failure.
[  413.957485][T30051] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  413.978386][T30051] CPU: 0 PID: 30051 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  413.990013][T30051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  414.000052][T30051] Call Trace:
[  414.003332][T30051]  dump_stack+0x1d8/0x241
[  414.007656][T30051]  ? panic+0x73e/0x73e
[  414.011707][T30051]  ? stack_trace_save+0x132/0x200
[  414.016718][T30051]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  414.022515][T30051]  ? stack_trace_snprint+0x170/0x170
[  414.027793][T30051]  should_fail+0x709/0x870
[  414.032197][T30051]  ? setup_fault_attr+0x3d0/0x3d0
[  414.037206][T30051]  ? __kasan_kmalloc+0x131/0x1e0
[  414.042124][T30051]  ? kmem_cache_alloc+0xd0/0x210
[  414.047042][T30051]  ? inode_init_always+0x5db/0x800
[  414.052133][T30051]  ? new_inode_pseudo+0x8f/0x210
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x7a00}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.057058][T30051]  __alloc_pages_nodemask+0x1b6/0x860
[  414.062420][T30051]  ? __x64_sys_ioctl+0xd4/0x110
[  414.067259][T30051]  ? do_syscall_64+0xcb/0x1c0
[  414.071927][T30051]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  414.077463][T30051]  ? lockref_get+0x1b3/0x2a0
[  414.082046][T30051]  ? asan.module_dtor+0x20/0x20
[  414.086891][T30051]  __get_free_pages+0xa/0x30
[  414.091472][T30051]  selinux_genfs_get_sid+0x55/0x250
[  414.096659][T30051]  inode_doinit_with_dentry+0x87c/0x1020
[  414.102279][T30051]  ? sb_finish_set_opts+0x7a0/0x7a0
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xd000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.107462][T30051]  ? current_time+0x1c4/0x310
[  414.112126][T30051]  ? atime_needs_update+0x580/0x580
[  414.117314][T30051]  security_d_instantiate+0xa5/0x100
[  414.122588][T30051]  d_instantiate+0x51/0x90
[  414.127167][T30051]  debugfs_create_dir+0x1a1/0x380
[  414.132183][T30051]  bdi_register_va+0x232/0x5e0
[  414.136933][T30051]  bdi_register+0xd1/0x120
[  414.141342][T30051]  ? __device_add_disk+0x539/0x1200
[  414.146590][T30051]  ? bdi_register_va+0x5e0/0x5e0
[  414.151517][T30051]  ? percpu_ref_resurrect+0x113/0x190
[  414.156878][T30051]  bdi_register_owner+0x56/0xf0
[  414.161721][T30051]  __device_add_disk+0x5b8/0x1200
[  414.166744][T30051]  ? device_add_disk+0x30/0x30
[  414.171493][T30051]  ? vsprintf+0x30/0x30
[  414.175642][T30051]  ? device_initialize+0x1c7/0x3d0
[  414.180743][T30051]  ? __alloc_disk_node+0x326/0x380
[  414.185926][T30051]  loop_add+0x554/0x710
[  414.190073][T30051]  loop_control_ioctl+0x564/0x740
[  414.195084][T30051]  ? loop_remove+0xa0/0xa0
[  414.199487][T30051]  ? __lru_cache_add+0x1bf/0x210
[  414.204417][T30051]  ? memset+0x1f/0x40
[  414.208390][T30051]  ? fsnotify+0x1332/0x13f0
[  414.212885][T30051]  ? loop_remove+0xa0/0xa0
[  414.217302][T30051]  do_vfs_ioctl+0x744/0x1730
[  414.221973][T30051]  ? selinux_file_ioctl+0x723/0x970
[  414.227159][T30051]  ? ioctl_preallocate+0x250/0x250
[  414.232263][T30051]  ? __fget+0x40c/0x4a0
[  414.236408][T30051]  ? fget_many+0x20/0x20
[  414.240635][T30051]  ? check_preemption_disabled+0x154/0x330
[  414.246424][T30051]  ? debug_smp_processor_id+0x20/0x20
[  414.251786][T30051]  ? security_file_ioctl+0x9d/0xb0
18:36:44 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 75)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xe0ff}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="69eb4ee76017412de9e3", @ANYRES16=r1, @ANYBLOB="000026bd7000fbdbdf2509000000ec0005800c00028008000300c60b00002c0002800800010004000000080003000300000008000200060000000800030004000000080003000000000007000100696200000c00028008000200090000003400028008000200ff7f000008000200ff000000080004005d000000080004000100000008000400ff7f000008000200ff0f000008000100657468002c000280080004000000000008000100130000000800020001000000080002000180000008000300ff07000008000100657468002c0002800800030009000000080004000500000008000400000001000800020009000000080004000000000028000780080002000500000008000200080000000c0004000800000000000000080002004e000000"], 0x128}, 0x1, 0x0, 0x0, 0x24040051}, 0x884)
read$FUSE(r0, 0x0, 0x0)
ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f0000000000))

18:36:44 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:44 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:44 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  414.257011][T30051]  __x64_sys_ioctl+0xd4/0x110
[  414.261675][T30051]  do_syscall_64+0xcb/0x1c0
[  414.266239][T30051]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xffe0}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xfffff}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.331392][T30079] FAULT_INJECTION: forcing a failure.
[  414.331392][T30079] name failslab, interval 1, probability 0, space 0, times 0
[  414.345566][T30079] CPU: 0 PID: 30079 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  414.357186][T30079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  414.367228][T30079] Call Trace:
[  414.370511][T30079]  dump_stack+0x1d8/0x241
[  414.374855][T30079]  ? panic+0x73e/0x73e
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x100000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:44 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000080)={0x800, 0x7ff, 0x2, 0x2d8, 0x3, [{0x6, 0xffffffffffffffff, 0x2}, {0xfffffffffffffff9, 0x4f, 0x4, '\x00', 0x480}, {0xbc75, 0x0, 0xa5d5f23, '\x00', 0xc00}]})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x4, 0x8})

18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x400000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.378913][T30079]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  414.384709][T30079]  ? __lookup_slow+0x340/0x450
[  414.389462][T30079]  should_fail+0x709/0x870
[  414.393867][T30079]  ? setup_fault_attr+0x3d0/0x3d0
[  414.398879][T30079]  ? lookup_one_len+0x426/0x680
[  414.403717][T30079]  ? new_inode_pseudo+0x78/0x210
[  414.408636][T30079]  should_failslab+0x5/0x20
[  414.413122][T30079]  kmem_cache_alloc+0x24/0x210
[  414.417872][T30079]  new_inode_pseudo+0x78/0x210
[  414.422622][T30079]  new_inode+0x25/0x1d0
[  414.426765][T30079]  ? start_creating+0x183/0x270
18:36:44 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x80ffff}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.431603][T30079]  __debugfs_create_file+0xb6/0x400
[  414.436787][T30079]  ? debugfs_create_dir+0x2e6/0x380
[  414.441971][T30079]  bdi_register_va+0x274/0x5e0
[  414.446723][T30079]  bdi_register+0xd1/0x120
[  414.451129][T30079]  ? __device_add_disk+0x539/0x1200
[  414.456316][T30079]  ? bdi_register_va+0x5e0/0x5e0
[  414.461243][T30079]  ? percpu_ref_resurrect+0x113/0x190
[  414.466613][T30079]  bdi_register_owner+0x56/0xf0
[  414.471455][T30079]  __device_add_disk+0x5b8/0x1200
[  414.476468][T30079]  ? device_add_disk+0x30/0x30
[  414.481221][T30079]  ? vsprintf+0x30/0x30
[  414.485369][T30079]  ? device_initialize+0x1c7/0x3d0
[  414.490469][T30079]  ? __alloc_disk_node+0x326/0x380
[  414.495576][T30079]  loop_add+0x554/0x710
[  414.499721][T30079]  loop_control_ioctl+0x564/0x740
[  414.504736][T30079]  ? loop_remove+0xa0/0xa0
[  414.509142][T30079]  ? __lru_cache_add+0x1bf/0x210
[  414.514062][T30079]  ? memset+0x1f/0x40
[  414.518028][T30079]  ? fsnotify+0x1332/0x13f0
[  414.522514][T30079]  ? loop_remove+0xa0/0xa0
[  414.526911][T30079]  do_vfs_ioctl+0x744/0x1730
[  414.531487][T30079]  ? selinux_file_ioctl+0x723/0x970
[  414.536669][T30079]  ? ioctl_preallocate+0x250/0x250
[  414.541768][T30079]  ? __fget+0x40c/0x4a0
[  414.545908][T30079]  ? fget_many+0x20/0x20
[  414.550132][T30079]  ? check_preemption_disabled+0x154/0x330
[  414.555922][T30079]  ? debug_smp_processor_id+0x20/0x20
[  414.561279][T30079]  ? security_file_ioctl+0x9d/0xb0
[  414.566373][T30079]  __x64_sys_ioctl+0xd4/0x110
[  414.571037][T30079]  do_syscall_64+0xcb/0x1c0
[  414.575535][T30079]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  414.585633][T30079] debugfs: out of free dentries, can not create file 'stats'
18:36:45 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 76)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x1000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:45 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000080)={0x800, 0x7ff, 0x2, 0x2d8, 0x3, [{0x6, 0xffffffffffffffff, 0x2}, {0xfffffffffffffff9, 0x4f, 0x4, '\x00', 0x480}, {0xbc75, 0x0, 0xa5d5f23, '\x00', 0xc00}]})
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x4, 0x8})

18:36:45 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x2000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.685245][T30112] FAULT_INJECTION: forcing a failure.
[  414.685245][T30112] name failslab, interval 1, probability 0, space 0, times 0
[  414.708880][T30112] CPU: 1 PID: 30112 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  414.720504][T30112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  414.730563][T30112] Call Trace:
[  414.733951][T30112]  dump_stack+0x1d8/0x241
[  414.738283][T30112]  ? panic+0x73e/0x73e
[  414.742339][T30112]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  414.748130][T30112]  ? __lookup_slow+0x340/0x450
[  414.752877][T30112]  should_fail+0x709/0x870
[  414.757296][T30112]  ? setup_fault_attr+0x3d0/0x3d0
[  414.762307][T30112]  ? lookup_one_len+0x426/0x680
[  414.767146][T30112]  ? new_inode_pseudo+0x78/0x210
[  414.772067][T30112]  should_failslab+0x5/0x20
[  414.776551][T30112]  kmem_cache_alloc+0x24/0x210
[  414.781308][T30112]  new_inode_pseudo+0x78/0x210
[  414.786060][T30112]  new_inode+0x25/0x1d0
[  414.790212][T30112]  ? start_creating+0x183/0x270
[  414.795044][T30112]  __debugfs_create_file+0xb6/0x400
[  414.800226][T30112]  ? debugfs_create_dir+0x2e6/0x380
[  414.805413][T30112]  bdi_register_va+0x274/0x5e0
[  414.810165][T30112]  bdi_register+0xd1/0x120
[  414.814568][T30112]  ? __device_add_disk+0x539/0x1200
[  414.819748][T30112]  ? bdi_register_va+0x5e0/0x5e0
[  414.824677][T30112]  ? percpu_ref_resurrect+0x113/0x190
[  414.830031][T30112]  bdi_register_owner+0x56/0xf0
[  414.834871][T30112]  __device_add_disk+0x5b8/0x1200
[  414.839880][T30112]  ? device_add_disk+0x30/0x30
[  414.844624][T30112]  ? vsprintf+0x30/0x30
[  414.848763][T30112]  ? device_initialize+0x1c7/0x3d0
[  414.853859][T30112]  ? __alloc_disk_node+0x326/0x380
[  414.858952][T30112]  loop_add+0x554/0x710
[  414.863107][T30112]  loop_control_ioctl+0x564/0x740
[  414.868130][T30112]  ? loop_remove+0xa0/0xa0
[  414.872530][T30112]  ? __lru_cache_add+0x1bf/0x210
[  414.877447][T30112]  ? memset+0x1f/0x40
[  414.881412][T30112]  ? fsnotify+0x1332/0x13f0
[  414.885900][T30112]  ? loop_remove+0xa0/0xa0
[  414.890308][T30112]  do_vfs_ioctl+0x744/0x1730
[  414.894881][T30112]  ? selinux_file_ioctl+0x723/0x970
[  414.900063][T30112]  ? ioctl_preallocate+0x250/0x250
[  414.905156][T30112]  ? __fget+0x40c/0x4a0
[  414.909296][T30112]  ? fget_many+0x20/0x20
[  414.913527][T30112]  ? check_preemption_disabled+0x154/0x330
[  414.919318][T30112]  ? debug_smp_processor_id+0x20/0x20
[  414.924673][T30112]  ? security_file_ioctl+0x9d/0xb0
[  414.929777][T30112]  __x64_sys_ioctl+0xd4/0x110
18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x3000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:45 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs2/binder0\x00', 0x2, 0x0)
ioctl$FS_IOC_FIEMAP(r2, 0xc020660b, &(0x7f0000000080)={0x800, 0x7ff, 0x2, 0x2d8, 0x3, [{0x6, 0xffffffffffffffff, 0x2}, {0xfffffffffffffff9, 0x4f, 0x4, '\x00', 0x480}, {0xbc75, 0x0, 0xa5d5f23, '\x00', 0xc00}]}) (async)
ioctl$KVM_ASSIGN_SET_MSIX_NR(r1, 0x4008ae73, &(0x7f0000000000)={0x4, 0x8})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x4000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  414.934441][T30112]  do_syscall_64+0xcb/0x1c0
[  414.938927][T30112]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  414.961077][T30112] debugfs: out of free dentries, can not create file 'stats'
18:36:45 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 77)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:45 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x1})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@newneigh={0x7c, 0x1c, 0x4, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, r3, 0x4, 0x0, 0x4}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_PROBES={0x8, 0x4, 0x9}, @NDA_IFINDEX={0x8}, @NDA_MASTER={0x8}, @NDA_MASTER={0x8, 0x9, 0x8}, @NDA_SRC_VNI={0x8, 0xb, 0x4}, @NDA_LLADDR={0xa, 0x2, @local}, @NDA_PORT={0x6, 0x6, 0x4e21}, @NDA_DST_IPV4={0x8, 0x1, @loopback}, @NDA_CACHEINFO={0x14, 0x3, {0x3, 0x81, 0x8, 0x5}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4810}, 0x40004)
read$FUSE(r1, 0x0, 0x0)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x5000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:45 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x1})
r2 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@newneigh={0x7c, 0x1c, 0x4, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, r3, 0x4, 0x0, 0x4}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_PROBES={0x8, 0x4, 0x9}, @NDA_IFINDEX={0x8}, @NDA_MASTER={0x8}, @NDA_MASTER={0x8, 0x9, 0x8}, @NDA_SRC_VNI={0x8, 0xb, 0x4}, @NDA_LLADDR={0xa, 0x2, @local}, @NDA_PORT={0x6, 0x6, 0x4e21}, @NDA_DST_IPV4={0x8, 0x1, @loopback}, @NDA_CACHEINFO={0x14, 0x3, {0x3, 0x81, 0x8, 0x5}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4810}, 0x40004)
read$FUSE(r1, 0x0, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
ioctl$PPPIOCDISCONN(r0, 0x7439) (async)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x1}) (async)
socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) (async)
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@newneigh={0x7c, 0x1c, 0x4, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, r3, 0x4, 0x0, 0x4}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_PROBES={0x8, 0x4, 0x9}, @NDA_IFINDEX={0x8}, @NDA_MASTER={0x8}, @NDA_MASTER={0x8, 0x9, 0x8}, @NDA_SRC_VNI={0x8, 0xb, 0x4}, @NDA_LLADDR={0xa, 0x2, @local}, @NDA_PORT={0x6, 0x6, 0x4e21}, @NDA_DST_IPV4={0x8, 0x1, @loopback}, @NDA_CACHEINFO={0x14, 0x3, {0x3, 0x81, 0x8, 0x5}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4810}, 0x40004) (async)
read$FUSE(r1, 0x0, 0x0) (async)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x6000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  415.053664][T30140] FAULT_INJECTION: forcing a failure.
[  415.053664][T30140] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  415.087212][T30140] CPU: 1 PID: 30140 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  415.098853][T30140] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  415.098863][T30140] Call Trace:
[  415.112176][T30140]  dump_stack+0x1d8/0x241
[  415.116513][T30140]  ? panic+0x73e/0x73e
[  415.116524][T30140]  ? stack_trace_save+0x132/0x200
[  415.116532][T30140]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  415.116541][T30140]  ? stack_trace_snprint+0x170/0x170
[  415.116551][T30140]  should_fail+0x709/0x870
[  415.116559][T30140]  ? setup_fault_attr+0x3d0/0x3d0
[  415.116574][T30140]  ? __kasan_kmalloc+0x131/0x1e0
[  415.151506][T30140]  ? kmem_cache_alloc+0xd0/0x210
[  415.156426][T30140]  ? inode_init_always+0x5db/0x800
[  415.161526][T30140]  ? new_inode_pseudo+0x8f/0x210
[  415.166458][T30140]  __alloc_pages_nodemask+0x1b6/0x860
[  415.171913][T30140]  ? __x64_sys_ioctl+0xd4/0x110
[  415.176749][T30140]  ? do_syscall_64+0xcb/0x1c0
[  415.181419][T30140]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  415.186950][T30140]  ? lockref_get+0x1b3/0x2a0
[  415.191526][T30140]  ? asan.module_dtor+0x20/0x20
[  415.196359][T30140]  __get_free_pages+0xa/0x30
[  415.200934][T30140]  selinux_genfs_get_sid+0x55/0x250
[  415.206124][T30140]  inode_doinit_with_dentry+0x87c/0x1020
[  415.211745][T30140]  ? sb_finish_set_opts+0x7a0/0x7a0
[  415.216925][T30140]  ? current_time+0x1c4/0x310
[  415.221589][T30140]  ? atime_needs_update+0x580/0x580
[  415.226768][T30140]  security_d_instantiate+0xa5/0x100
[  415.232054][T30140]  d_instantiate+0x51/0x90
[  415.236918][T30140]  __debugfs_create_file+0x256/0x400
[  415.242311][T30140]  bdi_register_va+0x274/0x5e0
[  415.247069][T30140]  bdi_register+0xd1/0x120
[  415.251472][T30140]  ? __device_add_disk+0x539/0x1200
[  415.256663][T30140]  ? bdi_register_va+0x5e0/0x5e0
[  415.261588][T30140]  ? percpu_ref_resurrect+0x113/0x190
[  415.266953][T30140]  bdi_register_owner+0x56/0xf0
[  415.271802][T30140]  __device_add_disk+0x5b8/0x1200
[  415.277349][T30140]  ? device_add_disk+0x30/0x30
[  415.282099][T30140]  ? vsprintf+0x30/0x30
[  415.286236][T30140]  ? device_initialize+0x1c7/0x3d0
[  415.291342][T30140]  ? __alloc_disk_node+0x326/0x380
[  415.296447][T30140]  loop_add+0x554/0x710
[  415.300599][T30140]  loop_control_ioctl+0x564/0x740
[  415.305625][T30140]  ? loop_remove+0xa0/0xa0
[  415.310028][T30140]  ? __lru_cache_add+0x1bf/0x210
[  415.314963][T30140]  ? memset+0x1f/0x40
[  415.318930][T30140]  ? fsnotify+0x1332/0x13f0
[  415.323416][T30140]  ? loop_remove+0xa0/0xa0
[  415.327822][T30140]  do_vfs_ioctl+0x744/0x1730
[  415.332400][T30140]  ? selinux_file_ioctl+0x723/0x970
[  415.337584][T30140]  ? ioctl_preallocate+0x250/0x250
[  415.342685][T30140]  ? __fget+0x40c/0x4a0
[  415.346826][T30140]  ? fget_many+0x20/0x20
18:36:45 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$PPPIOCDISCONN(r0, 0x7439)
r1 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000000)={0x79, 0x0, 0x1}) (async)
r2 = socket$nl_route(0x10, 0x3, 0x0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(r2, &(0x7f0000000200)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000140)=@newneigh={0x7c, 0x1c, 0x4, 0x70bd2b, 0x25dfdbfd, {0x7, 0x0, 0x0, r3, 0x4, 0x0, 0x4}, [@NDA_PORT={0x6, 0x6, 0x4e24}, @NDA_PROBES={0x8, 0x4, 0x9}, @NDA_IFINDEX={0x8}, @NDA_MASTER={0x8}, @NDA_MASTER={0x8, 0x9, 0x8}, @NDA_SRC_VNI={0x8, 0xb, 0x4}, @NDA_LLADDR={0xa, 0x2, @local}, @NDA_PORT={0x6, 0x6, 0x4e21}, @NDA_DST_IPV4={0x8, 0x1, @loopback}, @NDA_CACHEINFO={0x14, 0x3, {0x3, 0x81, 0x8, 0x5}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x4810}, 0x40004) (async)
read$FUSE(r1, 0x0, 0x0)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x7000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:45 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0)
inotify_init()

[  415.351075][T30140]  ? check_preemption_disabled+0x154/0x330
[  415.356869][T30140]  ? debug_smp_processor_id+0x20/0x20
[  415.362225][T30140]  ? security_file_ioctl+0x9d/0xb0
[  415.367321][T30140]  __x64_sys_ioctl+0xd4/0x110
[  415.371981][T30140]  do_syscall_64+0xcb/0x1c0
[  415.376471][T30140]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:45 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 78)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:45 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async, rerun: 64)
inotify_init() (rerun: 64)

18:36:45 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x8000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:45 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:45 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:45 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x10c, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x10c}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x9000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  415.482519][T30182] FAULT_INJECTION: forcing a failure.
[  415.482519][T30182] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  415.508862][T30182] CPU: 1 PID: 30182 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  415.520490][T30182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  415.530532][T30182] Call Trace:
[  415.534002][T30182]  dump_stack+0x1d8/0x241
[  415.538360][T30182]  ? panic+0x73e/0x73e
[  415.542511][T30182]  ? stack_trace_save+0x132/0x200
[  415.547550][T30182]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  415.553352][T30182]  ? stack_trace_snprint+0x170/0x170
[  415.558723][T30182]  should_fail+0x709/0x870
[  415.563137][T30182]  ? setup_fault_attr+0x3d0/0x3d0
[  415.568149][T30182]  ? __kasan_kmalloc+0x131/0x1e0
[  415.573075][T30182]  ? kmem_cache_alloc+0xd0/0x210
[  415.578002][T30182]  ? inode_init_always+0x5db/0x800
[  415.583106][T30182]  ? new_inode_pseudo+0x8f/0x210
[  415.588052][T30182]  __alloc_pages_nodemask+0x1b6/0x860
[  415.593431][T30182]  ? __x64_sys_ioctl+0xd4/0x110
[  415.598270][T30182]  ? do_syscall_64+0xcb/0x1c0
[  415.602934][T30182]  ? gfp_pfmemalloc_allowed+0x120/0x120
[  415.608464][T30182]  ? lockref_get+0x1b3/0x2a0
[  415.613039][T30182]  ? asan.module_dtor+0x20/0x20
[  415.617889][T30182]  __get_free_pages+0xa/0x30
[  415.622469][T30182]  selinux_genfs_get_sid+0x55/0x250
[  415.628003][T30182]  inode_doinit_with_dentry+0x87c/0x1020
[  415.633626][T30182]  ? sb_finish_set_opts+0x7a0/0x7a0
[  415.639361][T30182]  ? current_time+0x1c4/0x310
[  415.644023][T30182]  ? atime_needs_update+0x580/0x580
[  415.649212][T30182]  security_d_instantiate+0xa5/0x100
[  415.654483][T30182]  d_instantiate+0x51/0x90
[  415.658899][T30182]  __debugfs_create_file+0x256/0x400
[  415.664184][T30182]  bdi_register_va+0x274/0x5e0
[  415.669205][T30182]  bdi_register+0xd1/0x120
[  415.673609][T30182]  ? __device_add_disk+0x539/0x1200
[  415.678796][T30182]  ? bdi_register_va+0x5e0/0x5e0
[  415.683719][T30182]  ? percpu_ref_resurrect+0x113/0x190
[  415.689600][T30182]  bdi_register_owner+0x56/0xf0
[  415.694438][T30182]  __device_add_disk+0x5b8/0x1200
[  415.699458][T30182]  ? device_add_disk+0x30/0x30
[  415.704207][T30182]  ? vsprintf+0x30/0x30
[  415.708380][T30182]  ? device_initialize+0x1c7/0x3d0
[  415.713492][T30182]  ? __alloc_disk_node+0x326/0x380
[  415.718593][T30182]  loop_add+0x554/0x710
[  415.722737][T30182]  loop_control_ioctl+0x564/0x740
[  415.727750][T30182]  ? loop_remove+0xa0/0xa0
[  415.732151][T30182]  ? __lru_cache_add+0x1bf/0x210
[  415.737421][T30182]  ? memset+0x1f/0x40
[  415.741393][T30182]  ? fsnotify+0x1332/0x13f0
[  415.745891][T30182]  ? loop_remove+0xa0/0xa0
[  415.750293][T30182]  do_vfs_ioctl+0x744/0x1730
[  415.754871][T30182]  ? selinux_file_ioctl+0x723/0x970
[  415.760054][T30182]  ? ioctl_preallocate+0x250/0x250
[  415.765151][T30182]  ? __fget+0x40c/0x4a0
[  415.769296][T30182]  ? fget_many+0x20/0x20
[  415.773958][T30182]  ? check_preemption_disabled+0x154/0x330
18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xa000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:46 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
read$FUSE(r0, 0x0, 0x0) (async)
inotify_init()

18:36:46 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000040))

18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xb000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  415.779754][T30182]  ? debug_smp_processor_id+0x20/0x20
[  415.785116][T30182]  ? security_file_ioctl+0x9d/0xb0
[  415.790213][T30182]  __x64_sys_ioctl+0xd4/0x110
[  415.794876][T30182]  do_syscall_64+0xcb/0x1c0
[  415.799378][T30182]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
18:36:46 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0) (fail_nth: 79)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:46 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:46 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:46 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:46 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000040))
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
pipe2(&(0x7f0000000000), 0x800) (async)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000040)) (async)

18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xc000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:46 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:46 executing program 2:
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
pipe2(&(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x800)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000040))
read$FUSE(0xffffffffffffffff, 0x0, 0x0) (async)
pipe2(&(0x7f0000000000), 0x800) (async)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000040)) (async)

18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xd000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  415.887398][T30209] FAULT_INJECTION: forcing a failure.
[  415.887398][T30209] name failslab, interval 1, probability 0, space 0, times 0
[  415.927453][T30209] CPU: 0 PID: 30209 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  415.939614][T30209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  415.949918][T30209] Call Trace:
[  415.953208][T30209]  dump_stack+0x1d8/0x241
[  415.957532][T30209]  ? panic+0x73e/0x73e
[  415.961597][T30209]  ? nf_ct_l4proto_log_invalid+0x26c/0x26c
[  415.967393][T30209]  ? __kasan_kmalloc+0x1a5/0x1e0
[  415.972315][T30209]  ? loop_add+0x554/0x710
[  415.976636][T30209]  ? __kasan_kmalloc+0x131/0x1e0
[  415.981561][T30209]  ? kobj_map+0x74/0x650
[  415.985972][T30209]  ? __device_add_disk+0x63e/0x1200
[  415.991158][T30209]  should_fail+0x709/0x870
[  415.995649][T30209]  ? setup_fault_attr+0x3d0/0x3d0
[  416.000662][T30209]  ? kobject_set_name_vargs+0x5d/0x110
[  416.006108][T30209]  should_failslab+0x5/0x20
[  416.010684][T30209]  __kmalloc_track_caller+0x4f/0x280
[  416.015955][T30209]  kstrdup_const+0x51/0x90
[  416.020388][T30209]  kobject_set_name_vargs+0x5d/0x110
[  416.025663][T30209]  dev_set_name+0xd1/0x120
[  416.030086][T30209]  ? get_device+0x30/0x30
[  416.034440][T30209]  ? kobj_map+0x61f/0x650
[  416.038758][T30209]  __device_add_disk+0x6c3/0x1200
[  416.043773][T30209]  ? device_add_disk+0x30/0x30
[  416.048533][T30209]  ? device_initialize+0x1c7/0x3d0
[  416.053628][T30209]  ? __alloc_disk_node+0x326/0x380
[  416.058727][T30209]  loop_add+0x554/0x710
[  416.062887][T30209]  loop_control_ioctl+0x564/0x740
[  416.067907][T30209]  ? loop_remove+0xa0/0xa0
[  416.072317][T30209]  ? __lru_cache_add+0x1bf/0x210
[  416.077255][T30209]  ? memset+0x1f/0x40
[  416.081232][T30209]  ? fsnotify+0x1332/0x13f0
[  416.085723][T30209]  ? loop_remove+0xa0/0xa0
[  416.090129][T30209]  do_vfs_ioctl+0x744/0x1730
[  416.094711][T30209]  ? selinux_file_ioctl+0x723/0x970
[  416.099924][T30209]  ? ioctl_preallocate+0x250/0x250
[  416.105027][T30209]  ? __fget+0x40c/0x4a0
[  416.109179][T30209]  ? fget_many+0x20/0x20
[  416.113404][T30209]  ? check_preemption_disabled+0x154/0x330
[  416.119201][T30209]  ? debug_smp_processor_id+0x20/0x20
[  416.124586][T30209]  ? security_file_ioctl+0x9d/0xb0
[  416.129921][T30209]  __x64_sys_ioctl+0xd4/0x110
18:36:46 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000080))
read$FUSE(r0, 0x0, 0x55)
r1 = socket(0x9, 0x4, 0x2)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c00100fac68b0800000060485600", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf25170000000c00028008000200018000000c00028008000100000400004800018044000400200001000a004e200000000000000000000000000000ffffac1414aa08000000200002000a004e22fffffffbff02000000000000000000000000000104000000c40005800800010075647000140002800800020004000000080001001100000054000280080004000900000008000400810000000800020004000000080003000100000008000200010000000800020003000000080001000d000000080001000b00000008000400ff01000008000100050000000c000280080001000d0000003400028008000300010100000800040001000080080004000700000008000200000000000800040008000000080003004b000000070001006962000007000100696200002400038008000200090000000800020007000000080002000000000008000100080000000c000280080001000100008018000180130001006574683a697036677265746170300000340007800c00030001000000000000000800020000000100080002002c0b00000c000400f100000000000000080001002f0000000c0002800800020006000000"], 0x1c0}, 0x1, 0x0, 0x0, 0x4040005}, 0x50)

18:36:46 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xe000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:46 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000080))
read$FUSE(r0, 0x0, 0x55)
r1 = socket(0x9, 0x4, 0x2)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c00100fac68b0800000060485600", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf25170000000c00028008000200018000000c00028008000100000400004800018044000400200001000a004e200000000000000000000000000000ffffac1414aa08000000200002000a004e22fffffffbff02000000000000000000000000000104000000c40005800800010075647000140002800800020004000000080001001100000054000280080004000900000008000400810000000800020004000000080003000100000008000200010000000800020003000000080001000d000000080001000b00000008000400ff01000008000100050000000c000280080001000d0000003400028008000300010100000800040001000080080004000700000008000200000000000800040008000000080003004b000000070001006962000007000100696200002400038008000200090000000800020007000000080002000000000008000100080000000c000280080001000100008018000180130001006574683a697036677265746170300000340007800c00030001000000000000000800020000000100080002002c0b00000c000400f100000000000000080001002f0000000c0002800800020006000000"], 0x1c0}, 0x1, 0x0, 0x0, 0x4040005}, 0x50)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000080)) (async)
read$FUSE(r0, 0x0, 0x55) (async)
socket(0x9, 0x4, 0x2) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) (async)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c00100fac68b0800000060485600", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf25170000000c00028008000200018000000c00028008000100000400004800018044000400200001000a004e200000000000000000000000000000ffffac1414aa08000000200002000a004e22fffffffbff02000000000000000000000000000104000000c40005800800010075647000140002800800020004000000080001001100000054000280080004000900000008000400810000000800020004000000080003000100000008000200010000000800020003000000080001000d000000080001000b00000008000400ff01000008000100050000000c000280080001000d0000003400028008000300010100000800040001000080080004000700000008000200000000000800040008000000080003004b000000070001006962000007000100696200002400038008000200090000000800020007000000080002000000000008000100080000000c000280080001000100008018000180130001006574683a697036677265746170300000340007800c00030001000000000000000800020000000100080002002c0b00000c000400f100000000000000080001002f0000000c0002800800020006000000"], 0x1c0}, 0x1, 0x0, 0x0, 0x4040005}, 0x50) (async)

[  416.134851][T30209]  do_syscall_64+0xcb/0x1c0
[  416.139352][T30209]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  416.199099][T30209] kobject_add_internal failed for queue (error: -2 parent: (null))
[  416.207162][T30209] ------------[ cut here ]------------
[  416.212622][T30209] WARNING: CPU: 0 PID: 30209 at fs/sysfs/file.c:328 sysfs_create_files+0x215/0x4a0
[  416.221880][T30209] Modules linked in:
[  416.225773][T30209] CPU: 0 PID: 30209 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  416.237633][T30209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  416.247687][T30209] RIP: 0010:sysfs_create_files+0x215/0x4a0
[  416.253557][T30209] Code: 24 04 48 b9 00 00 00 00 00 fc ff df 48 8b 54 24 08 4c 8b 74 24 20 eb 2b 66 66 2e 0f 1f 84 00 00 00 00 00 66 90 e8 5b 0d ab ff <0f> 0b c7 44 24 04 ea ff ff ff 48 b9 00 00 00 00 00 fc ff df 48 8b
[  416.273151][T30209] RSP: 0018:ffff8881e9f27920 EFLAGS: 00010246
[  416.279204][T30209] RAX: ffffffff81ba7231 RBX: ffff8881cfcf00a0 RCX: 0000000000040000
[  416.287189][T30209] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  416.295153][T30209] RBP: ffff8881e9f279f0 R08: ffffffff843ed881 R09: ffffed103de2034e
[  416.303121][T30209] R10: ffffed103de2034e R11: 1ffff1103de2034d R12: 0000000000000000
[  416.311079][T30209] R13: ffffffff84fd73a0 R14: ffff8881cfcf0070 R15: ffffffff85e45b60
[  416.319066][T30209] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  416.327983][T30209] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.334901][T30209] CR2: 00007ffdc86f5fd8 CR3: 00000001ecad1000 CR4: 00000000003406f0
[  416.343469][T30209] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  416.351430][T30209] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  416.359385][T30209] Call Trace:
[  416.362665][T30209]  ? sysfs_create_file_ns+0x2a0/0x2a0
[  416.368024][T30209]  ? kobject_get+0xca/0x110
[  416.372541][T30209]  __device_add_disk+0x92b/0x1200
[  416.377572][T30209]  ? device_add_disk+0x30/0x30
[  416.382323][T30209]  ? device_initialize+0x1c7/0x3d0
[  416.387419][T30209]  ? __alloc_disk_node+0x326/0x380
[  416.392529][T30209]  loop_add+0x554/0x710
[  416.396672][T30209]  loop_control_ioctl+0x564/0x740
[  416.401679][T30209]  ? loop_remove+0xa0/0xa0
[  416.406080][T30209]  ? __lru_cache_add+0x1bf/0x210
[  416.410999][T30209]  ? memset+0x1f/0x40
[  416.414962][T30209]  ? fsnotify+0x1332/0x13f0
[  416.419448][T30209]  ? loop_remove+0xa0/0xa0
[  416.423848][T30209]  do_vfs_ioctl+0x744/0x1730
[  416.428428][T30209]  ? selinux_file_ioctl+0x723/0x970
[  416.433614][T30209]  ? ioctl_preallocate+0x250/0x250
[  416.438722][T30209]  ? __fget+0x40c/0x4a0
[  416.442863][T30209]  ? fget_many+0x20/0x20
[  416.447096][T30209]  ? check_preemption_disabled+0x154/0x330
[  416.452885][T30209]  ? debug_smp_processor_id+0x20/0x20
[  416.458246][T30209]  ? security_file_ioctl+0x9d/0xb0
[  416.463438][T30209]  __x64_sys_ioctl+0xd4/0x110
[  416.468102][T30209]  do_syscall_64+0xcb/0x1c0
[  416.472597][T30209]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  416.478468][T30209] ---[ end trace 25474f664d9331f7 ]---
[  416.486526][T30209] ------------[ cut here ]------------
[  416.492046][T30209] kernfs: can not remove 'events', no directory
[  416.498720][T30209] WARNING: CPU: 0 PID: 30209 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0xae/0x100
[  416.508503][T30209] Modules linked in:
[  416.512419][T30209] CPU: 0 PID: 30209 Comm: syz-executor.3 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  416.524020][T30209] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  416.534095][T30209] RIP: 0010:kernfs_remove_by_name_ns+0xae/0x100
[  416.540320][T30209] Code: 48 89 df e8 a4 ee ff ff 48 89 df e8 ec ac ff ff 31 db eb 29 e8 43 6a ab ff 48 c7 c7 80 0e e8 84 4c 89 fe 31 c0 e8 72 3e 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 24 6a ab ff bb fe ff ff ff 48 c7 c7
[  416.559913][T30209] RSP: 0018:ffff8881e9f278f8 EFLAGS: 00010246
[  416.565964][T30209] RAX: af91d2c9abf50100 RBX: 0000000000000000 RCX: 0000000000040000
[  416.573920][T30209] RDX: ffffc90002958000 RSI: 000000000003ffff RDI: 0000000000040000
[  416.581876][T30209] RBP: ffff8881e9f279f0 R08: ffffffff814e6f67 R09: ffffed103edcaa08
[  416.589838][T30209] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: ffffffff85e45b60
[  416.597792][T30209] R13: 0000000000000000 R14: 0000000000000000 R15: ffffffff84fd7460
[  416.605747][T30209] FS:  00007ff61b84a700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  416.614657][T30209] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.621220][T30209] CR2: 00007ffdc86f5fd8 CR3: 00000001ecad1000 CR4: 00000000003406f0
[  416.629174][T30209] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  416.637132][T30209] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  416.645083][T30209] Call Trace:
[  416.648361][T30209]  sysfs_create_files+0x40a/0x4a0
[  416.653371][T30209]  ? sysfs_create_file_ns+0x2a0/0x2a0
[  416.658726][T30209]  ? kobject_get+0xca/0x110
[  416.663214][T30209]  __device_add_disk+0x92b/0x1200
[  416.668235][T30209]  ? device_add_disk+0x30/0x30
[  416.672984][T30209]  ? device_initialize+0x1c7/0x3d0
[  416.678082][T30209]  ? __alloc_disk_node+0x326/0x380
[  416.683180][T30209]  loop_add+0x554/0x710
[  416.687320][T30209]  loop_control_ioctl+0x564/0x740
[  416.692327][T30209]  ? loop_remove+0xa0/0xa0
[  416.696727][T30209]  ? __lru_cache_add+0x1bf/0x210
[  416.701650][T30209]  ? memset+0x1f/0x40
[  416.705614][T30209]  ? fsnotify+0x1332/0x13f0
[  416.710104][T30209]  ? loop_remove+0xa0/0xa0
[  416.714511][T30209]  do_vfs_ioctl+0x744/0x1730
[  416.719086][T30209]  ? selinux_file_ioctl+0x723/0x970
[  416.724270][T30209]  ? ioctl_preallocate+0x250/0x250
[  416.729376][T30209]  ? __fget+0x40c/0x4a0
[  416.733520][T30209]  ? fget_many+0x20/0x20
[  416.737747][T30209]  ? check_preemption_disabled+0x154/0x330
[  416.743538][T30209]  ? debug_smp_processor_id+0x20/0x20
18:36:47 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x4c80, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:47 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0xf000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:47 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000080))
read$FUSE(r0, 0x0, 0x55)
r1 = socket(0x9, 0x4, 0x2)
r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c00100fac68b0800000060485600", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf25170000000c00028008000200018000000c00028008000100000400004800018044000400200001000a004e200000000000000000000000000000ffffac1414aa08000000200002000a004e22fffffffbff02000000000000000000000000000104000000c40005800800010075647000140002800800020004000000080001001100000054000280080004000900000008000400810000000800020004000000080003000100000008000200010000000800020003000000080001000d000000080001000b00000008000400ff01000008000100050000000c000280080001000d0000003400028008000300010100000800040001000080080004000700000008000200000000000800040008000000080003004b000000070001006962000007000100696200002400038008000200090000000800020007000000080002000000000008000100080000000c000280080001000100008018000180130001006574683a697036677265746170300000340007800c00030001000000000000000800020000000100080002002c0b00000c000400f100000000000000080001002f0000000c0002800800020006000000"], 0x1c0}, 0x1, 0x0, 0x0, 0x4040005}, 0x50)
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
ioctl$PPPIOCGIDLE32(r0, 0x8008743f, &(0x7f0000000080)) (async)
read$FUSE(r0, 0x0, 0x55) (async)
socket(0x9, 0x4, 0x2) (async)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), r0) (async)
sendmsg$TIPC_NL_KEY_SET(r1, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="c00100fac68b0800000060485600", @ANYRES16=r2, @ANYBLOB="00032cbd7000fddbdf25170000000c00028008000200018000000c00028008000100000400004800018044000400200001000a004e200000000000000000000000000000ffffac1414aa08000000200002000a004e22fffffffbff02000000000000000000000000000104000000c40005800800010075647000140002800800020004000000080001001100000054000280080004000900000008000400810000000800020004000000080003000100000008000200010000000800020003000000080001000d000000080001000b00000008000400ff01000008000100050000000c000280080001000d0000003400028008000300010100000800040001000080080004000700000008000200000000000800040008000000080003004b000000070001006962000007000100696200002400038008000200090000000800020007000000080002000000000008000100080000000c000280080001000100008018000180130001006574683a697036677265746170300000340007800c00030001000000000000000800020000000100080002002c0b00000c000400f100000000000000080001002f0000000c0002800800020006000000"], 0x1c0}, 0x1, 0x0, 0x0, 0x4040005}, 0x50) (async)

18:36:47 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:47 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b8, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b8}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

18:36:47 executing program 5:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r4, 0x4008ae61, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

[  416.748894][T30209]  ? security_file_ioctl+0x9d/0xb0
[  416.753988][T30209]  __x64_sys_ioctl+0xd4/0x110
[  416.758652][T30209]  do_syscall_64+0xcb/0x1c0
[  416.763139][T30209]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  416.769011][T30209] ---[ end trace 25474f664d9331f8 ]---
[  416.788119][T30209] loop0: failed to create sysfs files for events
18:36:47 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x10000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:47 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
fcntl$getownex(r1, 0x10, &(0x7f0000000080))
read$FUSE(r0, 0x0, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0)
ioctl$USBDEVFS_SETCONFIGURATION(r2, 0x80045505, &(0x7f0000000000)=0x6)

[  416.819479][T30243] ------------[ cut here ]------------
[  416.831557][T30243] kernfs: can not remove 'events', no directory
[  416.850091][T30243] WARNING: CPU: 0 PID: 30243 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0xae/0x100
[  416.859888][T30243] Modules linked in:
18:36:47 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async, rerun: 32)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0) (rerun: 32)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async, rerun: 64)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)) (async, rerun: 64)
read$FUSE(r0, 0x0, 0x0)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async)
ioctl$USBDEVFS_SETCONFIGURATION(r2, 0x80045505, &(0x7f0000000000)=0x6)

18:36:47 executing program 2:
r0 = syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0) (async, rerun: 32)
openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x1, 0x0) (async, rerun: 32)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0) (async)
fcntl$getownex(r1, 0x10, &(0x7f0000000080)) (async)
read$FUSE(r0, 0x0, 0x0) (async)
r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r2, 0x4008ae61, 0x0) (async, rerun: 32)
ioctl$USBDEVFS_SETCONFIGURATION(r2, 0x80045505, &(0x7f0000000000)=0x6) (rerun: 32)

[  416.863779][T30243] CPU: 0 PID: 30243 Comm: syz-executor.5 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  416.875471][T30243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  416.885519][T30243] RIP: 0010:kernfs_remove_by_name_ns+0xae/0x100
[  416.891741][T30243] Code: 48 89 df e8 a4 ee ff ff 48 89 df e8 ec ac ff ff 31 db eb 29 e8 43 6a ab ff 48 c7 c7 80 0e e8 84 4c 89 fe 31 c0 e8 72 3e 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 24 6a ab ff bb fe ff ff ff 48 c7 c7
[  416.911334][T30243] RSP: 0018:ffff8881e989fa18 EFLAGS: 00010246
[  416.917385][T30243] RAX: c0c2ee0975526400 RBX: 0000000000000000 RCX: 0000000000040000
[  416.925341][T30243] RDX: ffffc90002556000 RSI: 0000000000012af5 RDI: 0000000000012af6
[  416.933297][T30243] RBP: ffffffff85e45b60 R08: ffffffff814e6f67 R09: ffffed103edcaa08
[  416.941250][T30243] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000
[  416.949466][T30243] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7460
[  416.957430][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
18:36:47 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x11000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:47 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x12000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

[  416.966369][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  416.972953][T30243] CR2: 00007ffdc86f5fd8 CR3: 00000001cf740000 CR4: 00000000003406f0
[  416.980912][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  416.988868][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  416.996817][T30243] Call Trace:
[  417.000097][T30243]  sysfs_remove_files+0x99/0xf0
[  417.004936][T30243]  del_gendisk+0x26e/0xbf0
[  417.009344][T30243]  ? device_add_disk_no_queue_reg+0x20/0x20
[  417.015227][T30243]  loop_remove+0x42/0xa0
[  417.019464][T30243]  loop_control_ioctl+0x67f/0x740
[  417.024478][T30243]  ? loop_remove+0xa0/0xa0
[  417.028878][T30243]  ? fget_many+0x20/0x20
[  417.033112][T30243]  ? __lru_cache_add+0x1bf/0x210
[  417.038303][T30243]  ? loop_remove+0xa0/0xa0
[  417.042710][T30243]  do_vfs_ioctl+0x744/0x1730
[  417.047288][T30243]  ? selinux_file_ioctl+0x723/0x970
[  417.052475][T30243]  ? ioctl_preallocate+0x250/0x250
[  417.057571][T30243]  ? __fget+0x40c/0x4a0
[  417.061712][T30243]  ? fget_many+0x20/0x20
[  417.065950][T30243]  ? __fpregs_load_activate+0x1d7/0x3c0
[  417.071491][T30243]  ? security_file_ioctl+0x9d/0xb0
[  417.076588][T30243]  __x64_sys_ioctl+0xd4/0x110
[  417.081263][T30243]  do_syscall_64+0xcb/0x1c0
[  417.085756][T30243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  417.091634][T30243] ---[ end trace 25474f664d9331f9 ]---
[  417.102816][T30243] ------------[ cut here ]------------
[  417.108935][T30243] kernfs: can not remove 'events_async', no directory
[  417.116008][T30243] WARNING: CPU: 0 PID: 30243 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0xae/0x100
[  417.125786][T30243] Modules linked in:
[  417.129763][T30243] CPU: 0 PID: 30243 Comm: syz-executor.5 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  417.141371][T30243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  417.151439][T30243] RIP: 0010:kernfs_remove_by_name_ns+0xae/0x100
[  417.157674][T30243] Code: 48 89 df e8 a4 ee ff ff 48 89 df e8 ec ac ff ff 31 db eb 29 e8 43 6a ab ff 48 c7 c7 80 0e e8 84 4c 89 fe 31 c0 e8 72 3e 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 24 6a ab ff bb fe ff ff ff 48 c7 c7
[  417.177263][T30243] RSP: 0018:ffff8881e989fa18 EFLAGS: 00010246
[  417.183315][T30243] RAX: c0c2ee0975526400 RBX: 0000000000000000 RCX: 0000000000040000
[  417.191270][T30243] RDX: ffffc90002556000 RSI: 000000000003ffff RDI: 0000000000040000
[  417.199224][T30243] RBP: ffffffff85e45b60 R08: ffffffff814e6f67 R09: ffffed103edcaa08
[  417.207178][T30243] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000
[  417.215134][T30243] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7500
[  417.223090][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  417.232002][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  417.238569][T30243] CR2: 00007fc14c10a718 CR3: 00000001cf740000 CR4: 00000000003406f0
[  417.246524][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  417.254478][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  417.262430][T30243] Call Trace:
[  417.265713][T30243]  sysfs_remove_files+0x99/0xf0
[  417.270549][T30243]  del_gendisk+0x26e/0xbf0
[  417.274958][T30243]  ? device_add_disk_no_queue_reg+0x20/0x20
[  417.280846][T30243]  loop_remove+0x42/0xa0
[  417.285081][T30243]  loop_control_ioctl+0x67f/0x740
[  417.290092][T30243]  ? loop_remove+0xa0/0xa0
[  417.294494][T30243]  ? fget_many+0x20/0x20
[  417.298757][T30243]  ? __lru_cache_add+0x1bf/0x210
[  417.303683][T30243]  ? loop_remove+0xa0/0xa0
[  417.308086][T30243]  do_vfs_ioctl+0x744/0x1730
[  417.312662][T30243]  ? selinux_file_ioctl+0x723/0x970
[  417.317848][T30243]  ? ioctl_preallocate+0x250/0x250
[  417.322945][T30243]  ? __fget+0x40c/0x4a0
[  417.327086][T30243]  ? fget_many+0x20/0x20
[  417.331314][T30243]  ? __fpregs_load_activate+0x1d7/0x3c0
[  417.336848][T30243]  ? security_file_ioctl+0x9d/0xb0
[  417.341982][T30243]  __x64_sys_ioctl+0xd4/0x110
[  417.346647][T30243]  do_syscall_64+0xcb/0x1c0
[  417.351135][T30243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  417.357008][T30243] ---[ end trace 25474f664d9331fa ]---
[  417.364546][T30243] ------------[ cut here ]------------
[  417.370074][T30243] kernfs: can not remove 'events_poll_msecs', no directory
[  417.377591][T30243] WARNING: CPU: 0 PID: 30243 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0xae/0x100
[  417.387370][T30243] Modules linked in:
[  417.391252][T30243] CPU: 0 PID: 30243 Comm: syz-executor.5 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  417.402850][T30243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  417.413510][T30243] RIP: 0010:kernfs_remove_by_name_ns+0xae/0x100
[  417.419737][T30243] Code: 48 89 df e8 a4 ee ff ff 48 89 df e8 ec ac ff ff 31 db eb 29 e8 43 6a ab ff 48 c7 c7 80 0e e8 84 4c 89 fe 31 c0 e8 72 3e 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 24 6a ab ff bb fe ff ff ff 48 c7 c7
[  417.439334][T30243] RSP: 0018:ffff8881e989fa18 EFLAGS: 00010246
[  417.445382][T30243] RAX: c0c2ee0975526400 RBX: 0000000000000000 RCX: 0000000000040000
[  417.453340][T30243] RDX: ffffc90002556000 RSI: 000000000003ffff RDI: 0000000000040000
[  417.461296][T30243] RBP: ffffffff85e45b60 R08: ffffffff814e6f67 R09: ffffed103edcaa08
[  417.469254][T30243] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: 0000000000000000
[  417.477209][T30243] R13: dffffc0000000000 R14: 0000000000000000 R15: ffffffff84fd7520
[  417.485165][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  417.494073][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  417.500649][T30243] CR2: 00007fc14c10a718 CR3: 00000001cf740000 CR4: 00000000003406f0
[  417.508605][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  417.516562][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  417.524521][T30243] Call Trace:
[  417.527799][T30243]  sysfs_remove_files+0x99/0xf0
[  417.532640][T30243]  del_gendisk+0x26e/0xbf0
[  417.537308][T30243]  ? device_add_disk_no_queue_reg+0x20/0x20
[  417.543188][T30243]  loop_remove+0x42/0xa0
[  417.547421][T30243]  loop_control_ioctl+0x67f/0x740
[  417.552460][T30243]  ? loop_remove+0xa0/0xa0
[  417.556858][T30243]  ? fget_many+0x20/0x20
[  417.561085][T30243]  ? __lru_cache_add+0x1bf/0x210
[  417.566014][T30243]  ? loop_remove+0xa0/0xa0
[  417.570417][T30243]  do_vfs_ioctl+0x744/0x1730
[  417.574992][T30243]  ? selinux_file_ioctl+0x723/0x970
[  417.580173][T30243]  ? ioctl_preallocate+0x250/0x250
[  417.585271][T30243]  ? __fget+0x40c/0x4a0
[  417.589414][T30243]  ? fget_many+0x20/0x20
[  417.593638][T30243]  ? __fpregs_load_activate+0x1d7/0x3c0
[  417.599168][T30243]  ? security_file_ioctl+0x9d/0xb0
[  417.604265][T30243]  __x64_sys_ioctl+0xd4/0x110
[  417.608955][T30243]  do_syscall_64+0xcb/0x1c0
[  417.613443][T30243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  417.619314][T30243] ---[ end trace 25474f664d9331fb ]---
[  417.627088][T30243] ------------[ cut here ]------------
[  417.632605][T30243] kernfs: can not remove 'bdi', no directory
[  417.638923][T30243] WARNING: CPU: 0 PID: 30243 at fs/kernfs/dir.c:1511 kernfs_remove_by_name_ns+0xae/0x100
[  417.648704][T30243] Modules linked in:
[  417.652591][T30243] CPU: 0 PID: 30243 Comm: syz-executor.5 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  417.664219][T30243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  417.674273][T30243] RIP: 0010:kernfs_remove_by_name_ns+0xae/0x100
[  417.680494][T30243] Code: 48 89 df e8 a4 ee ff ff 48 89 df e8 ec ac ff ff 31 db eb 29 e8 43 6a ab ff 48 c7 c7 80 0e e8 84 4c 89 fe 31 c0 e8 72 3e 82 ff <0f> 0b bb fe ff ff ff eb 16 e8 24 6a ab ff bb fe ff ff ff 48 c7 c7
[  417.700091][T30243] RSP: 0018:ffff8881e989fa58 EFLAGS: 00010246
[  417.706148][T30243] RAX: c0c2ee0975526400 RBX: 0000000000000000 RCX: 0000000000040000
[  417.714111][T30243] RDX: ffffc90002556000 RSI: 000000000003ffff RDI: 0000000000040000
[  417.722067][T30243] RBP: ffff8881e989fb68 R08: ffffffff814e6f67 R09: ffffed103edcaa08
[  417.730116][T30243] R10: ffffed103edcaa08 R11: 1ffff1103edcaa07 R12: ffff8881cfcf0000
[  417.738080][T30243] R13: ffff8881cfcf04e8 R14: 0000000000000000 R15: ffffffff84fd6fc0
[  417.746049][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  417.754993][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  417.761560][T30243] CR2: 00007fc14c10a718 CR3: 00000001cf740000 CR4: 00000000003406f0
[  417.769519][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  417.777477][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  417.785431][T30243] Call Trace:
[  417.788712][T30243]  del_gendisk+0x593/0xbf0
[  417.793114][T30243]  ? device_add_disk_no_queue_reg+0x20/0x20
[  417.798993][T30243]  loop_remove+0x42/0xa0
[  417.803227][T30243]  loop_control_ioctl+0x67f/0x740
[  417.808241][T30243]  ? loop_remove+0xa0/0xa0
[  417.812642][T30243]  ? fget_many+0x20/0x20
[  417.816868][T30243]  ? __lru_cache_add+0x1bf/0x210
[  417.821790][T30243]  ? loop_remove+0xa0/0xa0
[  417.826190][T30243]  do_vfs_ioctl+0x744/0x1730
[  417.830770][T30243]  ? selinux_file_ioctl+0x723/0x970
[  417.835950][T30243]  ? ioctl_preallocate+0x250/0x250
[  417.841045][T30243]  ? __fget+0x40c/0x4a0
[  417.845182][T30243]  ? fget_many+0x20/0x20
[  417.849408][T30243]  ? __fpregs_load_activate+0x1d7/0x3c0
[  417.854937][T30243]  ? security_file_ioctl+0x9d/0xb0
[  417.860029][T30243]  __x64_sys_ioctl+0xd4/0x110
[  417.864689][T30243]  do_syscall_64+0xcb/0x1c0
18:36:48 executing program 3:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
eventfd2(0x8000, 0x80000)
r1 = ioctl$LOOP_CTL_ADD(r0, 0x2, 0x0)
ioctl$LOOP_CTL_REMOVE(r0, 0x4c81, r1)

18:36:48 executing program 4:
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000200)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x17000000}]}}, &(0x7f0000000280)=""/209, 0x26, 0xd1, 0x1}, 0x20)

18:36:48 executing program 2:
syz_open_dev$vcsn(&(0x7f00000005c0), 0x0, 0x0)
r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r0, 0x4008ae61, 0x0)
fcntl$getownex(r0, 0x10, &(0x7f0000000100))
openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
r2 = syz_open_dev$vcsn(&(0x7f0000000080), 0xc9a, 0x8400)
accept$inet(r2, &(0x7f00000000c0)={0x2, 0x0, @dev}, &(0x7f00000001c0)=0x10)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x101, 0x0)
ioctl$KVM_SET_IDENTITY_MAP_ADDR(0xffffffffffffffff, 0x4008ae48, &(0x7f0000000140)=0x1)
fcntl$getownex(r1, 0x10, &(0x7f0000000180))
read$FUSE(r2, 0x0, 0x0)

18:36:48 executing program 1:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x114, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}]}, 0x114}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
ioctl$KVM_IRQ_LINE(0xffffffffffffffff, 0x4008ae61, 0x0)
ioctl$KVM_CAP_X86_BUS_LOCK_EXIT(0xffffffffffffffff, 0x4068aea3, &(0x7f00000003c0)={0xc1, 0x0, 0x3})

18:36:48 executing program 0:
r0 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
sendmsg$TIPC_NL_LINK_RESET_STATS(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f0000000240)={&(0x7f0000000080)={0x1b0, 0x0, 0x200, 0x70bd29, 0x25dfdbfe, {}, [@TIPC_NLA_LINK={0x48, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x11f7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_LINK={0x30, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x79}, @TIPC_NLA_PROP_PRIO={0x8}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x100000}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffff81}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffff63d}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x3f}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7}, @TIPC_NLA_PUBL_UPPER={0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x21}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7fff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x6933}]}, @TIPC_NLA_NODE={0xa4, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_REKEYING={0x8, 0x6, 0x3f}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_KEY={0x4c, 0x4, {'gcm(aes)\x00', 0x24, "bb1157bff72c211765653f2de608ca6af603c578c42d7420d662e983616d1da59c5e074d"}}, @TIPC_NLA_NODE_KEY={0x48, 0x4, {'gcm(aes)\x00', 0x20, "7e2c6a208e0c8f2e2043015aa6dfc319da7cf4d80ed1decd855fc2ab7102c344"}}]}]}, 0x1b0}, 0x1, 0x0, 0x0, 0x54}, 0x800)
r1 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, 0x0)
sendmsg$TIPC_CMD_DISABLE_BEARER(r1, &(0x7f0000000380)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, 0x0, 0x400, 0x70bd25, 0x25dfdbfc, {{}, {}, {0x18, 0x13, @l2={'eth', 0x3a, 'bridge_slave_0\x00'}}}, ["", ""]}, 0x34}, 0x1, 0x0, 0x0, 0x1}, 0x8005)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000480), r1)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r1, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000500)={&(0x7f00000004c0)={0x2c, r2, 0x10, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4800}, 0x4040000)
r3 = ioctl$LOOP_CTL_GET_FREE(r0, 0x4c81)
r4 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000700), 0x0, 0x0)
ioctl$LOOP_CTL_REMOVE(r4, 0x4c81, r3)

[  417.869186][T30243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  417.875064][T30243] ---[ end trace 25474f664d9331fc ]---
[  417.899810][T30243] kasan: CONFIG_KASAN_INLINE enabled
[  417.911581][T30243] kasan: GPF could be caused by NULL-ptr deref or user memory access
[  417.931733][T30243] general protection fault: 0000 [#1] PREEMPT SMP KASAN
[  417.938690][T30243] CPU: 0 PID: 30243 Comm: syz-executor.5 Tainted: G        W         5.4.225-syzkaller-00029-g6a5ec6cea0cd #0
[  417.950294][T30243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/12/2023
[  417.960349][T30243] RIP: 0010:strlen+0x2a/0x60
[  417.964921][T30243] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
[  417.984509][T30243] RSP: 0018:ffff8881e989f9b8 EFLAGS: 00010246
[  417.990559][T30243] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  417.998516][T30243] RDX: ffffc90002556000 RSI: 000000000003ffff RDI: 0000000000000000
[  418.006470][T30243] RBP: 0000000000000000 R08: ffffffff81b9e5d9 R09: ffffed103d313f3d
[  418.014427][T30243] R10: ffffed103d313f3d R11: 1ffff1103d313f3c R12: ffffffffffffffff
[  418.022401][T30243] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[  418.030361][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  418.039272][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  418.045838][T30243] CR2: 00007f000dd5e988 CR3: 00000001cf740000 CR4: 00000000003406f0
[  418.053819][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  418.061779][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  418.069738][T30243] Call Trace:
[  418.073051][T30243]  kernfs_name_hash+0x1e/0x220
[  418.077806][T30243]  kernfs_find_ns+0x6b/0x260
[  418.082393][T30243]  kernfs_remove_by_name_ns+0x33/0x100
[  418.087837][T30243]  del_gendisk+0x98a/0xbf0
[  418.092242][T30243]  ? device_add_disk_no_queue_reg+0x20/0x20
[  418.098124][T30243]  loop_remove+0x42/0xa0
[  418.102353][T30243]  loop_control_ioctl+0x67f/0x740
[  418.107364][T30243]  ? loop_remove+0xa0/0xa0
[  418.111770][T30243]  ? fget_many+0x20/0x20
[  418.115997][T30243]  ? __lru_cache_add+0x1bf/0x210
[  418.120922][T30243]  ? loop_remove+0xa0/0xa0
[  418.125324][T30243]  do_vfs_ioctl+0x744/0x1730
[  418.129907][T30243]  ? selinux_file_ioctl+0x723/0x970
[  418.135086][T30243]  ? ioctl_preallocate+0x250/0x250
[  418.140182][T30243]  ? __fget+0x40c/0x4a0
[  418.144334][T30243]  ? fget_many+0x20/0x20
[  418.148561][T30243]  ? __fpregs_load_activate+0x1d7/0x3c0
[  418.154094][T30243]  ? security_file_ioctl+0x9d/0xb0
[  418.159192][T30243]  __x64_sys_ioctl+0xd4/0x110
[  418.163878][T30243]  do_syscall_64+0xcb/0x1c0
[  418.168370][T30243]  entry_SYSCALL_64_after_hwframe+0x5c/0xc1
[  418.174246][T30243] Modules linked in:
[  418.182131][T30243] ---[ end trace 25474f664d9331fd ]---
[  418.188563][T30243] RIP: 0010:strlen+0x2a/0x60
[  418.193409][T30243] Code: 41 57 41 56 41 54 53 49 89 fe 48 c7 c0 ff ff ff ff 49 bf 00 00 00 00 00 fc ff df 48 89 fb 66 90 49 89 c4 48 89 d8 48 c1 e8 03 <42> 0f b6 04 38 84 c0 75 12 48 ff c3 49 8d 44 24 01 43 80 7c 26 01
[  418.213246][T30243] RSP: 0018:ffff8881e989f9b8 EFLAGS: 00010246
[  418.219362][T30243] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000
[  418.227579][T30243] RDX: ffffc90002556000 RSI: 000000000003ffff RDI: 0000000000000000
[  418.235730][T30243] RBP: 0000000000000000 R08: ffffffff81b9e5d9 R09: ffffed103d313f3d
[  418.243905][T30243] R10: ffffed103d313f3d R11: 1ffff1103d313f3c R12: ffffffffffffffff
[  418.251918][T30243] R13: 0000000000000000 R14: 0000000000000000 R15: dffffc0000000000
[  418.260138][T30243] FS:  00007f87bcb38700(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000
[  418.269253][T30243] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  418.276059][T30243] CR2: 00007f000dd5e988 CR3: 00000001cf740000 CR4: 00000000003406f0
[  418.284209][T30243] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  418.292220][T30243] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  418.300443][T30243] Kernel panic - not syncing: Fatal exception
[  418.306633][T30243] Kernel Offset: disabled
[  418.310936][T30243] Rebooting in 86400 seconds..