0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r1)
r2 = syz_io_uring_complete(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1a, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xff}, [@jmp={0x5, 0x0, 0x3, 0x4, 0x1, 0xffffffffffffffff, 0x1}, @ldst={0x1, 0x1, 0x1, 0x1, 0x5, 0x10, 0x8}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffb}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @generic={0x0, 0x2, 0x9, 0x5, 0x1}, @alu={0x4, 0x1, 0x3, 0x7, 0x2, 0xc, 0x10}, @jmp={0x5, 0x1, 0x0, 0xa, 0x3, 0x8, 0xfffffffffffffff8}, @exit]}, &(0x7f00000003c0)='GPL\x00', 0x80000001, 0x5b, &(0x7f0000000400)=""/91, 0x41000, 0x2b, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000480)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xe, 0x4, 0x401}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1, r1], 0x0, 0x10, 0x80000000}, 0x90)
syz_clone3(&(0x7f0000000240)={0xd000100, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x11}, &(0x7f0000000100)=""/185, 0xb9, &(0x7f00000001c0)=""/24, &(0x7f0000000200)=[r0, r0], 0x2, {r1}}, 0x58)
ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000000)=0x80000000)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x2000, 0x0)
r3 = accept4$tipc(r2, &(0x7f0000000180)=@name, &(0x7f00000001c0)=0x10, 0x800)
accept4$tipc(r3, 0x0, &(0x7f0000000200), 0x81000) (async)
ioctl$PPPIOCNEWUNIT(r2, 0xc004743e, &(0x7f0000000140))

10:01:04 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 32)

[  629.283244][T23419] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  629.283264][T23419]  </TASK>
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x5)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async, rerun: 32)
keyctl$get_persistent(0x16, 0xffffffffffffffff, r0) (async, rerun: 32)
keyctl$link(0x3, r0, 0x0)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$unlink(0x9, r0, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x14c, r2, 0xa00, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x5}, 0x20000000)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2e}, 0x48, r0)
socketpair(0x10, 0x800, 0xffff72ce, &(0x7f00000004c0))
r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, r6, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r1)
keyctl$link(0x3, r6, r5)

[  629.355448][T23475] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.369456][T23483] FAULT_INJECTION: forcing a failure.
[  629.369456][T23483] name failslab, interval 1, probability 0, space 0, times 0
[  629.382055][T23483] CPU: 0 PID: 23483 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  629.392141][T23483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  629.402034][T23483] Call Trace:
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$unlink(0x9, r0, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x14c, r2, 0xa00, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x5}, 0x20000000)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2e}, 0x48, r0)
socketpair(0x10, 0x800, 0xffff72ce, &(0x7f00000004c0))
r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, r6, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r1)
keyctl$link(0x3, r6, r5)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$unlink(0x9, r0, r0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00'}) (async)
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x14c, r2, 0xa00, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x5}, 0x20000000) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2e}, 0x48, r0) (async)
socketpair(0x10, 0x800, 0xffff72ce, &(0x7f00000004c0)) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x3, r6, 0x0) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r1) (async)
keyctl$link(0x3, r6, r5) (async)

[  629.405157][T23483]  <TASK>
[  629.407934][T23483]  dump_stack_lvl+0x151/0x1b7
[  629.412539][T23483]  ? io_uring_drop_tctx_refs+0x190/0x190
[  629.418002][T23483]  ? slab_post_alloc_hook+0x53/0x2c0
[  629.423127][T23483]  ? kernel_clone+0x21e/0x9e0
[  629.427636][T23483]  ? do_syscall_64+0x3d/0xb0
[  629.432065][T23483]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  629.437967][T23483]  dump_stack+0x15/0x17
[  629.441960][T23483]  should_fail+0x3c6/0x510
[  629.446214][T23483]  __should_failslab+0xa4/0xe0
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$unlink(0x9, r0, r0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), 0xffffffffffffffff) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'team0\x00', <r3=>0x0}) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000240)={'batadv_slave_0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000440)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000280)={0x14c, r2, 0xa00, 0x70bd2b, 0x25dfdbfd, {}, [{{0x8, 0x1, r3}, {0x130, 0x2, 0x0, 0x1, [{0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x16c}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x6}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r4}}, {0x8}}}]}}]}, 0x14c}, 0x1, 0x0, 0x0, 0x5}, 0x20000000) (async, rerun: 64)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2e}, 0x48, r0) (async, rerun: 64)
socketpair(0x10, 0x800, 0xffff72ce, &(0x7f00000004c0)) (async)
r6 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, r6, 0x0) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000480), r1) (async)
keyctl$link(0x3, r6, r5)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x8)

[  629.449473][T23494] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.450805][T23483]  ? copy_mm+0x192/0x13e0
[  629.464093][T23483]  should_failslab+0x9/0x20
[  629.468430][T23483]  slab_pre_alloc_hook+0x37/0xd0
[  629.473205][T23483]  ? copy_mm+0x192/0x13e0
[  629.477466][T23483]  kmem_cache_alloc+0x44/0x200
[  629.482145][T23483]  copy_mm+0x192/0x13e0
[  629.486140][T23483]  ? _raw_spin_lock+0xa4/0x1b0
[  629.490827][T23483]  ? copy_signal+0x610/0x610
[  629.495251][T23483]  ? __kasan_check_write+0x14/0x20
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x9)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xa)

[  629.497193][T23512] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.500192][T23483]  ? __init_rwsem+0xd6/0x1c0
[  629.513735][T23483]  ? copy_signal+0x4e3/0x610
[  629.518162][T23483]  copy_process+0x1149/0x3290
[  629.522679][T23483]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  629.527624][T23483]  ? copy_clone_args_from_user+0x774/0x830
[  629.533265][T23483]  kernel_clone+0x21e/0x9e0
[  629.537604][T23483]  ? __delayed_free_task+0x20/0x20
[  629.538661][T23517] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.542547][T23483]  ? vfs_write+0x9ec/0x1110
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xb)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xc)

[  629.542572][T23483]  ? create_io_thread+0x1e0/0x1e0
[  629.542599][T23483]  __x64_sys_clone3+0x376/0x3a0
[  629.565640][T23483]  ? __ia32_sys_clone+0x290/0x290
[  629.570500][T23483]  ? fput+0x1a/0x20
[  629.574148][T23483]  ? debug_smp_processor_id+0x17/0x20
[  629.579361][T23483]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  629.585253][T23483]  ? exit_to_user_mode_prepare+0x39/0xa0
[  629.585897][T23523] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.590717][T23483]  do_syscall_64+0x3d/0xb0
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xd)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)='\x00')
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r3, r4, r5, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r3, r1, r1, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
keyctl$link(0x3, r0, 0x0)

[  629.590746][T23483]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  629.609816][T23483] RIP: 0033:0x7f19fd5aeda9
[  629.614067][T23483] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  629.633509][T23483] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  629.641150][T23529] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)='\x00')
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r3, r4, r5, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r3, r1, r1, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)='\x00') (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
ioctl$RTC_PIE_OFF(r2, 0x7006) (async)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
keyctl$KEYCTL_MOVE(0x1e, r3, r4, r5, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r3, r1, r1, 0x0) (async)
ioctl$RTC_PIE_OFF(r2, 0x7006) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x10)

10:01:04 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r1) (async, rerun: 64)
r2 = syz_io_uring_complete(0x0) (rerun: 64)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1a, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xff}, [@jmp={0x5, 0x0, 0x3, 0x4, 0x1, 0xffffffffffffffff, 0x1}, @ldst={0x1, 0x1, 0x1, 0x1, 0x5, 0x10, 0x8}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffb}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @generic={0x0, 0x2, 0x9, 0x5, 0x1}, @alu={0x4, 0x1, 0x3, 0x7, 0x2, 0xc, 0x10}, @jmp={0x5, 0x1, 0x0, 0xa, 0x3, 0x8, 0xfffffffffffffff8}, @exit]}, &(0x7f00000003c0)='GPL\x00', 0x80000001, 0x5b, &(0x7f0000000400)=""/91, 0x41000, 0x2b, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000480)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xe, 0x4, 0x401}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1, r1], 0x0, 0x10, 0x80000000}, 0x90) (async)
syz_clone3(&(0x7f0000000240)={0xd000100, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x11}, &(0x7f0000000100)=""/185, 0xb9, &(0x7f00000001c0)=""/24, &(0x7f0000000200)=[r0, r0], 0x2, {r1}}, 0x58) (async)
ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000000)=0x80000000)

[  629.641749][T23483] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  629.641769][T23483] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  629.666675][T23483] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  629.674489][T23483] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  629.682296][T23483] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  629.690115][T23483]  </TASK>
10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x11)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='rxrpc_s\x00', &(0x7f00000000c0)='\x00')
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r3, r4, r5, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r3, r1, r1, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r3, r1, r1, 0x0)
ioctl$RTC_PIE_OFF(r2, 0x7006)
keyctl$link(0x3, r0, 0x0)

10:01:04 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 33)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$link(0x3, r1, 0x0)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x12)

[  629.699679][T23549] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
10:01:04 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r1)
r2 = syz_io_uring_complete(0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x1a, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xff}, [@jmp={0x5, 0x0, 0x3, 0x4, 0x1, 0xffffffffffffffff, 0x1}, @ldst={0x1, 0x1, 0x1, 0x1, 0x5, 0x10, 0x8}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x1}, @cb_func={0x18, 0x2, 0x4, 0x0, 0xfffffffffffffffb}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @generic={0x0, 0x2, 0x9, 0x5, 0x1}, @alu={0x4, 0x1, 0x3, 0x7, 0x2, 0xc, 0x10}, @jmp={0x5, 0x1, 0x0, 0xa, 0x3, 0x8, 0xfffffffffffffff8}, @exit]}, &(0x7f00000003c0)='GPL\x00', 0x80000001, 0x5b, &(0x7f0000000400)=""/91, 0x41000, 0x2b, '\x00', 0x0, 0x25, r2, 0x8, &(0x7f0000000480)={0x8, 0x4}, 0x8, 0x10, &(0x7f00000004c0)={0x1, 0xe, 0x4, 0x401}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1, r1], 0x0, 0x10, 0x80000000}, 0x90)
syz_clone3(&(0x7f0000000240)={0xd000100, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x11}, &(0x7f0000000100)=""/185, 0xb9, &(0x7f00000001c0)=""/24, &(0x7f0000000200)=[r0, r0], 0x2, {r1}}, 0x58) (async)
syz_clone3(&(0x7f0000000240)={0xd000100, &(0x7f0000000040), &(0x7f0000000080), &(0x7f00000000c0), {0x11}, &(0x7f0000000100)=""/185, 0xb9, &(0x7f00000001c0)=""/24, &(0x7f0000000200)=[r0, r0], 0x2, {r1}}, 0x58)
ioctl$PPPIOCSDEBUG(0xffffffffffffffff, 0x40047440, &(0x7f0000000000)=0x80000000)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x14)

[  629.750230][T23562] FAULT_INJECTION: forcing a failure.
[  629.750230][T23562] name failslab, interval 1, probability 0, space 0, times 0
[  629.755587][T23564] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  629.767088][T23562] CPU: 0 PID: 23562 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  629.782100][T23562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  629.791997][T23562] Call Trace:
[  629.795130][T23562]  <TASK>
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x15)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x18)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x25)

[  629.797894][T23562]  dump_stack_lvl+0x151/0x1b7
[  629.802495][T23562]  ? io_uring_drop_tctx_refs+0x190/0x190
[  629.807966][T23562]  dump_stack+0x15/0x17
[  629.811956][T23562]  should_fail+0x3c6/0x510
[  629.816216][T23562]  __should_failslab+0xa4/0xe0
[  629.820809][T23562]  ? anon_vma_clone+0x9a/0x500
[  629.825408][T23562]  should_failslab+0x9/0x20
[  629.829748][T23562]  slab_pre_alloc_hook+0x37/0xd0
[  629.834523][T23562]  ? anon_vma_clone+0x9a/0x500
[  629.839120][T23562]  kmem_cache_alloc+0x44/0x200
[  629.843723][T23562]  anon_vma_clone+0x9a/0x500
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x48)

10:01:04 executing program 2:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x20040)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:04 executing program 2:
socket$pppl2tp(0x18, 0x1, 0x1) (async)
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x20040)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  629.848153][T23562]  anon_vma_fork+0x91/0x4e0
[  629.852490][T23562]  ? anon_vma_name+0x4c/0x70
[  629.856914][T23562]  ? vm_area_dup+0x17a/0x230
[  629.861344][T23562]  copy_mm+0xa3a/0x13e0
[  629.865342][T23562]  ? copy_signal+0x610/0x610
[  629.869761][T23562]  ? __init_rwsem+0xd6/0x1c0
[  629.874185][T23562]  ? copy_signal+0x4e3/0x610
[  629.878610][T23562]  copy_process+0x1149/0x3290
[  629.883132][T23562]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  629.888074][T23562]  ? copy_clone_args_from_user+0x774/0x830
[  629.893728][T23562]  kernel_clone+0x21e/0x9e0
10:01:04 executing program 2:
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$PPPIOCSFLAGS(r0, 0x40047459, &(0x7f0000000000)=0x20040)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:04 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getpeername$tipc(r0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@cgroup=r0, 0x10, 0x1, 0x8, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0]}, 0x40)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)
keyctl$link(0x8, r2, r2)

[  629.898053][T23562]  ? __delayed_free_task+0x20/0x20
[  629.903090][T23562]  ? vfs_write+0x9ec/0x1110
[  629.907432][T23562]  ? create_io_thread+0x1e0/0x1e0
[  629.912294][T23562]  __x64_sys_clone3+0x376/0x3a0
[  629.916978][T23562]  ? __ia32_sys_clone+0x290/0x290
[  629.921836][T23562]  ? fput+0x1a/0x20
[  629.925484][T23562]  ? debug_smp_processor_id+0x17/0x20
[  629.930685][T23562]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  629.936589][T23562]  ? exit_to_user_mode_prepare+0x39/0xa0
[  629.942059][T23562]  do_syscall_64+0x3d/0xb0
10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4c)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r1) (async)
keyctl$link(0x3, r2, 0x0) (async)
keyctl$link(0x8, r2, r2)

10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x10000000}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:04 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x68)

10:01:04 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async, rerun: 32)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r1) (rerun: 32)
keyctl$link(0x3, r2, 0x0)
keyctl$link(0x8, r2, r2)

[  629.946310][T23562]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  629.952037][T23562] RIP: 0033:0x7f19fd5aeda9
[  629.956294][T23562] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  629.975829][T23562] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
10:01:04 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x10000000}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:04 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 34)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6c)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x10000000}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:05 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x400900, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000000140))
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r3, 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000180)=0x3)
keyctl$link(0x3, r2, 0x0)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$negate(0xd, r0, 0x81, r1)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0)
keyctl$link(0x3, r0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x74)

[  629.975863][T23562] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  629.975881][T23562] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  629.975897][T23562] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:05 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 35)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7a)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$negate(0xd, r0, 0x81, r1) (async)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0)
keyctl$link(0x3, r0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0)

10:01:05 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 36)

[  629.975912][T23562] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  629.975926][T23562] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  629.975946][T23562]  </TASK>
[  630.036803][T23610] FAULT_INJECTION: forcing a failure.
[  630.036803][T23610] name failslab, interval 1, probability 0, space 0, times 0
10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$negate(0xd, r0, 0x81, r1) (async)
keyctl$negate(0xd, r0, 0x81, r1)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0)
keyctl$link(0x3, r0, 0x0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x20000, 0x0)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)
r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "8a1ec2b5ea56b6927fc0008eee4dc2170c19930dc73a215d3be52631993976c888301ce97a4872ff031cb6513a2b2c6847ace43fdb441143e89fd959cde86718", 0x20}, 0x48, r1)
r4 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "d1142a3fdc4724f1692a3e2344765a2d12ab1699cf0a5058ca26ec62bcd0c1d8ebc69fe9c88f416fcb916ddf5ccd144f2489ff4da400", 0x22}, 0x48, r3)
keyctl$link(0x8, r4, r1)
keyctl$link(0x3, r0, 0x0)
keyctl$negate(0xd, r3, 0x28c, r3)
getuid()

10:01:05 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getpeername$tipc(r0, 0x0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@cgroup=r0, 0x10, 0x1, 0x8, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0]}, 0x40)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x300)

[  630.036836][T23610] CPU: 0 PID: 23610 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  630.036862][T23610] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  630.036876][T23610] Call Trace:
[  630.036882][T23610]  <TASK>
[  630.036890][T23610]  dump_stack_lvl+0x151/0x1b7
[  630.036916][T23610]  ? io_uring_drop_tctx_refs+0x190/0x190
[  630.036940][T23610]  dump_stack+0x15/0x17
[  630.036958][T23610]  should_fail+0x3c6/0x510
[  630.036981][T23610]  __should_failslab+0xa4/0xe0
[  630.037006][T23610]  ? anon_vma_clone+0x9a/0x500
10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
getuid() (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0) (async)
keyctl$get_persistent(0x16, r2, r0)
r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "8a1ec2b5ea56b6927fc0008eee4dc2170c19930dc73a215d3be52631993976c888301ce97a4872ff031cb6513a2b2c6847ace43fdb441143e89fd959cde86718", 0x20}, 0x48, r1)
add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "d1142a3fdc4724f1692a3e2344765a2d12ab1699cf0a5058ca26ec62bcd0c1d8ebc69fe9c88f416fcb916ddf5ccd144f2489ff4da400", 0x22}, 0x48, r3) (async)
r4 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "d1142a3fdc4724f1692a3e2344765a2d12ab1699cf0a5058ca26ec62bcd0c1d8ebc69fe9c88f416fcb916ddf5ccd144f2489ff4da400", 0x22}, 0x48, r3)
keyctl$link(0x8, r4, r1)
keyctl$link(0x3, r0, 0x0)
keyctl$negate(0xd, r3, 0x28c, r3)
getuid()

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x500)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x600)

[  630.037026][T23610]  should_failslab+0x9/0x20
[  630.037046][T23610]  slab_pre_alloc_hook+0x37/0xd0
[  630.037069][T23610]  ? anon_vma_clone+0x9a/0x500
[  630.037088][T23610]  kmem_cache_alloc+0x44/0x200
[  630.037110][T23610]  anon_vma_clone+0x9a/0x500
[  630.037132][T23610]  anon_vma_fork+0x91/0x4e0
[  630.037151][T23610]  ? anon_vma_name+0x4c/0x70
[  630.037170][T23610]  ? vm_area_dup+0x17a/0x230
[  630.037208][T23610]  copy_mm+0xa3a/0x13e0
[  630.037236][T23610]  ? copy_signal+0x610/0x610
[  630.037260][T23610]  ? __init_rwsem+0xd6/0x1c0
10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x700)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0) (async)
r3 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "8a1ec2b5ea56b6927fc0008eee4dc2170c19930dc73a215d3be52631993976c888301ce97a4872ff031cb6513a2b2c6847ace43fdb441143e89fd959cde86718", 0x20}, 0x48, r1)
r4 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "d1142a3fdc4724f1692a3e2344765a2d12ab1699cf0a5058ca26ec62bcd0c1d8ebc69fe9c88f416fcb916ddf5ccd144f2489ff4da400", 0x22}, 0x48, r3)
keyctl$link(0x8, r4, r1) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$negate(0xd, r3, 0x28c, r3) (async)
getuid()

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x900)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xa00)

[  630.037301][T23610]  ? copy_signal+0x4e3/0x610
[  630.037327][T23610]  copy_process+0x1149/0x3290
[  630.037355][T23610]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  630.037379][T23610]  ? copy_clone_args_from_user+0x774/0x830
[  630.037402][T23610]  kernel_clone+0x21e/0x9e0
[  630.037425][T23610]  ? __delayed_free_task+0x20/0x20
[  630.037445][T23610]  ? vfs_write+0x9ec/0x1110
[  630.037466][T23610]  ? create_io_thread+0x1e0/0x1e0
[  630.037493][T23610]  __x64_sys_clone3+0x376/0x3a0
[  630.037518][T23610]  ? __ia32_sys_clone+0x290/0x290
[  630.037545][T23610]  ? fput+0x1a/0x20
10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xb00)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xc00)

10:01:05 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = syz_io_uring_setup(0x67d9, &(0x7f0000000180)={0x0, 0x2e24, 0x400, 0x2, 0x7}, &(0x7f0000000300), &(0x7f0000000340))
syz_io_uring_setup(0x38e2, &(0x7f0000000380)={0x0, 0x2b1d, 0x200, 0x2, 0xc1, 0x0, r1}, &(0x7f0000000400), &(0x7f0000000440))
sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x1}, ["", "", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x10)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x4000000}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xd00)

[  630.037567][T23610]  ? debug_smp_processor_id+0x17/0x20
[  630.037592][T23610]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  630.037618][T23610]  ? exit_to_user_mode_prepare+0x39/0xa0
[  630.037643][T23610]  do_syscall_64+0x3d/0xb0
[  630.037664][T23610]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.037692][T23610] RIP: 0033:0x7f19fd5aeda9
[  630.037711][T23610] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe00)

10:01:05 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = syz_io_uring_setup(0x67d9, &(0x7f0000000180)={0x0, 0x2e24, 0x400, 0x2, 0x7}, &(0x7f0000000300), &(0x7f0000000340))
syz_io_uring_setup(0x38e2, &(0x7f0000000380)={0x0, 0x2b1d, 0x200, 0x2, 0xc1, 0x0, r1}, &(0x7f0000000400), &(0x7f0000000440)) (async)
syz_io_uring_setup(0x38e2, &(0x7f0000000380)={0x0, 0x2b1d, 0x200, 0x2, 0xc1, 0x0, r1}, &(0x7f0000000400), &(0x7f0000000440))
sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x1}, ["", "", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x10)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x4000000}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe50)

10:01:05 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
r1 = syz_io_uring_setup(0x67d9, &(0x7f0000000180)={0x0, 0x2e24, 0x400, 0x2, 0x7}, &(0x7f0000000300), &(0x7f0000000340))
syz_io_uring_setup(0x38e2, &(0x7f0000000380)={0x0, 0x2b1d, 0x200, 0x2, 0xc1, 0x0, r1}, &(0x7f0000000400), &(0x7f0000000440))
sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x1}, ["", "", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x10)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x4000000}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)
socket$nl_audit(0x10, 0x3, 0x9) (async)
syz_io_uring_setup(0x67d9, &(0x7f0000000180)={0x0, 0x2e24, 0x400, 0x2, 0x7}, &(0x7f0000000300), &(0x7f0000000340)) (async)
syz_io_uring_setup(0x38e2, &(0x7f0000000380)={0x0, 0x2b1d, 0x200, 0x2, 0xc1, 0x0, r1}, &(0x7f0000000400), &(0x7f0000000440)) (async)
sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x18, 0x3f9, 0x400, 0x70bd27, 0x25dfdbff, {0x0, 0x1}, ["", "", "", "", "", "", "", "", ""]}, 0x18}, 0x1, 0x0, 0x0, 0x40001}, 0x10) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000280)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x4000000}, 0x48, r2) (async)
keyctl$link(0x3, r2, 0x0) (async)

[  630.037732][T23610] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  630.037758][T23610] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  630.037776][T23610] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  630.037793][T23610] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  630.037809][T23610] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  630.037823][T23610] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  630.037843][T23610]  </TASK>
10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, r0)
keyctl$reject(0x13, r0, 0x18, 0x3, r0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf00)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1100)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, r0)
keyctl$reject(0x13, r0, 0x18, 0x3, r0) (async)
keyctl$reject(0x13, r0, 0x18, 0x3, r0)

[  630.093593][T23626] FAULT_INJECTION: forcing a failure.
[  630.093593][T23626] name failslab, interval 1, probability 0, space 0, times 0
[  630.093636][T23626] CPU: 0 PID: 23626 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  630.093663][T23626] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  630.093677][T23626] Call Trace:
[  630.093684][T23626]  <TASK>
[  630.093692][T23626]  dump_stack_lvl+0x151/0x1b7
[  630.093720][T23626]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1200)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, r0)
keyctl$reject(0x13, r0, 0x18, 0x3, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, r0) (async)
keyctl$reject(0x13, r0, 0x18, 0x3, r0) (async)

[  630.093745][T23626]  dump_stack+0x15/0x17
[  630.093764][T23626]  should_fail+0x3c6/0x510
[  630.093787][T23626]  __should_failslab+0xa4/0xe0
[  630.093811][T23626]  ? anon_vma_fork+0xf7/0x4e0
[  630.093831][T23626]  should_failslab+0x9/0x20
[  630.093853][T23626]  slab_pre_alloc_hook+0x37/0xd0
[  630.093878][T23626]  ? anon_vma_fork+0xf7/0x4e0
[  630.093898][T23626]  kmem_cache_alloc+0x44/0x200
[  630.093922][T23626]  anon_vma_fork+0xf7/0x4e0
[  630.093940][T23626]  ? anon_vma_name+0x4c/0x70
[  630.093959][T23626]  ? vm_area_dup+0x17a/0x230
[  630.093983][T23626]  copy_mm+0xa3a/0x13e0
[  630.094021][T23626]  ? copy_signal+0x610/0x610
[  630.094044][T23626]  ? __init_rwsem+0xd6/0x1c0
[  630.094065][T23626]  ? copy_signal+0x4e3/0x610
[  630.094089][T23626]  copy_process+0x1149/0x3290
[  630.094126][T23626]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  630.094149][T23626]  ? copy_clone_args_from_user+0x774/0x830
[  630.094169][T23626]  kernel_clone+0x21e/0x9e0
[  630.094190][T23626]  ? __delayed_free_task+0x20/0x20
[  630.094209][T23626]  ? vfs_write+0x9ec/0x1110
[  630.094228][T23626]  ? create_io_thread+0x1e0/0x1e0
[  630.094253][T23626]  __x64_sys_clone3+0x376/0x3a0
[  630.094275][T23626]  ? __ia32_sys_clone+0x290/0x290
[  630.094299][T23626]  ? fput+0x1a/0x20
[  630.094319][T23626]  ? debug_smp_processor_id+0x17/0x20
[  630.094341][T23626]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  630.094365][T23626]  ? exit_to_user_mode_prepare+0x39/0xa0
[  630.094387][T23626]  do_syscall_64+0x3d/0xb0
[  630.094406][T23626]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.094431][T23626] RIP: 0033:0x7f19fd5aeda9
[  630.094448][T23626] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  630.094467][T23626] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  630.094491][T23626] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  630.094507][T23626] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  630.094522][T23626] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  630.094536][T23626] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  630.094550][T23626] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  630.094568][T23626]  </TASK>
[  630.122852][T23633] FAULT_INJECTION: forcing a failure.
[  630.122852][T23633] name failslab, interval 1, probability 0, space 0, times 0
[  630.646647][T23633] CPU: 1 PID: 23633 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  630.646676][T23633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  630.646689][T23633] Call Trace:
[  630.646696][T23633]  <TASK>
10:01:05 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x400900, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000000140)) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r3, 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000180)=0x3) (async)
keyctl$link(0x3, r2, 0x0)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x332, r1)
keyctl$link(0x3, r0, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1400)

10:01:05 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 37)

10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x332, r1)
keyctl$link(0x3, r0, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1500)

[  630.672557][T23633]  dump_stack_lvl+0x151/0x1b7
[  630.672580][T23633]  ? io_uring_drop_tctx_refs+0x190/0x190
[  630.672596][T23633]  dump_stack+0x15/0x17
[  630.672608][T23633]  should_fail+0x3c6/0x510
[  630.672624][T23633]  __should_failslab+0xa4/0xe0
[  630.672640][T23633]  ? anon_vma_fork+0x1df/0x4e0
[  630.672653][T23633]  should_failslab+0x9/0x20
[  630.672667][T23633]  slab_pre_alloc_hook+0x37/0xd0
[  630.672683][T23633]  ? anon_vma_fork+0x1df/0x4e0
[  630.672695][T23633]  kmem_cache_alloc+0x44/0x200
[  630.672710][T23633]  anon_vma_fork+0x1df/0x4e0
[  630.672724][T23633]  copy_mm+0xa3a/0x13e0
[  630.672742][T23633]  ? copy_signal+0x610/0x610
[  630.672758][T23633]  ? __init_rwsem+0xd6/0x1c0
[  630.672797][T23633]  ? copy_signal+0x4e3/0x610
[  630.672814][T23633]  copy_process+0x1149/0x3290
10:01:05 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 38)

[  630.672832][T23633]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  630.672879][T23633]  ? copy_clone_args_from_user+0x774/0x830
[  630.672896][T23633]  kernel_clone+0x21e/0x9e0
[  630.672913][T23633]  ? __delayed_free_task+0x20/0x20
[  630.672927][T23633]  ? vfs_write+0x9ec/0x1110
[  630.672942][T23633]  ? create_io_thread+0x1e0/0x1e0
[  630.672961][T23633]  __x64_sys_clone3+0x376/0x3a0
[  630.672979][T23633]  ? __ia32_sys_clone+0x290/0x290
[  630.672998][T23633]  ? fput+0x1a/0x20
[  630.673015][T23633]  ? debug_smp_processor_id+0x17/0x20
[  630.673032][T23633]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  630.673051][T23633]  ? exit_to_user_mode_prepare+0x39/0xa0
[  630.673074][T23633]  do_syscall_64+0x3d/0xb0
[  630.673088][T23633]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.673109][T23633] RIP: 0033:0x7f19fd5aeda9
[  630.673123][T23633] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  630.673137][T23633] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  630.673156][T23633] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  630.673169][T23633] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  630.673180][T23633] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  630.673190][T23633] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  630.673200][T23633] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  630.673213][T23633]  </TASK>
[  630.719446][T23710] FAULT_INJECTION: forcing a failure.
[  630.719446][T23710] name failslab, interval 1, probability 0, space 0, times 0
[  630.719479][T23710] CPU: 0 PID: 23710 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  630.719504][T23710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  630.719516][T23710] Call Trace:
[  630.719521][T23710]  <TASK>
[  630.719527][T23710]  dump_stack_lvl+0x151/0x1b7
[  630.719551][T23710]  ? io_uring_drop_tctx_refs+0x190/0x190
[  630.719579][T23710]  dump_stack+0x15/0x17
[  630.719594][T23710]  should_fail+0x3c6/0x510
10:01:05 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x332, r1) (async)
keyctl$link(0x3, r0, 0x0)

10:01:05 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1800)

[  630.719613][T23710]  __should_failslab+0xa4/0xe0
[  630.719633][T23710]  ? anon_vma_clone+0x9a/0x500
[  630.719649][T23710]  should_failslab+0x9/0x20
[  630.719665][T23710]  slab_pre_alloc_hook+0x37/0xd0
[  630.719684][T23710]  ? anon_vma_clone+0x9a/0x500
[  630.719698][T23710]  kmem_cache_alloc+0x44/0x200
[  630.719717][T23710]  anon_vma_clone+0x9a/0x500
[  630.719732][T23710]  anon_vma_fork+0x91/0x4e0
[  630.719746][T23710]  ? anon_vma_name+0x4c/0x70
[  630.719764][T23710]  ? vm_area_dup+0x17a/0x230
[  630.719783][T23710]  copy_mm+0xa3a/0x13e0
[  630.719803][T23710]  ? copy_signal+0x610/0x610
[  630.719821][T23710]  ? __init_rwsem+0xd6/0x1c0
[  630.719839][T23710]  ? copy_signal+0x4e3/0x610
[  630.719857][T23710]  copy_process+0x1149/0x3290
[  630.719879][T23710]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  630.719898][T23710]  ? copy_clone_args_from_user+0x774/0x830
[  630.719915][T23710]  kernel_clone+0x21e/0x9e0
[  630.719933][T23710]  ? __delayed_free_task+0x20/0x20
[  630.719948][T23710]  ? vfs_write+0x9ec/0x1110
[  630.719963][T23710]  ? create_io_thread+0x1e0/0x1e0
[  630.719984][T23710]  __x64_sys_clone3+0x376/0x3a0
[  630.720002][T23710]  ? __ia32_sys_clone+0x290/0x290
[  630.720022][T23710]  ? fput+0x1a/0x20
[  630.720039][T23710]  ? debug_smp_processor_id+0x17/0x20
[  630.720057][T23710]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  630.720077][T23710]  ? exit_to_user_mode_prepare+0x39/0xa0
[  630.720096][T23710]  do_syscall_64+0x3d/0xb0
[  630.720112][T23710]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.720132][T23710] RIP: 0033:0x7f19fd5aeda9
[  630.720147][T23710] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  630.720161][T23710] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  630.720181][T23710] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  630.720194][T23710] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  630.720206][T23710] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  630.720218][T23710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  630.720229][T23710] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  630.720243][T23710]  </TASK>
[  630.996115][T23716] FAULT_INJECTION: forcing a failure.
[  630.996115][T23716] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  630.996145][T23716] CPU: 0 PID: 23716 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  630.996166][T23716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  630.996179][T23716] Call Trace:
[  630.996186][T23716]  <TASK>
[  630.996193][T23716]  dump_stack_lvl+0x151/0x1b7
[  630.996218][T23716]  ? io_uring_drop_tctx_refs+0x190/0x190
[  630.996238][T23716]  dump_stack+0x15/0x17
[  630.996254][T23716]  should_fail+0x3c6/0x510
[  630.996273][T23716]  should_fail_alloc_page+0x5a/0x80
[  630.996296][T23716]  prepare_alloc_pages+0x15c/0x700
[  630.996318][T23716]  ? __alloc_pages_bulk+0xe40/0xe40
[  630.996341][T23716]  __alloc_pages+0x18c/0x8f0
[  630.996361][T23716]  ? prep_new_page+0x110/0x110
[  630.996380][T23716]  ? __alloc_pages+0x27e/0x8f0
[  630.996402][T23716]  ? __kasan_check_write+0x14/0x20
[  630.996423][T23716]  ? _raw_spin_lock+0xa4/0x1b0
[  630.996445][T23716]  __pmd_alloc+0xb1/0x550
[  630.996465][T23716]  ? __pud_alloc+0x260/0x260
[  630.996482][T23716]  ? __pud_alloc+0x213/0x260
[  630.996499][T23716]  ? do_handle_mm_fault+0x2330/0x2330
[  630.996516][T23716]  ? __stack_depot_save+0x34/0x470
[  630.996547][T23716]  ? anon_vma_clone+0x9a/0x500
[  630.996567][T23716]  copy_page_range+0x2b3d/0x2f90
[  630.996586][T23716]  ? __kasan_slab_alloc+0xb1/0xe0
[  630.996605][T23716]  ? slab_post_alloc_hook+0x53/0x2c0
[  630.996627][T23716]  ? copy_mm+0xa3a/0x13e0
[  630.996648][T23716]  ? copy_process+0x1149/0x3290
[  630.996668][T23716]  ? kernel_clone+0x21e/0x9e0
[  630.996688][T23716]  ? do_syscall_64+0x3d/0xb0
[  630.996706][T23716]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.996736][T23716]  ? pfn_valid+0x1e0/0x1e0
[  630.996754][T23716]  ? rwsem_write_trylock+0x15b/0x290
[  630.996781][T23716]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  630.996804][T23716]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  630.996828][T23716]  ? __rb_insert_augmented+0x5de/0x610
[  630.996856][T23716]  copy_mm+0xc7e/0x13e0
[  630.996881][T23716]  ? copy_signal+0x610/0x610
[  630.996913][T23716]  ? __init_rwsem+0xd6/0x1c0
[  630.996932][T23716]  ? copy_signal+0x4e3/0x610
[  630.996952][T23716]  copy_process+0x1149/0x3290
[  630.996977][T23716]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  630.996999][T23716]  ? copy_clone_args_from_user+0x774/0x830
[  630.997018][T23716]  kernel_clone+0x21e/0x9e0
[  630.997037][T23716]  ? __delayed_free_task+0x20/0x20
[  630.997055][T23716]  ? vfs_write+0x9ec/0x1110
[  630.997072][T23716]  ? create_io_thread+0x1e0/0x1e0
[  630.997094][T23716]  __x64_sys_clone3+0x376/0x3a0
[  630.997116][T23716]  ? __ia32_sys_clone+0x290/0x290
[  630.997139][T23716]  ? fput+0x1a/0x20
[  630.997158][T23716]  ? debug_smp_processor_id+0x17/0x20
[  630.997177][T23716]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  630.997203][T23716]  ? exit_to_user_mode_prepare+0x39/0xa0
[  630.997225][T23716]  do_syscall_64+0x3d/0xb0
[  630.997260][T23716]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  630.997287][T23716] RIP: 0033:0x7f19fd5aeda9
[  630.997306][T23716] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  630.997324][T23716] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  630.997348][T23716] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:06 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getpeername$tipc(r0, 0x0, 0x0) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000100)={@cgroup=r0, 0x10, 0x1, 0x8, &(0x7f0000000000)=[0x0], 0x1, 0x0, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000080)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000000c0)=[0x0]}, 0x40)

10:01:06 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 39)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x2500)

10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x3f, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r1, 0x5bb, 0x0, 0xfffffffffffffffb)

10:01:06 executing program 1:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0x400900, 0x0)
ioctl$PTP_SYS_OFFSET_PRECISE(r0, 0xc0403d08, &(0x7f0000000140))
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
sendmsg$IPVS_CMD_DEL_DEST(r3, 0x0, 0x0) (async)
ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000180)=0x3) (async)
keyctl$link(0x3, r2, 0x0)

[  630.997365][T23716] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  630.997382][T23716] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  630.997397][T23716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  630.997412][T23716] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  630.997432][T23716]  </TASK>
[  631.572009][T23727] FAULT_INJECTION: forcing a failure.
10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4000)

10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x3f, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r1, 0x5bb, 0x0, 0xfffffffffffffffb)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$negate(0xd, r0, 0x3f, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r1, 0x5bb, 0x0, 0xfffffffffffffffb) (async)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4800)

10:01:06 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 40)

[  631.572009][T23727] name failslab, interval 1, probability 0, space 0, times 0
[  631.591400][T23727] CPU: 0 PID: 23727 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  631.601577][T23727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  631.601597][T23727] Call Trace:
[  631.601604][T23727]  <TASK>
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x3f, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r1, 0x5bb, 0x0, 0xfffffffffffffffb)

10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$clear(0x7, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x541b, 0x0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:06 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 41)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4c00)

10:01:06 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 42)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x500e)

[  631.601613][T23727]  dump_stack_lvl+0x151/0x1b7
[  631.601643][T23727]  ? io_uring_drop_tctx_refs+0x190/0x190
[  631.601667][T23727]  dump_stack+0x15/0x17
[  631.601687][T23727]  should_fail+0x3c6/0x510
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$clear(0x7, r0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x541b, 0x0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6800)

10:01:06 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 43)

[  631.601709][T23727]  __should_failslab+0xa4/0xe0
[  631.601733][T23727]  ? anon_vma_fork+0x1df/0x4e0
[  631.601755][T23727]  should_failslab+0x9/0x20
[  631.601777][T23727]  slab_pre_alloc_hook+0x37/0xd0
[  631.601800][T23727]  ? anon_vma_fork+0x1df/0x4e0
[  631.601818][T23727]  kmem_cache_alloc+0x44/0x200
[  631.601841][T23727]  anon_vma_fork+0x1df/0x4e0
[  631.601863][T23727]  copy_mm+0xa3a/0x13e0
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$clear(0x7, r0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x541b, 0x0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6c00)

10:01:06 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x35}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = getpid()
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000001180)={0x10000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xa}, &(0x7f00000000c0)=""/4096, 0x1000, &(0x7f00000010c0)=""/46, &(0x7f0000001100)=[r1, r0, r0], 0x3, {r2}}, 0x58)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7400)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7a00)

10:01:06 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x35}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r1 = getpid() (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000001180)={0x10000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xa}, &(0x7f00000000c0)=""/4096, 0x1000, &(0x7f00000010c0)=""/46, &(0x7f0000001100)=[r1, r0, r0], 0x3, {r2}}, 0x58)

[  631.601891][T23727]  ? copy_signal+0x610/0x610
[  631.601920][T23727]  ? __init_rwsem+0xd6/0x1c0
[  631.601969][T23727]  ? copy_signal+0x4e3/0x610
[  631.601993][T23727]  copy_process+0x1149/0x3290
[  631.602022][T23727]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  631.602049][T23727]  ? copy_clone_args_from_user+0x774/0x830
[  631.602071][T23727]  kernel_clone+0x21e/0x9e0
[  631.602094][T23727]  ? __delayed_free_task+0x20/0x20
[  631.602114][T23727]  ? vfs_write+0x9ec/0x1110
[  631.602134][T23727]  ? create_io_thread+0x1e0/0x1e0
[  631.602160][T23727]  __x64_sys_clone3+0x376/0x3a0
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0)

10:01:06 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x35}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = getpid()
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000001180)={0x10000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xa}, &(0x7f00000000c0)=""/4096, 0x1000, &(0x7f00000010c0)=""/46, &(0x7f0000001100)=[r1, r0, r0], 0x3, {r2}}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x35}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
getpid() (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001140)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async)
syz_clone3(&(0x7f0000001180)={0x10000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0xa}, &(0x7f00000000c0)=""/4096, 0x1000, &(0x7f00000010c0)=""/46, &(0x7f0000001100)=[r1, r0, r0], 0x3, {r2}}, 0x58) (async)

10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) (async)

[  631.602185][T23727]  ? __ia32_sys_clone+0x290/0x290
[  631.602212][T23727]  ? fput+0x1a/0x20
[  631.602235][T23727]  ? debug_smp_processor_id+0x17/0x20
[  631.602258][T23727]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  631.602285][T23727]  ? exit_to_user_mode_prepare+0x39/0xa0
[  631.602309][T23727]  do_syscall_64+0x3d/0xb0
[  631.602330][T23727]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  631.602357][T23727] RIP: 0033:0x7f19fd5aeda9
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0)

10:01:06 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000042c0)={0x54080800, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280), 0x0, {r0}}, 0x58)
r1 = socket$bt_rfcomm(0x1f, 0x3, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x1000000}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x20, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x20}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="ec00000061359fcc9c8477273c39355555070787d22939e8d3777a6fb637d5f9ca81fb19f5aea828188d03db3ff5c331492e0200723bf8bc06", @ANYRES16=r4, @ANYBLOB="20002bbd7000fddbdf254400000008000300", @ANYRES32=r6, @ANYBLOB="0400cc0008009f00020000000800220178010000040008010a001800030303030303000024007000040005000500060000000000050006000000000004000700050002000000000008006b00010400004400238008001400f6ffffff0500080082000000080015001f00000006000d001e06000005000f007f000000060004006800000008000900f60c000006001b0008000000340023800500060044000000080017000400000008001c0007000000060010000000000008001400c6ffffff06000300d600000008000c0064000000"], 0xec}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x7d8, 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x80, &(0x7f00000000c0)=0xff, 0x4)
r8 = syz_open_dev$rtc(&(0x7f00000001c0), 0x401, 0x0)
ioctl$RTC_UIE_OFF(r8, 0x7004)

[  631.602377][T23727] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  631.602397][T23727] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  631.602422][T23727] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  631.602439][T23727] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  631.602455][T23727] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  631.602478][T23727] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdf4bf3e0de101a34438420ddf29e58f9348353757dc7312cc45835b40f315e12a18b6cf8f58f1133cb041a003fe6001700", 0x1}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8000000065fcbecca668272af0362cdcb27e0820f7c2ef37dab603b87ea6f60c1398f2cda7022f0892b2ec9fc9f9d0700b6859f554eaf55bde78ffb79a9618c39212282e83c1c23d248923cec654dfe8b7869846ad45db57d46cb931a5da3e0506a958d1724fb5f03ef8899a2ee0aae181f69f3cccbaad6111937fc101e7ced7f4b6388af3ce18a208a2b85c5b362d24f36743b662f284ed20ba124efb6e19b775867ddd2838b2778a971d93677a87718a60d66a56302719066dd75fd79340808aa42669dfbc34acf52168e39d44efa32cecf8524252d20cdd8b282dc5146ae40fb5abdfefb5ee7996d95013aa3f80fb1f908a542c034c76663290a7e665f26e7f00d04874ec34ff28036542983b7a8bb1e8f8b66dc1946a797aca4331338a946bc4a65400203b85a9169370b7a590a5a5a9035e891a1d3d343e2991354809fe6ea8feafa5fc9e3d96a6e762e55d932c096517d2e419d603c307a131adaba2ff0bc0b5ab55dd26c149ee71a6dbd051cbea52000000000000000000", @ANYRES16=r3, @ANYBLOB="000126bd7000fedbdf25350000000c00990004000000000000000a0034000202020202020000050020014b0000000a00060008021100000000000600fd00050000000600fd000020000005002001190000000a003400010101010101000008001f010100000014005500e7e9aeab5943c85b1107ec1f94c99970"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x20008010)
keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000400)='\x00')
add_key$keyring(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, r2)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x30000)

10:01:06 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000042c0)={0x54080800, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280), 0x0, {r0}}, 0x58)
r1 = socket$bt_rfcomm(0x1f, 0x3, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x1000000}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x20, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x20}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="ec00000061359fcc9c8477273c39355555070787d22939e8d3777a6fb637d5f9ca81fb19f5aea828188d03db3ff5c331492e0200723bf8bc06", @ANYRES16=r4, @ANYBLOB="20002bbd7000fddbdf254400000008000300", @ANYRES32=r6, @ANYBLOB="0400cc0008009f00020000000800220178010000040008010a001800030303030303000024007000040005000500060000000000050006000000000004000700050002000000000008006b00010400004400238008001400f6ffffff0500080082000000080015001f00000006000d001e06000005000f007f000000060004006800000008000900f60c000006001b0008000000340023800500060044000000080017000400000008001c0007000000060010000000000008001400c6ffffff06000300d600000008000c0064000000"], 0xec}, 0x1, 0x0, 0x0, 0x20000000}, 0x4) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="ec00000061359fcc9c8477273c39355555070787d22939e8d3777a6fb637d5f9ca81fb19f5aea828188d03db3ff5c331492e0200723bf8bc06", @ANYRES16=r4, @ANYBLOB="20002bbd7000fddbdf254400000008000300", @ANYRES32=r6, @ANYBLOB="0400cc0008009f00020000000800220178010000040008010a001800030303030303000024007000040005000500060000000000050006000000000004000700050002000000000008006b00010400004400238008001400f6ffffff0500080082000000080015001f00000006000d001e06000005000f007f000000060004006800000008000900f60c000006001b0008000000340023800500060044000000080017000400000008001c0007000000060010000000000008001400c6ffffff06000300d600000008000c0064000000"], 0xec}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x7d8, 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x80, &(0x7f00000000c0)=0xff, 0x4)
r8 = syz_open_dev$rtc(&(0x7f00000001c0), 0x401, 0x0)
ioctl$RTC_UIE_OFF(r8, 0x7004)

[  631.602493][T23727] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  631.602512][T23727]  </TASK>
[  631.638114][T23747] FAULT_INJECTION: forcing a failure.
[  631.638114][T23747] name failslab, interval 1, probability 0, space 0, times 0
[  631.638146][T23747] CPU: 0 PID: 23747 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  631.638174][T23747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  631.638187][T23747] Call Trace:
[  631.638196][T23747]  <TASK>
10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x38000)

10:01:06 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000042c0)={0x54080800, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280), 0x0, {r0}}, 0x58)
socket$bt_rfcomm(0x1f, 0x3, 0x3) (async)
r1 = socket$bt_rfcomm(0x1f, 0x3, 0x3)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000007c0)={0x0}, 0x1, 0x0, 0x1000000}, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r5=>0x0})
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x20, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x20}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x20, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x4}]}, 0x20}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000002c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="ec00000061359fcc9c8477273c39355555070787d22939e8d3777a6fb637d5f9ca81fb19f5aea828188d03db3ff5c331492e0200723bf8bc06", @ANYRES16=r4, @ANYBLOB="20002bbd7000fddbdf254400000008000300", @ANYRES32=r6, @ANYBLOB="0400cc0008009f00020000000800220178010000040008010a001800030303030303000024007000040005000500060000000000050006000000000004000700050002000000000008006b00010400004400238008001400f6ffffff0500080082000000080015001f00000006000d001e06000005000f007f000000060004006800000008000900f60c000006001b0008000000340023800500060044000000080017000400000008001c0007000000060010000000000008001400c6ffffff06000300d600000008000c0064000000"], 0xec}, 0x1, 0x0, 0x0, 0x20000000}, 0x4)
setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000000)=0x7d8, 0x4)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r7, 0x10f, 0x80, &(0x7f00000000c0)=0xff, 0x4)
syz_open_dev$rtc(&(0x7f00000001c0), 0x401, 0x0) (async)
r8 = syz_open_dev$rtc(&(0x7f00000001c0), 0x401, 0x0)
ioctl$RTC_UIE_OFF(r8, 0x7004)

[  631.638204][T23747]  dump_stack_lvl+0x151/0x1b7
[  631.638232][T23747]  ? io_uring_drop_tctx_refs+0x190/0x190
[  631.638257][T23747]  dump_stack+0x15/0x17
[  631.638277][T23747]  should_fail+0x3c6/0x510
[  631.638300][T23747]  __should_failslab+0xa4/0xe0
[  631.638325][T23747]  ? vm_area_dup+0x26/0x230
[  631.638350][T23747]  should_failslab+0x9/0x20
[  631.638372][T23747]  slab_pre_alloc_hook+0x37/0xd0
[  631.638397][T23747]  ? vm_area_dup+0x26/0x230
[  631.638419][T23747]  kmem_cache_alloc+0x44/0x200
[  631.638444][T23747]  vm_area_dup+0x26/0x230
[  631.638466][T23747]  copy_mm+0x9a1/0x13e0
10:01:06 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdf4bf3e0de101a34438420ddf29e58f9348353757dc7312cc45835b40f315e12a18b6cf8f58f1133cb041a003fe6001700", 0x1}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8000000065fcbecca668272af0362cdcb27e0820f7c2ef37dab603b87ea6f60c1398f2cda7022f0892b2ec9fc9f9d0700b6859f554eaf55bde78ffb79a9618c39212282e83c1c23d248923cec654dfe8b7869846ad45db57d46cb931a5da3e0506a958d1724fb5f03ef8899a2ee0aae181f69f3cccbaad6111937fc101e7ced7f4b6388af3ce18a208a2b85c5b362d24f36743b662f284ed20ba124efb6e19b775867ddd2838b2778a971d93677a87718a60d66a56302719066dd75fd79340808aa42669dfbc34acf52168e39d44efa32cecf8524252d20cdd8b282dc5146ae40fb5abdfefb5ee7996d95013aa3f80fb1f908a542c034c76663290a7e665f26e7f00d04874ec34ff28036542983b7a8bb1e8f8b66dc1946a797aca4331338a946bc4a65400203b85a9169370b7a590a5a5a9035e891a1d3d343e2991354809fe6ea8feafa5fc9e3d96a6e762e55d932c096517d2e419d603c307a131adaba2ff0bc0b5ab55dd26c149ee71a6dbd051cbea52000000000000000000", @ANYRES16=r3, @ANYBLOB="000126bd7000fedbdf25350000000c00990004000000000000000a0034000202020202020000050020014b0000000a00060008021100000000000600fd00050000000600fd000020000005002001190000000a003400010101010101000008001f010100000014005500e7e9aeab5943c85b1107ec1f94c99970"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x20008010)
keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000400)='\x00') (async)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, r2)

10:01:06 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x800300)

[  631.638493][T23747]  ? copy_signal+0x610/0x610
[  631.638516][T23747]  ? __init_rwsem+0xd6/0x1c0
[  631.638538][T23747]  ? copy_signal+0x4e3/0x610
[  631.638564][T23747]  copy_process+0x1149/0x3290
[  631.638592][T23747]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  631.638617][T23747]  ? copy_clone_args_from_user+0x774/0x830
[  631.638638][T23747]  kernel_clone+0x21e/0x9e0
[  631.638662][T23747]  ? __delayed_free_task+0x20/0x20
[  631.638682][T23747]  ? vfs_write+0x9ec/0x1110
[  631.638702][T23747]  ? create_io_thread+0x1e0/0x1e0
[  631.638730][T23747]  __x64_sys_clone3+0x376/0x3a0
[  631.638756][T23747]  ? __ia32_sys_clone+0x290/0x290
[  631.638782][T23747]  ? fput+0x1a/0x20
[  631.638805][T23747]  ? debug_smp_processor_id+0x17/0x20
[  631.638829][T23747]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  631.638856][T23747]  ? exit_to_user_mode_prepare+0x39/0xa0
[  631.638880][T23747]  do_syscall_64+0x3d/0xb0
[  631.638901][T23747]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  631.638928][T23747] RIP: 0033:0x7f19fd5aeda9
[  631.638946][T23747] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  631.638977][T23747] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  631.639005][T23747] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  631.639025][T23747] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  631.639053][T23747] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  631.639077][T23747] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  631.639091][T23747] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  631.639108][T23747]  </TASK>
[  631.663117][T23757] FAULT_INJECTION: forcing a failure.
[  631.663117][T23757] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  631.663147][T23757] CPU: 1 PID: 23757 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  631.663169][T23757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  631.663181][T23757] Call Trace:
[  631.663187][T23757]  <TASK>
[  631.663194][T23757]  dump_stack_lvl+0x151/0x1b7
[  631.663218][T23757]  ? io_uring_drop_tctx_refs+0x190/0x190
[  631.663238][T23757]  dump_stack+0x15/0x17
[  631.663254][T23757]  should_fail+0x3c6/0x510
[  631.663274][T23757]  should_fail_alloc_page+0x5a/0x80
[  631.663296][T23757]  prepare_alloc_pages+0x15c/0x700
[  631.663318][T23757]  ? __alloc_pages_bulk+0xe40/0xe40
[  631.663339][T23757]  __alloc_pages+0x18c/0x8f0
[  631.663359][T23757]  ? prep_new_page+0x110/0x110
[  631.663377][T23757]  ? __alloc_pages+0x27e/0x8f0
[  631.663397][T23757]  ? __kasan_check_write+0x14/0x20
[  631.663416][T23757]  ? _raw_spin_lock+0xa4/0x1b0
[  631.663437][T23757]  __pmd_alloc+0xb1/0x550
[  631.663456][T23757]  ? __pud_alloc+0x260/0x260
[  631.663484][T23757]  ? __pud_alloc+0x213/0x260
[  631.663505][T23757]  ? do_handle_mm_fault+0x2330/0x2330
[  631.663526][T23757]  ? __stack_depot_save+0x34/0x470
[  631.663550][T23757]  ? anon_vma_clone+0x9a/0x500
[  631.663572][T23757]  copy_page_range+0x2b3d/0x2f90
[  631.663597][T23757]  ? __kasan_slab_alloc+0xb1/0xe0
[  631.663617][T23757]  ? slab_post_alloc_hook+0x53/0x2c0
[  631.663643][T23757]  ? copy_mm+0xa3a/0x13e0
[  631.663666][T23757]  ? copy_process+0x1149/0x3290
[  631.663689][T23757]  ? kernel_clone+0x21e/0x9e0
[  631.663710][T23757]  ? do_syscall_64+0x3d/0xb0
[  631.663730][T23757]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  631.663765][T23757]  ? pfn_valid+0x1e0/0x1e0
[  631.663796][T23757]  ? rwsem_write_trylock+0x15b/0x290
[  631.663825][T23757]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  631.663853][T23757]  copy_mm+0xc7e/0x13e0
[  631.663878][T23757]  ? copy_signal+0x610/0x610
[  631.663902][T23757]  ? __init_rwsem+0xd6/0x1c0
[  631.663924][T23757]  ? copy_signal+0x4e3/0x610
[  631.663947][T23757]  copy_process+0x1149/0x3290
[  631.663975][T23757]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  631.663999][T23757]  ? copy_clone_args_from_user+0x774/0x830
[  631.664020][T23757]  kernel_clone+0x21e/0x9e0
[  631.664043][T23757]  ? __delayed_free_task+0x20/0x20
[  631.664062][T23757]  ? vfs_write+0x9ec/0x1110
[  631.664081][T23757]  ? create_io_thread+0x1e0/0x1e0
[  631.664107][T23757]  __x64_sys_clone3+0x376/0x3a0
[  631.664131][T23757]  ? __ia32_sys_clone+0x290/0x290
[  631.664156][T23757]  ? fput+0x1a/0x20
[  631.664178][T23757]  ? debug_smp_processor_id+0x17/0x20
[  631.664200][T23757]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  631.664225][T23757]  ? exit_to_user_mode_prepare+0x39/0xa0
[  631.664248][T23757]  do_syscall_64+0x3d/0xb0
[  631.664268][T23757]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  631.664293][T23757] RIP: 0033:0x7f19fd5aeda9
[  631.664311][T23757] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  631.664330][T23757] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  631.664354][T23757] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  631.664371][T23757] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  631.664386][T23757] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  631.664401][T23757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  631.664415][T23757] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  631.664435][T23757]  </TASK>
[  631.682708][T23762] FAULT_INJECTION: forcing a failure.
[  631.682708][T23762] name failslab, interval 1, probability 0, space 0, times 0
[  631.682741][T23762] CPU: 1 PID: 23762 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  631.682768][T23762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  631.682782][T23762] Call Trace:
[  631.682788][T23762]  <TASK>
[  631.682797][T23762]  dump_stack_lvl+0x151/0x1b7
[  631.682825][T23762]  ? io_uring_drop_tctx_refs+0x190/0x190
[  631.682850][T23762]  dump_stack+0x15/0x17
[  631.682869][T23762]  should_fail+0x3c6/0x510
[  631.682892][T23762]  __should_failslab+0xa4/0xe0
[  631.682916][T23762]  ? vm_area_dup+0x26/0x230
[  631.682939][T23762]  should_failslab+0x9/0x20
[  631.682960][T23762]  slab_pre_alloc_hook+0x37/0xd0
[  631.682984][T23762]  ? vm_area_dup+0x26/0x230
[  631.683006][T23762]  kmem_cache_alloc+0x44/0x200
[  631.683030][T23762]  vm_area_dup+0x26/0x230
[  631.683052][T23762]  copy_mm+0x9a1/0x13e0
[  631.683080][T23762]  ? copy_signal+0x610/0x610
[  631.683103][T23762]  ? __init_rwsem+0xd6/0x1c0
[  631.683125][T23762]  ? copy_signal+0x4e3/0x610
[  631.683150][T23762]  copy_process+0x1149/0x3290
[  631.683178][T23762]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  631.683203][T23762]  ? copy_clone_args_from_user+0x774/0x830
[  631.683226][T23762]  kernel_clone+0x21e/0x9e0
[  631.683249][T23762]  ? __delayed_free_task+0x20/0x20
[  631.683269][T23762]  ? vfs_write+0x9ec/0x1110
[  631.683291][T23762]  ? create_io_thread+0x1e0/0x1e0
[  631.683317][T23762]  __x64_sys_clone3+0x376/0x3a0
[  631.683341][T23762]  ? __ia32_sys_clone+0x290/0x290
[  631.683367][T23762]  ? fput+0x1a/0x20
[  631.683389][T23762]  ? debug_smp_processor_id+0x17/0x20
[  631.683412][T23762]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  631.683437][T23762]  ? exit_to_user_mode_prepare+0x39/0xa0
[  631.683469][T23762]  do_syscall_64+0x3d/0xb0
[  631.683491][T23762]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  631.683518][T23762] RIP: 0033:0x7f19fd5aeda9
[  631.683537][T23762] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  631.683557][T23762] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  631.683582][T23762] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  631.683599][T23762] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  631.683616][T23762] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  631.683631][T23762] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  631.683645][T23762] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  631.683664][T23762]  </TASK>
[  631.712876][T23770] FAULT_INJECTION: forcing a failure.
[  631.712876][T23770] name failslab, interval 1, probability 0, space 0, times 0
[  631.904608][T23804] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  631.907834][T23770] CPU: 0 PID: 23770 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  631.947318][T23809] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  631.950293][T23770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  631.950310][T23770] Call Trace:
[  631.950318][T23770]  <TASK>
[  631.950327][T23770]  dump_stack_lvl+0x151/0x1b7
[  632.005447][T23816] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  632.008189][T23770]  ? io_uring_drop_tctx_refs+0x190/0x190
[  632.008225][T23770]  dump_stack+0x15/0x17
[  632.014018][T23817] netlink: 'syz-executor.2': attribute type 3 has an invalid length.
[  632.018168][T23770]  should_fail+0x3c6/0x510
[  632.018197][T23770]  __should_failslab+0xa4/0xe0
[  632.832746][T23770]  ? anon_vma_fork+0xf7/0x4e0
[  632.832775][T23770]  should_failslab+0x9/0x20
[  632.832793][T23770]  slab_pre_alloc_hook+0x37/0xd0
[  632.832813][T23770]  ? anon_vma_fork+0xf7/0x4e0
[  632.832828][T23770]  kmem_cache_alloc+0x44/0x200
[  632.832847][T23770]  anon_vma_fork+0xf7/0x4e0
[  632.832862][T23770]  ? anon_vma_name+0x4c/0x70
[  632.832877][T23770]  ? vm_area_dup+0x17a/0x230
[  632.832902][T23770]  copy_mm+0xa3a/0x13e0
[  632.832924][T23770]  ? copy_signal+0x610/0x610
[  632.832943][T23770]  ? __init_rwsem+0xd6/0x1c0
[  632.832962][T23770]  ? copy_signal+0x4e3/0x610
[  632.832981][T23770]  copy_process+0x1149/0x3290
[  632.833003][T23770]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  632.833023][T23770]  ? copy_clone_args_from_user+0x774/0x830
[  632.833041][T23770]  kernel_clone+0x21e/0x9e0
[  632.833059][T23770]  ? __delayed_free_task+0x20/0x20
[  632.833076][T23770]  ? vfs_write+0x9ec/0x1110
[  632.833092][T23770]  ? create_io_thread+0x1e0/0x1e0
[  632.833113][T23770]  __x64_sys_clone3+0x376/0x3a0
[  632.833133][T23770]  ? __ia32_sys_clone+0x290/0x290
[  632.833155][T23770]  ? fput+0x1a/0x20
[  632.833172][T23770]  ? debug_smp_processor_id+0x17/0x20
[  632.833192][T23770]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  632.833213][T23770]  ? exit_to_user_mode_prepare+0x39/0xa0
[  632.833233][T23770]  do_syscall_64+0x3d/0xb0
[  632.833249][T23770]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  632.833271][T23770] RIP: 0033:0x7f19fd5aeda9
[  632.833288][T23770] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
keyctl$link(0x3, r1, 0x0)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdf4bf3e0de101a34438420ddf29e58f9348353757dc7312cc45835b40f315e12a18b6cf8f58f1133cb041a003fe6001700", 0x1}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8000000065fcbecca668272af0362cdcb27e0820f7c2ef37dab603b87ea6f60c1398f2cda7022f0892b2ec9fc9f9d0700b6859f554eaf55bde78ffb79a9618c39212282e83c1c23d248923cec654dfe8b7869846ad45db57d46cb931a5da3e0506a958d1724fb5f03ef8899a2ee0aae181f69f3cccbaad6111937fc101e7ced7f4b6388af3ce18a208a2b85c5b362d24f36743b662f284ed20ba124efb6e19b775867ddd2838b2778a971d93677a87718a60d66a56302719066dd75fd79340808aa42669dfbc34acf52168e39d44efa32cecf8524252d20cdd8b282dc5146ae40fb5abdfefb5ee7996d95013aa3f80fb1f908a542c034c76663290a7e665f26e7f00d04874ec34ff28036542983b7a8bb1e8f8b66dc1946a797aca4331338a946bc4a65400203b85a9169370b7a590a5a5a9035e891a1d3d343e2991354809fe6ea8feafa5fc9e3d96a6e762e55d932c096517d2e419d603c307a131adaba2ff0bc0b5ab55dd26c149ee71a6dbd051cbea52000000000000000000", @ANYRES16=r3, @ANYBLOB="000126bd7000fedbdf25350000000c00990004000000000000000a0034000202020202020000050020014b0000000a00060008021100000000000600fd00050000000600fd000020000005002001190000000a003400010101010101000008001f010100000014005500e7e9aeab5943c85b1107ec1f94c99970"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x20008010)
keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000400)='\x00')
add_key$keyring(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, r2)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdf4bf3e0de101a34438420ddf29e58f9348353757dc7312cc45835b40f315e12a18b6cf8f58f1133cb041a003fe6001700", 0x1}, 0x48, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1) (async)
keyctl$clear(0x7, r2) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_DEL_PMKSA(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000380)={&(0x7f00000005c0)=ANY=[@ANYBLOB="8000000065fcbecca668272af0362cdcb27e0820f7c2ef37dab603b87ea6f60c1398f2cda7022f0892b2ec9fc9f9d0700b6859f554eaf55bde78ffb79a9618c39212282e83c1c23d248923cec654dfe8b7869846ad45db57d46cb931a5da3e0506a958d1724fb5f03ef8899a2ee0aae181f69f3cccbaad6111937fc101e7ced7f4b6388af3ce18a208a2b85c5b362d24f36743b662f284ed20ba124efb6e19b775867ddd2838b2778a971d93677a87718a60d66a56302719066dd75fd79340808aa42669dfbc34acf52168e39d44efa32cecf8524252d20cdd8b282dc5146ae40fb5abdfefb5ee7996d95013aa3f80fb1f908a542c034c76663290a7e665f26e7f00d04874ec34ff28036542983b7a8bb1e8f8b66dc1946a797aca4331338a946bc4a65400203b85a9169370b7a590a5a5a9035e891a1d3d343e2991354809fe6ea8feafa5fc9e3d96a6e762e55d932c096517d2e419d603c307a131adaba2ff0bc0b5ab55dd26c149ee71a6dbd051cbea52000000000000000000", @ANYRES16=r3, @ANYBLOB="000126bd7000fedbdf25350000000c00990004000000000000000a0034000202020202020000050020014b0000000a00060008021100000000000600fd00050000000600fd000020000005002001190000000a003400010101010101000008001f010100000014005500e7e9aeab5943c85b1107ec1f94c99970"], 0x80}, 0x1, 0x0, 0x0, 0x8000}, 0x20008010) (async)
keyctl$restrict_keyring(0x1d, r0, 0x0, &(0x7f0000000400)='\x00') (async)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, r2) (async)

10:01:08 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 44)

10:01:08 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1000000)

[  632.833304][T23770] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  632.833325][T23770] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  632.833339][T23770] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  632.833351][T23770] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  632.833363][T23770] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  632.833374][T23770] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  632.833391][T23770]  </TASK>
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x2000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$link(0x3, r1, 0x0)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$RTC_PIE_ON(r2, 0x7005)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) (async)
ioctl$RTC_PIE_ON(r2, 0x7005) (async)
keyctl$link(0x3, r1, 0x0) (async)

[  633.070890][T23837] FAULT_INJECTION: forcing a failure.
[  633.070890][T23837] name failslab, interval 1, probability 0, space 0, times 0
[  633.090047][T23837] CPU: 0 PID: 23837 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  633.100307][T23837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  633.110202][T23837] Call Trace:
[  633.113324][T23837]  <TASK>
[  633.116112][T23837]  dump_stack_lvl+0x151/0x1b7
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x3000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r1, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x10}, 0x10}}, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4000000)

10:01:08 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r1, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x10}, 0x10}}, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)

[  633.120615][T23837]  ? io_uring_drop_tctx_refs+0x190/0x190
[  633.126173][T23837]  dump_stack+0x15/0x17
[  633.130159][T23837]  should_fail+0x3c6/0x510
[  633.134418][T23837]  __should_failslab+0xa4/0xe0
[  633.139014][T23837]  ? vm_area_dup+0x26/0x230
[  633.143356][T23837]  should_failslab+0x9/0x20
[  633.147690][T23837]  slab_pre_alloc_hook+0x37/0xd0
[  633.152469][T23837]  ? vm_area_dup+0x26/0x230
[  633.156808][T23837]  kmem_cache_alloc+0x44/0x200
[  633.161411][T23837]  vm_area_dup+0x26/0x230
[  633.165575][T23837]  copy_mm+0x9a1/0x13e0
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x5000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r1, &(0x7f0000000380)={&(0x7f0000000240), 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x10}, 0x10}}, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6000000)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$link(0x3, r0, 0x0)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, 0xfffffffffffffffd, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0x9, 0x2, r2)

[  633.169567][T23837]  ? copy_signal+0x610/0x610
[  633.173991][T23837]  ? __init_rwsem+0xd6/0x1c0
[  633.178419][T23837]  ? copy_signal+0x4e3/0x610
[  633.182845][T23837]  copy_process+0x1149/0x3290
[  633.187365][T23837]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  633.192390][T23837]  ? copy_clone_args_from_user+0x774/0x830
[  633.198120][T23837]  kernel_clone+0x21e/0x9e0
[  633.202456][T23837]  ? __delayed_free_task+0x20/0x20
[  633.207404][T23837]  ? vfs_write+0x9ec/0x1110
[  633.211747][T23837]  ? create_io_thread+0x1e0/0x1e0
[  633.216612][T23837]  __x64_sys_clone3+0x376/0x3a0
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x8000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$link(0x3, r0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xffffffffffffffff) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, 0xfffffffffffffffd, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0x9, 0x2, r2) (async)
keyctl$reject(0x13, r1, 0x9, 0x2, r2)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x9000000)

10:01:08 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$link(0x3, r0, 0x0)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc1}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xffffffffffffffff)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, 0xfffffffffffffffd, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0x9, 0x2, r2)

[  633.221382][T23837]  ? __ia32_sys_clone+0x290/0x290
[  633.226241][T23837]  ? fput+0x1a/0x20
[  633.229887][T23837]  ? debug_smp_processor_id+0x17/0x20
[  633.235092][T23837]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  633.240995][T23837]  ? exit_to_user_mode_prepare+0x39/0xa0
[  633.246462][T23837]  do_syscall_64+0x3d/0xb0
[  633.250715][T23837]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  633.256445][T23837] RIP: 0033:0x7f19fd5aeda9
10:01:08 executing program 1:
socketpair(0x1f, 0x3, 0x1, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)=ANY=[@ANYBLOB="737980746e904f081700000000150000", @ANYRES32=<r10=>0x0, @ANYBLOB="000100800000000400000800422c00480068000008049078e0000001e0000001441cf4b3ac1414aa000000400a01010100000e26ac1414bb00000003831712ffffffffac1e010164010100ac1414bbac1414aa00"]})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f0000002400)=ANY=[@ANYBLOB='x\t\x00\x00', @ANYRES16=0x0, @ANYBLOB="000829bd7000ffdbdf25010000000800010071123355d97ea6a66a87586f700cef152b0b867b458bc3032c25e60246b3eeafc6afc7875efbc077637f0917601828f1834b171e6e804f", @ANYRES32=0x0, @ANYBLOB="e4010280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000400000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r3, @ANYBLOB="3c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000800000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004009901000008000100", @ANYRES32=0x0, @ANYBLOB="e80102803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b000000140004000100070800020000ff000881d700000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400400000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000800000008000600", @ANYRES32=0x0, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000005000300050000000900040068617368000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="7c00028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000200000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000800000008000600", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0400028008000100", @ANYRES32=0x0, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000005000300030000000800040003000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="3402028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000180000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r13, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r16, @ANYBLOB="080007000000000044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000008000100", @ANYRES32=r17, @ANYBLOB="b000028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400b500000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400ba0000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r18, @ANYBLOB="08000100", @ANYRES32=r19, @ANYBLOB="4001028038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400ff0f000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000500000008000600", @ANYRES32=r20, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040007000000080007000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400000000004c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e6700000000"], 0x978}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r21=>0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xc3, &(0x7f0000000280)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xd6, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200014}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x54, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x83}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r14}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r21}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x1)
r22 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r23 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r22)
keyctl$link(0x3, r23, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xa000000)

[  633.260700][T23837] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  633.280145][T23837] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  633.288388][T23837] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  633.296198][T23837] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  633.304018][T23837] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:08 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
keyctl$link(0x8, r0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r0)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$KEYCTL_MOVE(0x1e, r0, r3, r4, 0x1)
keyctl$search(0xa, r2, &(0x7f0000000180)='cifs.spnego\x00', &(0x7f00000001c0)={'syz', 0x0}, r0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xb000000)

10:01:08 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 45)

[  633.308390][T23883] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=23883 comm=syz-executor.1
[  633.311812][T23837] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  633.311831][T23837] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  633.311851][T23837]  </TASK>
[  633.325973][T23883] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=23883 comm=syz-executor.1
10:01:08 executing program 3:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
getuid() (async)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
keyctl$link(0x8, r0, r0) (async)
keyctl$link(0x8, r0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r0)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$KEYCTL_MOVE(0x1e, r0, r3, r4, 0x1)
keyctl$search(0xa, r2, &(0x7f0000000180)='cifs.spnego\x00', &(0x7f00000001c0)={'syz', 0x0}, r0)

10:01:08 executing program 1:
socketpair(0x1f, 0x3, 0x1, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)=ANY=[@ANYBLOB="737980746e904f081700000000150000", @ANYRES32=<r10=>0x0, @ANYBLOB="000100800000000400000800422c00480068000008049078e0000001e0000001441cf4b3ac1414aa000000400a01010100000e26ac1414bb00000003831712ffffffffac1e010164010100ac1414bbac1414aa00"]})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f0000002400)=ANY=[@ANYBLOB='x\t\x00\x00', @ANYRES16=0x0, @ANYBLOB="000829bd7000ffdbdf25010000000800010071123355d97ea6a66a87586f700cef152b0b867b458bc3032c25e60246b3eeafc6afc7875efbc077637f0917601828f1834b171e6e804f", @ANYRES32=0x0, @ANYBLOB="e4010280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000400000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r3, @ANYBLOB="3c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000800000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004009901000008000100", @ANYRES32=0x0, @ANYBLOB="e80102803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b000000140004000100070800020000ff000881d700000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400400000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000800000008000600", @ANYRES32=0x0, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000005000300050000000900040068617368000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="7c00028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000200000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000800000008000600", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0400028008000100", @ANYRES32=0x0, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000005000300030000000800040003000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="3402028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000180000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r13, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r16, @ANYBLOB="080007000000000044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000008000100", @ANYRES32=r17, @ANYBLOB="b000028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400b500000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400ba0000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r18, @ANYBLOB="08000100", @ANYRES32=r19, @ANYBLOB="4001028038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400ff0f000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000500000008000600", @ANYRES32=r20, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040007000000080007000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400000000004c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e6700000000"], 0x978}}, 0x0) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r21=>0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xc3, &(0x7f0000000280)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xd6, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200014}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x54, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x83}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r14}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r21}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x1) (async)
r22 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r23 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r22)
keyctl$link(0x3, r23, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xc000000)

10:01:08 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80400, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

[  633.385550][T23892] FAULT_INJECTION: forcing a failure.
[  633.385550][T23892] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  633.401929][T23892] CPU: 0 PID: 23892 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  633.412114][T23892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  633.416725][T23897] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=23897 comm=syz-executor.1
10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0) (async)
keyctl$link(0x8, r0, r0) (async)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000080)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r0) (async)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$KEYCTL_MOVE(0x1e, r0, r3, r4, 0x1) (async)
keyctl$search(0xa, r2, &(0x7f0000000180)='cifs.spnego\x00', &(0x7f00000001c0)={'syz', 0x0}, r0)

10:01:08 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4020940d, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40010)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "3d5982e46bbeec464f6ef1c27394d2667b20f55317f38c729d89efe8689a017caaffc59b963f502eab162c1b10118c10ac87074230e363ac63c944a6bdd0d899", 0x18}, 0x48, r0)
keyctl$reject(0x13, r0, 0x1, 0x3ea, r1)
keyctl$link(0x3, r0, 0x0)

[  633.422002][T23892] Call Trace:
[  633.422011][T23892]  <TASK>
[  633.422020][T23892]  dump_stack_lvl+0x151/0x1b7
[  633.445182][T23892]  ? io_uring_drop_tctx_refs+0x190/0x190
[  633.450653][T23892]  dump_stack+0x15/0x17
[  633.454646][T23892]  should_fail+0x3c6/0x510
[  633.458891][T23892]  should_fail_alloc_page+0x5a/0x80
[  633.463932][T23892]  prepare_alloc_pages+0x15c/0x700
[  633.468974][T23892]  ? __alloc_pages_bulk+0xe40/0xe40
[  633.474011][T23892]  __alloc_pages+0x18c/0x8f0
[  633.478431][T23892]  ? prep_new_page+0x110/0x110
10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "3d5982e46bbeec464f6ef1c27394d2667b20f55317f38c729d89efe8689a017caaffc59b963f502eab162c1b10118c10ac87074230e363ac63c944a6bdd0d899", 0x18}, 0x48, r0)
keyctl$reject(0x13, r0, 0x1, 0x3ea, r1) (async)
keyctl$link(0x3, r0, 0x0)

10:01:08 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4020940d, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40010)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "3d5982e46bbeec464f6ef1c27394d2667b20f55317f38c729d89efe8689a017caaffc59b963f502eab162c1b10118c10ac87074230e363ac63c944a6bdd0d899", 0x18}, 0x48, r0)
keyctl$reject(0x13, r0, 0x1, 0x3ea, r1) (async)
keyctl$link(0x3, r0, 0x0)

[  633.483038][T23892]  get_zeroed_page+0x1b/0x40
[  633.487551][T23892]  __pud_alloc+0x8b/0x260
[  633.492412][T23892]  ? stack_trace_snprint+0xf0/0xf0
[  633.497453][T23892]  ? do_handle_mm_fault+0x2330/0x2330
[  633.502659][T23892]  ? __stack_depot_save+0x34/0x470
[  633.507612][T23892]  ? anon_vma_clone+0x9a/0x500
[  633.512219][T23892]  copy_page_range+0x2bcf/0x2f90
[  633.516981][T23892]  ? __kasan_slab_alloc+0xb1/0xe0
[  633.521840][T23892]  ? slab_post_alloc_hook+0x53/0x2c0
[  633.526961][T23892]  ? copy_mm+0xa3a/0x13e0
[  633.531132][T23892]  ? copy_process+0x1149/0x3290
10:01:08 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4020940d, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x100, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x8}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x40010)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$search(0xa, r0, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x1}, r1)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:08 executing program 1:
socketpair(0x1f, 0x3, 0x1, &(0x7f00000000c0)) (async)
socketpair(0x1f, 0x3, 0x1, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180), 0xffffffffffffffff)
socket(0x10, 0x2, 0x4) (async)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)=ANY=[@ANYBLOB="737980746e904f081700000000150000", @ANYRES32=<r10=>0x0, @ANYBLOB="000100800000000400000800422c00480068000008049078e0000001e0000001441cf4b3ac1414aa000000400a01010100000e26ac1414bb00000003831712ffffffffac1e010164010100ac1414bbac1414aa00"]})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f0000002400)=ANY=[@ANYBLOB='x\t\x00\x00', @ANYRES16=0x0, @ANYBLOB="000829bd7000ffdbdf25010000000800010071123355d97ea6a66a87586f700cef152b0b867b458bc3032c25e60246b3eeafc6afc7875efbc077637f0917601828f1834b171e6e804f", @ANYRES32=0x0, @ANYBLOB="e4010280400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000400000008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="080007000000000040000100240001006d6f64650000000000000000000000000000000000000000000000000000000005000300050000000f000400726f756e64726f62696e00003800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=r3, @ANYBLOB="3c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000009000400686173680000000038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000800000038000100240001006c625f73746174735f726566726573685f696e74657276616c000000000000000500030003000000080004009901000008000100", @ANYRES32=0x0, @ANYBLOB="e80102803800010024000100616374697665706f727400000000000000000000000000000000000000000000050003000300000008000400", @ANYRES32=0x0, @ANYBLOB="44000100240001006270665f686173685f66756e6300000000000000000000000000000000000000050003000b000000140004000100070800020000ff000881d700000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400400000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r5, @ANYBLOB="400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000800000008000600", @ANYRES32=0x0, @ANYBLOB="3c000100240001006c625f74785f6d6574686f64000000000000000000000000000000000000000005000300050000000900040068617368000000003c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r6, @ANYBLOB="08000100", @ANYRES32=r7, @ANYBLOB="7c00028038000100240001006d636173745f72656a6f696e5f696e74657276616c00000000000000000000000500030003000000080004000200000040000100240001006c625f706f72745f737461747300000000000000000000000000000000000000050003000b000000080004000800000008000600", @ANYRES32=r8, @ANYBLOB="08000100", @ANYRES32=0x0, @ANYBLOB="0400028008000100", @ANYRES32=0x0, @ANYBLOB="b400028038000100240001006d636173745f72656a6f696e5f636f756e7400000000000000000000000000000500030003000000080004000000000038000100240001006e6f746966795f70656572735f636f756e74000000000000000000000000000005000300030000000800040003000000400001002400010071756575655f69640000000000000000000000000000000000000000000000000500030003000000080004000300000008000600", @ANYRES32=r9, @ANYBLOB="08000100", @ANYRES32=r10, @ANYBLOB="3402028040000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b000000080004000180000008000700000000003c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r11, @ANYBLOB="3c00010024000100656e61626c65640000000000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r12, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r13, @ANYBLOB="08000700000000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r14, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=0x0, @ANYBLOB="3c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r15, @ANYBLOB="40000100240001006c625f74785f686173685f746f5f706f72745f6d617070696e67000000000000050003000300000008000400", @ANYRES32=r16, @ANYBLOB="080007000000000044000100240001006d6f6465000000000000000000000000000000000000000000000000000000000500030005000000110004006163746976656261636b75700000000008000100", @ANYRES32=r17, @ANYBLOB="b000028038000100240001006d636173745f72656a6f696e5f696e74657276616c0000000000000000000000050003000300000008000400b500000038000100240001006e6f746966795f70656572735f636f756e740000000000000000000000000000050003000300000008000400ba0000003c00010024000100757365725f6c696e6b75705f656e61626c65640000000000000000000000000005000300060000000400040008000600", @ANYRES32=r18, @ANYBLOB="08000100", @ANYRES32=r19, @ANYBLOB="4001028038000100240001006e6f746966795f70656572735f696e74657276616c0000000000000000000000050003000300000008000400ff0f000040000100240001007072696f72697479000000000000000000000000000000000000000000000000050003000e000000080004000500000008000600", @ANYRES32=r20, @ANYBLOB="40000100240001006c625f686173685f737461747300000000000000000000000000000000000000050003000b0000000800040007000000080007000000000038000100240001006c625f73746174735f726566726573685f696e74657276616c00000000000000050003000300000008000400000000004c000100240001006c625f74785f6d6574686f640000000000000000000000000000000000000000050003000500000019000400686173685f746f5f706f72745f6d617070696e6700000000"], 0x978}}, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r21=>0x0, 0x0, 0x0, 0x0, 0x2, 0x6, &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xc3, &(0x7f0000000280)=[{}, {}, {}], 0x18, 0x10, &(0x7f00000002c0), &(0x7f0000000300), 0x8, 0xd6, 0x8, 0x8, &(0x7f0000000340)}}, 0x10)
sendmsg$BATADV_CMD_GET_GATEWAYS(r0, &(0x7f0000000580)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200014}, 0xc, &(0x7f0000000540)={&(0x7f00000004c0)={0x54, r1, 0x2, 0x70bd28, 0x25dfdbfe, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x4}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x81}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x83}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r14}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x4}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r21}]}, 0x54}, 0x1, 0x0, 0x0, 0x4084}, 0x1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r22 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r23 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r22)
keyctl$link(0x3, r23, 0x0)

[  633.535904][T23892]  ? kernel_clone+0x21e/0x9e0
[  633.540415][T23892]  ? __x64_sys_clone3+0x376/0x3a0
[  633.545278][T23892]  ? do_syscall_64+0x3d/0xb0
[  633.549701][T23892]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  633.555617][T23892]  ? pfn_valid+0x1e0/0x1e0
[  633.559860][T23892]  ? rwsem_write_trylock+0x15b/0x290
[  633.564979][T23892]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  633.571240][T23892]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  633.576787][T23892]  ? __rb_insert_augmented+0x5de/0x610
[  633.582112][T23892]  copy_mm+0xc7e/0x13e0
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xd000000)

10:01:08 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000200)=<r1=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000008c0)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r5, 0x10f, 0x85)
r6 = getpid()
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r6, r6], 0x2, {r4}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r7, 0x0], 0x2}, 0x58)
syz_clone3(&(0x7f0000000000)={0x280800, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000000880)=[r0, r7], 0x2, {r3}}, 0x58)

[  633.586076][T23892]  ? copy_signal+0x610/0x610
[  633.590495][T23892]  ? __init_rwsem+0xd6/0x1c0
[  633.594920][T23892]  ? copy_signal+0x4e3/0x610
[  633.599349][T23892]  copy_process+0x1149/0x3290
[  633.603867][T23892]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  633.608818][T23892]  ? copy_clone_args_from_user+0x774/0x830
[  633.614452][T23892]  kernel_clone+0x21e/0x9e0
[  633.618792][T23892]  ? __delayed_free_task+0x20/0x20
[  633.623735][T23892]  ? vfs_write+0x9ec/0x1110
[  633.628080][T23892]  ? create_io_thread+0x1e0/0x1e0
10:01:08 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000200)=<r1=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58) (async)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000008c0)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r5, 0x10f, 0x85) (async)
r6 = getpid()
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r6, r6], 0x2, {r4}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r7, 0x0], 0x2}, 0x58)
syz_clone3(&(0x7f0000000000)={0x280800, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000000880)=[r0, r7], 0x2, {r3}}, 0x58)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$search(0xa, r0, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x1}, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  633.632942][T23892]  __x64_sys_clone3+0x376/0x3a0
[  633.637626][T23892]  ? __ia32_sys_clone+0x290/0x290
[  633.642486][T23892]  ? fput+0x1a/0x20
[  633.646131][T23892]  ? debug_smp_processor_id+0x17/0x20
[  633.651337][T23892]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  633.657242][T23892]  ? exit_to_user_mode_prepare+0x39/0xa0
[  633.662710][T23892]  do_syscall_64+0x3d/0xb0
[  633.666960][T23892]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  633.672687][T23892] RIP: 0033:0x7f19fd5aeda9
[  633.676947][T23892] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  633.696384][T23892] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  633.704631][T23892] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  633.712441][T23892] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  633.720252][T23892] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:08 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 46)

10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$search(0xa, r0, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x1}, r1)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0x0) (async)
keyctl$search(0xa, r0, &(0x7f0000000080)='big_key\x00', &(0x7f00000000c0)={'syz', 0x1}, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:08 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r0=>0x0, &(0x7f0000000200)=<r1=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) (async)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58) (async)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000008c0)={<r5=>0xffffffffffffffff})
setsockopt$TIPC_MCAST_BROADCAST(r5, 0x10f, 0x85)
r6 = getpid()
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0)=<r7=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r6, r6], 0x2, {r4}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r7, 0x0], 0x2}, 0x58) (async)
syz_clone3(&(0x7f0000000000)={0x280800, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000000880)=[r0, r7], 0x2, {r3}}, 0x58)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe000000)

10:01:08 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{0x1b}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x811}, 0x4000040)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3)
keyctl$link(0x3, r3, r4)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r5, 0x0)
keyctl$clear(0x7, r5)
keyctl$negate(0xd, r5, 0x6, r5)

[  633.725816][T23939] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=23939 comm=syz-executor.1
[  633.728060][T23892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  633.728080][T23892] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  633.756447][T23892]  </TASK>
[  633.757069][T23946] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=23946 comm=syz-executor.1
10:01:08 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x5452, &(0x7f00000008c0)={'batadv_slave_0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fb81002403000000050037dcde000000"], 0x1c}, 0x1, 0x0, 0x0, 0xa0}, 0x4)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ab6b5e51", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="13000000c4d638f6fcd5cea2a0c193a00f6757d7014579a2a98363e68508d4ba217ef5acaf399bee4eb0d36675cb4e5ac155d3ef9ce6867bef1a8acbb7bb9112ceea274eb13a4d68df046be64f9afb2646d923f1449b1a9b5b1005482b9601eb8b1ec411f7094e6edfc0f3cbdf0ef9d11ffef2a50d80ad469b5eb9ac0ebf57dd67acc0b568034dc6e479e0ed5a58d94db61220f8265f9934578a580d28c8f2d80add6110ab64132867d9f5fe0dae1fcfd569050ce8ceaedba64f4097d95f824fab65e06a00000000000000", @ANYRES16=r2, @ANYBLOB="02002dbd7000fddbdf255300000008000300", @ANYRES32=r4, @ANYBLOB="0c009900010001002c000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040081}, 0x20000001)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r6, 0x0)

10:01:08 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x5452, &(0x7f00000008c0)={'batadv_slave_0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fb81002403000000050037dcde000000"], 0x1c}, 0x1, 0x0, 0x0, 0xa0}, 0x4) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ab6b5e51", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="13000000c4d638f6fcd5cea2a0c193a00f6757d7014579a2a98363e68508d4ba217ef5acaf399bee4eb0d36675cb4e5ac155d3ef9ce6867bef1a8acbb7bb9112ceea274eb13a4d68df046be64f9afb2646d923f1449b1a9b5b1005482b9601eb8b1ec411f7094e6edfc0f3cbdf0ef9d11ffef2a50d80ad469b5eb9ac0ebf57dd67acc0b568034dc6e479e0ed5a58d94db61220f8265f9934578a580d28c8f2d80add6110ab64132867d9f5fe0dae1fcfd569050ce8ceaedba64f4097d95f824fab65e06a00000000000000", @ANYRES16=r2, @ANYBLOB="02002dbd7000fddbdf255300000008000300", @ANYRES32=r4, @ANYBLOB="0c009900010001002c000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040081}, 0x20000001) (async)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r6, 0x0)

[  633.801588][T23958] FAULT_INJECTION: forcing a failure.
[  633.801588][T23958] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  633.814953][T23958] CPU: 0 PID: 23958 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  633.825164][T23958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  633.835058][T23958] Call Trace:
[  633.838184][T23958]  <TASK>
[  633.840956][T23958]  dump_stack_lvl+0x151/0x1b7
[  633.845471][T23958]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:08 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{0x1b}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{0x1b}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x811}, 0x4000040) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x811}, 0x4000040)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3)
keyctl$link(0x3, r3, r4) (async)
keyctl$link(0x3, r3, r4)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r5, 0x0)
keyctl$clear(0x7, r5)
keyctl$negate(0xd, r5, 0x6, r5)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe500000)

10:01:08 executing program 3:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{0x1b}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{0x1b}, {@val={0x8}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000200)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd26, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x811}, 0x4000040)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3)
keyctl$link(0x3, r3, r4)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r5, 0x0)
keyctl$clear(0x7, r5)
keyctl$negate(0xd, r5, 0x6, r5)

[  633.850942][T23958]  dump_stack+0x15/0x17
[  633.854932][T23958]  should_fail+0x3c6/0x510
[  633.859186][T23958]  should_fail_alloc_page+0x5a/0x80
[  633.864223][T23958]  prepare_alloc_pages+0x15c/0x700
[  633.869169][T23958]  ? __alloc_pages_bulk+0xe40/0xe40
[  633.874205][T23958]  __alloc_pages+0x18c/0x8f0
[  633.878630][T23958]  ? prep_new_page+0x110/0x110
[  633.883223][T23958]  ? __alloc_pages+0x27e/0x8f0
[  633.887829][T23958]  ? __kasan_check_write+0x14/0x20
[  633.892774][T23958]  ? _raw_spin_lock+0xa4/0x1b0
[  633.897372][T23958]  __pmd_alloc+0xb1/0x550
10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r1)
keyctl$link(0x3, r0, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf000000)

10:01:08 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x5452, &(0x7f00000008c0)={'batadv_slave_0\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fb81002403000000050037dcde000000"], 0x1c}, 0x1, 0x0, 0x0, 0xa0}, 0x4)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ab6b5e51", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="13000000c4d638f6fcd5cea2a0c193a00f6757d7014579a2a98363e68508d4ba217ef5acaf399bee4eb0d36675cb4e5ac155d3ef9ce6867bef1a8acbb7bb9112ceea274eb13a4d68df046be64f9afb2646d923f1449b1a9b5b1005482b9601eb8b1ec411f7094e6edfc0f3cbdf0ef9d11ffef2a50d80ad469b5eb9ac0ebf57dd67acc0b568034dc6e479e0ed5a58d94db61220f8265f9934578a580d28c8f2d80add6110ab64132867d9f5fe0dae1fcfd569050ce8ceaedba64f4097d95f824fab65e06a00000000000000", @ANYRES16=r2, @ANYBLOB="02002dbd7000fddbdf255300000008000300", @ANYRES32=r4, @ANYBLOB="0c009900010001002c000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040081}, 0x20000001)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r6, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x5452, &(0x7f00000008c0)={'batadv_slave_0\x00'}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000280), r0) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000300)={&(0x7f00000002c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="01002bbd7000fb81002403000000050037dcde000000"], 0x1c}, 0x1, 0x0, 0x0, 0xa0}, 0x4) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000ab6b5e51", @ANYRES32=0x0, @ANYBLOB="0c0099000000000000000000"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000140)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000200)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="13000000c4d638f6fcd5cea2a0c193a00f6757d7014579a2a98363e68508d4ba217ef5acaf399bee4eb0d36675cb4e5ac155d3ef9ce6867bef1a8acbb7bb9112ceea274eb13a4d68df046be64f9afb2646d923f1449b1a9b5b1005482b9601eb8b1ec411f7094e6edfc0f3cbdf0ef9d11ffef2a50d80ad469b5eb9ac0ebf57dd67acc0b568034dc6e479e0ed5a58d94db61220f8265f9934578a580d28c8f2d80add6110ab64132867d9f5fe0dae1fcfd569050ce8ceaedba64f4097d95f824fab65e06a00000000000000", @ANYRES16=r2, @ANYBLOB="02002dbd7000fddbdf255300000008000300", @ANYRES32=r4, @ANYBLOB="0c009900010001002c000000"], 0x28}, 0x1, 0x0, 0x0, 0x20040081}, 0x20000001) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5) (async)
keyctl$link(0x3, r6, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r5, r5, r6, 0x0) (async)

[  633.901541][T23958]  ? __pud_alloc+0x260/0x260
[  633.905969][T23958]  ? __pud_alloc+0x213/0x260
[  633.910402][T23958]  ? do_handle_mm_fault+0x2330/0x2330
[  633.915599][T23958]  ? __stack_depot_save+0x34/0x470
[  633.920545][T23958]  ? anon_vma_clone+0x9a/0x500
[  633.925148][T23958]  copy_page_range+0x2b3d/0x2f90
[  633.929919][T23958]  ? __kasan_slab_alloc+0xb1/0xe0
[  633.934783][T23958]  ? slab_post_alloc_hook+0x53/0x2c0
[  633.939905][T23958]  ? copy_mm+0xa3a/0x13e0
[  633.944079][T23958]  ? copy_process+0x1149/0x3290
10:01:08 executing program 3:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r1)
keyctl$link(0x3, r0, 0x0)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x10000000)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x11000000)

10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x12000000)

[  633.948756][T23958]  ? kernel_clone+0x21e/0x9e0
[  633.953269][T23958]  ? do_syscall_64+0x3d/0xb0
[  633.957695][T23958]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  633.963616][T23958]  ? pfn_valid+0x1e0/0x1e0
[  633.967848][T23958]  ? rwsem_write_trylock+0x15b/0x290
[  633.972970][T23958]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  633.979219][T23958]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  633.984778][T23958]  ? __rb_insert_augmented+0x5de/0x610
[  633.990073][T23958]  copy_mm+0xc7e/0x13e0
[  633.994064][T23958]  ? copy_signal+0x610/0x610
10:01:08 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x14000000)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x15000000)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r1)
keyctl$link(0x3, r0, 0x0)

[  633.998488][T23958]  ? __init_rwsem+0xd6/0x1c0
[  634.002913][T23958]  ? copy_signal+0x4e3/0x610
[  634.007341][T23958]  copy_process+0x1149/0x3290
[  634.011859][T23958]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  634.016799][T23958]  ? copy_clone_args_from_user+0x774/0x830
[  634.022551][T23958]  kernel_clone+0x21e/0x9e0
[  634.026885][T23958]  ? __delayed_free_task+0x20/0x20
[  634.031832][T23958]  ? vfs_write+0x9ec/0x1110
[  634.036177][T23958]  ? create_io_thread+0x1e0/0x1e0
[  634.041047][T23958]  __x64_sys_clone3+0x376/0x3a0
[  634.045719][T23958]  ? __ia32_sys_clone+0x290/0x290
10:01:09 executing program 3:
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x22000, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, r1)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x28}, 0x48, r1)
keyctl$link(0x3, r0, 0x0)

10:01:09 executing program 3:
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x22000, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, r1)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x28}, 0x48, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x28}, 0x48, r1)
keyctl$link(0x3, r0, 0x0)

10:01:09 executing program 3:
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x22000, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$fscrypt_v1(&(0x7f0000000000), 0x0, 0x0, 0x0, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x28}, 0x48, r1) (async)
keyctl$link(0x3, r0, 0x0)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x18000000)

[  634.050582][T23958]  ? fput+0x1a/0x20
[  634.054230][T23958]  ? debug_smp_processor_id+0x17/0x20
[  634.059434][T23958]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  634.065338][T23958]  ? exit_to_user_mode_prepare+0x39/0xa0
[  634.070902][T23958]  do_syscall_64+0x3d/0xb0
[  634.075154][T23958]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  634.080884][T23958] RIP: 0033:0x7f19fd5aeda9
10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x64, 0x34, 0x31, 0x33, 0x39, 0x66, 0x61, 0x38, 0x64, 0x34, 0x35, 0x64, 0x63, 0x33, 0x5d, 0x35]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9cae7d0000000000d4a16b98150d8e23b5bae5bb845e2cb0010600008000000000000000000000000000000000000000000800", 0x800001}, 0x48, 0xfffffffffffffffb)
keyctl$link(0x3, r0, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, 0xffffffffffffffff, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r1, &(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x3}, r3)

10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$link(0x3, r2, 0x0)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x64, 0x34, 0x31, 0x33, 0x39, 0x66, 0x61, 0x38, 0x64, 0x34, 0x35, 0x64, 0x63, 0x33, 0x5d, 0x35]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9cae7d0000000000d4a16b98150d8e23b5bae5bb845e2cb0010600008000000000000000000000000000000000000000000800", 0x800001}, 0x48, 0xfffffffffffffffb) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, 0xffffffffffffffff, 0x0) (async, rerun: 64)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0) (async, rerun: 64)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r1, &(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x3}, r3)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x25000000)

[  634.085140][T23958] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  634.104580][T23958] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  634.112825][T23958] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  634.120637][T23958] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  634.128447][T23958] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  634.136269][T23958] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  634.144080][T23958] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
10:01:09 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$802154_raw(r0, 0x0, 0x0)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0x81, &(0x7f0000000040)=0x2)
syz_clone3(&(0x7f00000042c0)={0xc1880200, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x4000000000000117}, 0x58)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x40000000)

10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$link(0x3, r2, 0x0) (async)
keyctl$link(0x3, r2, 0x0)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x64, 0x34, 0x31, 0x33, 0x39, 0x66, 0x61, 0x38, 0x64, 0x34, 0x35, 0x64, 0x63, 0x33, 0x5d, 0x35]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9cae7d0000000000d4a16b98150d8e23b5bae5bb845e2cb0010600008000000000000000000000000000000000000000000800", 0x800001}, 0x48, 0xfffffffffffffffb)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, 0xffffffffffffffff, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r1, 0x0)
r3 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
keyctl$search(0xa, r1, &(0x7f0000000280)='pkcs7_test\x00', &(0x7f00000002c0)={'syz', 0x3}, r3)

10:01:09 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 47)

10:01:09 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$802154_raw(r0, 0x0, 0x0)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0x81, &(0x7f0000000040)=0x2)
syz_clone3(&(0x7f00000042c0)={0xc1880200, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x4000000000000117}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
bind$802154_raw(r0, 0x0, 0x0) (async)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0x81, &(0x7f0000000040)=0x2) (async)
syz_clone3(&(0x7f00000042c0)={0xc1880200, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x4000000000000117}, 0x58) (async)

[  634.151886][T23958]  </TASK>
10:01:09 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
bind$802154_raw(r0, 0x0, 0x0) (async)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, &(0x7f0000000000)=0x81, &(0x7f0000000040)=0x2) (async, rerun: 64)
syz_clone3(&(0x7f00000042c0)={0xc1880200, 0x0, 0x0, 0x0, {0x15}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x4000000000000117}, 0x58) (rerun: 64)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x48000000)

10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa)
keyctl$link(0x3, r2, 0x0) (async)
keyctl$link(0x3, r2, 0x0)

10:01:09 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x80080)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)

[  634.205093][T24051] FAULT_INJECTION: forcing a failure.
[  634.205093][T24051] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  634.231859][T24051] CPU: 1 PID: 24051 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  634.242123][T24051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  634.252026][T24051] Call Trace:
10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040)={'veth0_to_team', 0x32, 0x35}, 0x10)

10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0)
write$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040)={'veth0_to_team', 0x32, 0x35}, 0x10)

10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async, rerun: 64)
r0 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) (rerun: 64)
write$cgroup_netprio_ifpriomap(r0, &(0x7f0000000040)={'veth0_to_team', 0x32, 0x35}, 0x10)

[  634.255139][T24051]  <TASK>
[  634.257919][T24051]  dump_stack_lvl+0x151/0x1b7
[  634.262434][T24051]  ? io_uring_drop_tctx_refs+0x190/0x190
[  634.267901][T24051]  dump_stack+0x15/0x17
[  634.271891][T24051]  should_fail+0x3c6/0x510
[  634.276156][T24051]  should_fail_alloc_page+0x5a/0x80
[  634.281178][T24051]  prepare_alloc_pages+0x15c/0x700
[  634.286445][T24051]  ? __alloc_pages_bulk+0xe40/0xe40
[  634.291477][T24051]  __alloc_pages+0x18c/0x8f0
[  634.295901][T24051]  ? prep_new_page+0x110/0x110
[  634.300498][T24051]  ? __alloc_pages+0x27e/0x8f0
[  634.305100][T24051]  ? __kasan_check_write+0x14/0x20
[  634.310045][T24051]  ? _raw_spin_lock+0xa4/0x1b0
[  634.314646][T24051]  pte_alloc_one+0x73/0x1b0
[  634.318987][T24051]  ? pfn_modify_allowed+0x2f0/0x2f0
[  634.324026][T24051]  ? __pmd_alloc+0x48d/0x550
[  634.328447][T24051]  __pte_alloc+0x86/0x350
[  634.332615][T24051]  ? __pud_alloc+0x260/0x260
[  634.337040][T24051]  ? __pud_alloc+0x213/0x260
[  634.341468][T24051]  ? free_pgtables+0x280/0x280
[  634.346067][T24051]  ? do_handle_mm_fault+0x2330/0x2330
[  634.351274][T24051]  ? __stack_depot_save+0x34/0x470
[  634.356219][T24051]  ? anon_vma_clone+0x9a/0x500
[  634.360824][T24051]  copy_page_range+0x28a8/0x2f90
[  634.365593][T24051]  ? __kasan_slab_alloc+0xb1/0xe0
[  634.370455][T24051]  ? slab_post_alloc_hook+0x53/0x2c0
[  634.375577][T24051]  ? kernel_clone+0x21e/0x9e0
[  634.380090][T24051]  ? do_syscall_64+0x3d/0xb0
[  634.384515][T24051]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  634.390426][T24051]  ? pfn_valid+0x1e0/0x1e0
[  634.394671][T24051]  ? rwsem_write_trylock+0x15b/0x290
[  634.399791][T24051]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  634.406043][T24051]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  634.411594][T24051]  ? __rb_insert_augmented+0x5de/0x610
[  634.416897][T24051]  copy_mm+0xc7e/0x13e0
[  634.420884][T24051]  ? copy_signal+0x610/0x610
[  634.425309][T24051]  ? __init_rwsem+0xd6/0x1c0
[  634.429735][T24051]  ? copy_signal+0x4e3/0x610
[  634.434160][T24051]  copy_process+0x1149/0x3290
[  634.438679][T24051]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  634.443624][T24051]  ? copy_clone_args_from_user+0x774/0x830
[  634.449268][T24051]  kernel_clone+0x21e/0x9e0
[  634.453602][T24051]  ? __delayed_free_task+0x20/0x20
[  634.458547][T24051]  ? vfs_write+0x9ec/0x1110
[  634.462890][T24051]  ? create_io_thread+0x1e0/0x1e0
[  634.467753][T24051]  __x64_sys_clone3+0x376/0x3a0
[  634.472434][T24051]  ? __ia32_sys_clone+0x290/0x290
[  634.477298][T24051]  ? fput+0x1a/0x20
[  634.480942][T24051]  ? debug_smp_processor_id+0x17/0x20
[  634.486146][T24051]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  634.492054][T24051]  ? exit_to_user_mode_prepare+0x39/0xa0
[  634.497522][T24051]  do_syscall_64+0x3d/0xb0
10:01:09 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x80080)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2) (async)
keyctl$link(0x3, r2, 0x0)

[  634.501770][T24051]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  634.507502][T24051] RIP: 0033:0x7f19fd5aeda9
[  634.511755][T24051] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  634.531198][T24051] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  634.539437][T24051] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  634.547352][T24051] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4c000000)

10:01:09 executing program 3:
r0 = syz_open_dev$loop(&(0x7f0000000080), 0x1, 0x80080) (async)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$LOOP_SET_FD(r0, 0x4c00, r1) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2) (async)
keyctl$link(0x3, r2, 0x0)

10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f0000000280)='syz')
r2 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
r3 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r0)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
r5 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "1eb96bb9151ef5bed03ad5043f03753d8ea9569992bb32a419d5699f9614d61736b1b0143a3114f6086c12b406fa39cfb9695d375c310134d3caca34b3f7bef2", 0x36}, 0x48, r4)
keyctl$negate(0xd, r5, 0x6, r4)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x3, r4, r6)
keyctl$link(0x8, r2, r0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x253c2044}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080025bd7000fcdbdf25010000e8270031000600000000000900bbbbbbbbbbbb000077f7c7d3cef208002b00050000000800"], 0x38}, 0x1, 0x0, 0x0, 0x8050}, 0x0)
keyctl$restrict_keyring(0x1d, r3, &(0x7f00000003c0)='dns_resolver\x00', 0x0)

[  634.555162][T24051] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  634.563143][T24051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  634.570951][T24051] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  634.578769][T24051]  </TASK>
10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:09 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 48)

10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f0000000280)='syz')
add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
r2 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r0) (async)
r3 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r0)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
r5 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "1eb96bb9151ef5bed03ad5043f03753d8ea9569992bb32a419d5699f9614d61736b1b0143a3114f6086c12b406fa39cfb9695d375c310134d3caca34b3f7bef2", 0x36}, 0x48, r4)
keyctl$negate(0xd, r5, 0x6, r4)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x3, r4, r6)
keyctl$link(0x8, r2, r0)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x253c2044}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080025bd7000fcdbdf25010000e8270031000600000000000900bbbbbbbbbbbb000077f7c7d3cef208002b00050000000800"], 0x38}, 0x1, 0x0, 0x0, 0x8050}, 0x0)
keyctl$restrict_keyring(0x1d, r3, &(0x7f00000003c0)='dns_resolver\x00', 0x0) (async)
keyctl$restrict_keyring(0x1d, r3, &(0x7f00000003c0)='dns_resolver\x00', 0x0)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  634.622198][T24082] __nla_validate_parse: 60 callbacks suppressed
[  634.622220][T24082] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  634.648862][T24090] FAULT_INJECTION: forcing a failure.
[  634.648862][T24090] name failslab, interval 1, probability 0, space 0, times 0
[  634.673287][T24090] CPU: 1 PID: 24090 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  634.683455][T24090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  634.693359][T24090] Call Trace:
[  634.696481][T24090]  <TASK>
[  634.699252][T24090]  dump_stack_lvl+0x151/0x1b7
[  634.703766][T24090]  ? io_uring_drop_tctx_refs+0x190/0x190
[  634.709241][T24090]  dump_stack+0x15/0x17
[  634.713229][T24090]  should_fail+0x3c6/0x510
[  634.717501][T24090]  __should_failslab+0xa4/0xe0
10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x68000000)

10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x220080280, 0x0, 0x0, 0x0, {0x120}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x220080280, 0x0, 0x0, 0x0, {0x120}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  634.722077][T24090]  ? anon_vma_fork+0xf7/0x4e0
[  634.726592][T24090]  should_failslab+0x9/0x20
[  634.730934][T24090]  slab_pre_alloc_hook+0x37/0xd0
[  634.735704][T24090]  ? anon_vma_fork+0xf7/0x4e0
[  634.740217][T24090]  kmem_cache_alloc+0x44/0x200
[  634.744837][T24090]  anon_vma_fork+0xf7/0x4e0
[  634.749156][T24090]  ? anon_vma_name+0x4c/0x70
[  634.753587][T24090]  ? vm_area_dup+0x17a/0x230
[  634.758017][T24090]  copy_mm+0xa3a/0x13e0
[  634.762005][T24090]  ? copy_signal+0x610/0x610
[  634.766435][T24090]  ? __init_rwsem+0xd6/0x1c0
10:01:09 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x220080280, 0x0, 0x0, 0x0, {0x120}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:09 executing program 2:
r0 = syz_io_uring_complete(0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r1, 0x0, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000300), &(0x7f0000000340)=0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1, <r20=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x470, 0x0, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x54}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xf3c}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x24, &(0x7f00000000c0)=""/36, 0x41000, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[r20, 0xffffffffffffffff], 0x0, 0x10, 0xab}, 0x90)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  634.770866][T24090]  ? copy_signal+0x4e3/0x610
[  634.775282][T24090]  copy_process+0x1149/0x3290
[  634.779800][T24090]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  634.784743][T24090]  ? copy_clone_args_from_user+0x774/0x830
[  634.790388][T24090]  kernel_clone+0x21e/0x9e0
[  634.794724][T24090]  ? __delayed_free_task+0x20/0x20
[  634.799671][T24090]  ? vfs_write+0x9ec/0x1110
[  634.804015][T24090]  ? create_io_thread+0x1e0/0x1e0
[  634.808872][T24090]  __x64_sys_clone3+0x376/0x3a0
[  634.813559][T24090]  ? __ia32_sys_clone+0x290/0x290
[  634.818453][T24090]  ? fput+0x1a/0x20
[  634.818687][T24109] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=24109 comm=syz-executor.2
[  634.822061][T24090]  ? debug_smp_processor_id+0x17/0x20
[  634.822090][T24090]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  634.822117][T24090]  ? exit_to_user_mode_prepare+0x39/0xa0
[  634.836333][T24109] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=24109 comm=syz-executor.2
[  634.840030][T24090]  do_syscall_64+0x3d/0xb0
[  634.840059][T24090]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  634.874141][T24090] RIP: 0033:0x7f19fd5aeda9
[  634.878394][T24090] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  634.883586][T24111] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  634.898008][T24090] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  634.898041][T24090] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:09 executing program 2:
r0 = syz_io_uring_complete(0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r1, 0x0, 0x0) (async)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}}) (async)
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000300), &(0x7f0000000340)=0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1, <r20=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x470, 0x0, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x54}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xf3c}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x24, &(0x7f00000000c0)=""/36, 0x41000, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[r20, 0xffffffffffffffff], 0x0, 0x10, 0xab}, 0x90) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6c000000)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x74000000)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7a000000)

[  634.898058][T24090] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  634.923134][T24116] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  634.923176][T24090] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  634.946074][T24121] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  634.947909][T24090] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  634.947929][T24090] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
10:01:09 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$keyring(&(0x7f0000000540), &(0x7f0000000580)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f0000000280)='syz')
r2 = add_key$keyring(&(0x7f00000005c0), &(0x7f0000000600)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
r3 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3) (async)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
r5 = add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc4}, &(0x7f0000000340)={0x0, "1eb96bb9151ef5bed03ad5043f03753d8ea9569992bb32a419d5699f9614d61736b1b0143a3114f6086c12b406fa39cfb9695d375c310134d3caca34b3f7bef2", 0x36}, 0x48, r4)
keyctl$negate(0xd, r5, 0x6, r4)
r6 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x3, r4, r6) (async)
keyctl$link(0x3, r4, r6)
keyctl$link(0x8, r2, r0) (async)
keyctl$link(0x8, r2, r0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r7 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_MESH(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x253c2044}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="080025bd7000fcdbdf25010000e8270031000600000000000900bbbbbbbbbbbb000077f7c7d3cef208002b00050000000800"], 0x38}, 0x1, 0x0, 0x0, 0x8050}, 0x0)
keyctl$restrict_keyring(0x1d, r3, &(0x7f00000003c0)='dns_resolver\x00', 0x0)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)
keyctl$link(0x3, r0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "bb22eed924d116664b4fbd1ed73fde9c466cdae9c326a61196c7fb288156b7b16745354e01dfd34fc4989d1e57fbfbeb8ab1a217d734017c1b4751696fbe6d95", 0x17}, 0x48, r1)

10:01:09 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 49)

10:01:09 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$link(0x3, r0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "bb22eed924d116664b4fbd1ed73fde9c466cdae9c326a61196c7fb288156b7b16745354e01dfd34fc4989d1e57fbfbeb8ab1a217d734017c1b4751696fbe6d95", 0x17}, 0x48, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "bb22eed924d116664b4fbd1ed73fde9c466cdae9c326a61196c7fb288156b7b16745354e01dfd34fc4989d1e57fbfbeb8ab1a217d734017c1b4751696fbe6d95", 0x17}, 0x48, r1)

10:01:09 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf0ffffff)

[  634.947951][T24090]  </TASK>
[  634.970629][T24123] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  634.991728][T24112] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=24112 comm=syz-executor.2
[  635.016766][T24139] FAULT_INJECTION: forcing a failure.
10:01:09 executing program 2:
r0 = syz_io_uring_complete(0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r1, 0x0, 0x0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}}) (async)
getsockopt$TIPC_DEST_DROPPABLE(r1, 0x10f, 0x81, &(0x7f0000000300), &(0x7f0000000340)=0x4)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{0x1, <r20=>0xffffffffffffffff}, &(0x7f0000000140), &(0x7f0000000180)='%pK    \x00'}, 0x20)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000240)={0x6, 0xe, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x470, 0x0, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x54}, @map_idx_val={0x18, 0x9, 0x6, 0x0, 0xf, 0x0, 0x0, 0x0, 0xf3c}, @kfunc={0x85, 0x0, 0x2, 0x0, 0x1}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}, @map_val={0x18, 0xa, 0x2, 0x0, r1, 0x0, 0x0, 0x0, 0x8}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffff9}]}, &(0x7f0000000080)='GPL\x00', 0x401, 0x24, &(0x7f00000000c0)=""/36, 0x41000, 0x0, '\x00', r4, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x2, 0x1}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=[r20, 0xffffffffffffffff], 0x0, 0x10, 0xab}, 0x90) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xffffff7f)

[  635.016766][T24139] name failslab, interval 1, probability 0, space 0, times 0
[  635.034230][T24139] CPU: 1 PID: 24139 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  635.044480][T24139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  635.054383][T24139] Call Trace:
[  635.056288][T24143] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=24143 comm=syz-executor.2
[  635.057494][T24139]  <TASK>
10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xfffffff0)

10:01:10 executing program 2:
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x100000001)
syz_clone3(&(0x7f00000042c0)={0x1b4088200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:10 executing program 2:
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x100000001)
syz_clone3(&(0x7f00000042c0)={0x1b4088200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x1b4088200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:10 executing program 2:
ioctl$LOOP_SET_DIRECT_IO(0xffffffffffffffff, 0x4c08, 0x100000001) (async, rerun: 32)
syz_clone3(&(0x7f00000042c0)={0x1b4088200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (rerun: 32)

[  635.057505][T24139]  dump_stack_lvl+0x151/0x1b7
[  635.077553][T24139]  ? io_uring_drop_tctx_refs+0x190/0x190
[  635.083023][T24139]  dump_stack+0x15/0x17
[  635.087007][T24139]  should_fail+0x3c6/0x510
[  635.091263][T24139]  __should_failslab+0xa4/0xe0
[  635.095861][T24139]  ? anon_vma_fork+0xf7/0x4e0
[  635.100370][T24139]  should_failslab+0x9/0x20
[  635.104713][T24139]  slab_pre_alloc_hook+0x37/0xd0
[  635.109488][T24139]  ? anon_vma_fork+0xf7/0x4e0
[  635.113997][T24139]  kmem_cache_alloc+0x44/0x200
[  635.118602][T24139]  anon_vma_fork+0xf7/0x4e0
10:01:10 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x280)
syz_clone3(&(0x7f0000000340)={0x10000, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100), {0xb}, &(0x7f0000000140)=""/142, 0x8e, &(0x7f0000000200)=""/52, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4}, 0x58)
r1 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1], 0x1}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x100881580, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, r0, r1], 0x3}, 0x58)
r2 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x80000)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000440)={0x42, 0x2, 0x1}, 0x10)
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040)=0x2, 0x4)
getsockname$tipc(r2, &(0x7f00000003c0), &(0x7f0000000400)=0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)

10:01:10 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x280) (async)
syz_clone3(&(0x7f0000000340)={0x10000, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100), {0xb}, &(0x7f0000000140)=""/142, 0x8e, &(0x7f0000000200)=""/52, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4}, 0x58) (async)
r1 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x100881580, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, r0, r1], 0x3}, 0x58) (async)
r2 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x80000)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000440)={0x42, 0x2, 0x1}, 0x10) (async)
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040)=0x2, 0x4) (async)
getsockname$tipc(r2, &(0x7f00000003c0), &(0x7f0000000400)=0x10)
socket$inet6_udplite(0xa, 0x2, 0x88)

[  635.122945][T24139]  ? anon_vma_name+0x4c/0x70
[  635.127367][T24139]  ? vm_area_dup+0x17a/0x230
[  635.131792][T24139]  copy_mm+0xa3a/0x13e0
[  635.135786][T24139]  ? copy_signal+0x610/0x610
[  635.140210][T24139]  ? __init_rwsem+0xd6/0x1c0
[  635.144638][T24139]  ? copy_signal+0x4e3/0x610
[  635.149062][T24139]  copy_process+0x1149/0x3290
[  635.153582][T24139]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  635.158526][T24139]  ? copy_clone_args_from_user+0x774/0x830
[  635.164167][T24139]  kernel_clone+0x21e/0x9e0
[  635.168503][T24139]  ? __delayed_free_task+0x20/0x20
10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000300), &(0x7f0000000340)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)
keyctl$link(0x3, r0, 0x0)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "bb22eed924d116664b4fbd1ed73fde9c466cdae9c326a61196c7fb288156b7b16745354e01dfd34fc4989d1e57fbfbeb8ab1a217d734017c1b4751696fbe6d95", 0x17}, 0x48, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @desc3}, &(0x7f0000000200)={0x0, "bb22eed924d116664b4fbd1ed73fde9c466cdae9c326a61196c7fb288156b7b16745354e01dfd34fc4989d1e57fbfbeb8ab1a217d734017c1b4751696fbe6d95", 0x17}, 0x48, r1)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x3000000000000)

10:01:10 executing program 2:
syz_open_dev$loop(&(0x7f0000000000), 0x0, 0x280) (async)
syz_clone3(&(0x7f0000000340)={0x10000, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000100), {0xb}, &(0x7f0000000140)=""/142, 0x8e, &(0x7f0000000200)=""/52, &(0x7f0000000240)=[0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x4}, 0x58) (async)
r1 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r1], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x100881580, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, &(0x7f0000000280)=[0x0, r0, r1], 0x3}, 0x58) (async)
r2 = accept4$tipc(0xffffffffffffffff, 0x0, &(0x7f00000002c0), 0x80000)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000440)={0x42, 0x2, 0x1}, 0x10) (async)
setsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040)=0x2, 0x4)
getsockname$tipc(r2, &(0x7f00000003c0), &(0x7f0000000400)=0x10) (async)
socket$inet6_udplite(0xa, 0x2, 0x88)

[  635.173450][T24139]  ? vfs_write+0x9ec/0x1110
[  635.177793][T24139]  ? create_io_thread+0x1e0/0x1e0
[  635.182655][T24139]  __x64_sys_clone3+0x376/0x3a0
[  635.187333][T24139]  ? __ia32_sys_clone+0x290/0x290
[  635.192201][T24139]  ? fput+0x1a/0x20
[  635.195847][T24139]  ? debug_smp_processor_id+0x17/0x20
[  635.201051][T24139]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  635.206978][T24139]  ? exit_to_user_mode_prepare+0x39/0xa0
[  635.212448][T24139]  do_syscall_64+0x3d/0xb0
[  635.216672][T24139]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
10:01:10 executing program 2:
syz_clone3(&(0x7f0000000380)={0x8050400, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000140), {0x3}, &(0x7f0000000540)=""/223, 0xdf, &(0x7f0000000240)=""/225, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x9}, 0x58)
r1 = getpid()
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000680)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000006c0)={0x800, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0), {0x18}, &(0x7f0000000440)=""/241, 0xf1, &(0x7f0000000200)=""/48, &(0x7f0000000640)=[r0, r1], 0x2, {r2}}, 0x58)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0xa00a0300, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1, {r3}}, 0x58)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

10:01:10 executing program 2:
syz_clone3(&(0x7f0000000380)={0x8050400, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000140), {0x3}, &(0x7f0000000540)=""/223, 0xdf, &(0x7f0000000240)=""/225, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x9}, 0x58)
r1 = getpid() (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000680)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000006c0)={0x800, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0), {0x18}, &(0x7f0000000440)=""/241, 0xf1, &(0x7f0000000200)=""/48, &(0x7f0000000640)=[r0, r1], 0x2, {r2}}, 0x58) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0xa00a0300, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1, {r3}}, 0x58) (async)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

[  635.222401][T24139] RIP: 0033:0x7f19fd5aeda9
[  635.226743][T24139] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  635.246184][T24139] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  635.254428][T24139] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  635.259129][T24186] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
10:01:10 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}]}, 0x38}}, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0xfffffffc}, 0x5, r2)
keyctl$link(0x3, r2, 0x0)

10:01:10 executing program 1:
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x8000000000000001, 0x6, 0x7, 0x800, 0x101, 0xfffffffffffff001, 0xb9}, &(0x7f0000000140)={0x2, 0x1, 0xd18, 0xffff, 0x6, 0xe19, 0x7, 0x6}, &(0x7f0000000180)={0xffff, 0xf89d, 0x99c1, 0x1, 0x0, 0x2, 0xc27, 0x1}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0x2]}, 0x8})
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000ed031c"], 0x54}}, 0x0)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x10, 0x3f8, 0x20, 0x70bd2b, 0x25dfdbfe, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000001}, 0x44090)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x7fff, 0x6, 0x1, 0x6, 0x10001, 0x5, 0xfffffffffffffffd}, &(0x7f00000002c0)={0x732, 0x3, 0x9, 0x80000000, 0x8, 0x8, 0x4, 0x1}, &(0x7f0000000300)={0x1, 0x3, 0x200, 0x72, 0x9, 0x8, 0x6, 0x408}, &(0x7f0000000340)={0x0, 0x989680}, &(0x7f00000003c0)={&(0x7f0000000380)={[0x7]}, 0x8})
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:10 executing program 2:
syz_clone3(&(0x7f0000000380)={0x8050400, &(0x7f0000000080), &(0x7f00000000c0)=<r0=>0x0, &(0x7f0000000140), {0x3}, &(0x7f0000000540)=""/223, 0xdf, &(0x7f0000000240)=""/225, &(0x7f0000000340)=[0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0], 0x9}, 0x58)
getpid() (async)
r1 = getpid()
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000680)='./cgroup.net/syz1\x00', 0x200002, 0x0) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000680)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000006c0)={0x800, &(0x7f0000000100), &(0x7f0000000180), &(0x7f00000001c0), {0x18}, &(0x7f0000000440)=""/241, 0xf1, &(0x7f0000000200)=""/48, &(0x7f0000000640)=[r0, r1], 0x2, {r2}}, 0x58)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000400)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0xa00a0300, 0x0, 0x0, 0x0, {0x37}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1, {r3}}, 0x58)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x80030000000000)

10:01:10 executing program 1:
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x8000000000000001, 0x6, 0x7, 0x800, 0x101, 0xfffffffffffff001, 0xb9}, &(0x7f0000000140)={0x2, 0x1, 0xd18, 0xffff, 0x6, 0xe19, 0x7, 0x6}, &(0x7f0000000180)={0xffff, 0xf89d, 0x99c1, 0x1, 0x0, 0x2, 0xc27, 0x1}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0x2]}, 0x8}) (async)
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000ed031c"], 0x54}}, 0x0) (async)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x10, 0x3f8, 0x20, 0x70bd2b, 0x25dfdbfe, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000001}, 0x44090) (async)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x7fff, 0x6, 0x1, 0x6, 0x10001, 0x5, 0xfffffffffffffffd}, &(0x7f00000002c0)={0x732, 0x3, 0x9, 0x80000000, 0x8, 0x8, 0x4, 0x1}, &(0x7f0000000300)={0x1, 0x3, 0x200, 0x72, 0x9, 0x8, 0x6, 0x408}, &(0x7f0000000340)={0x0, 0x989680}, &(0x7f00000003c0)={&(0x7f0000000380)={[0x7]}, 0x8}) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:10 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 50)

[  635.262235][T24139] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  635.262256][T24139] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  635.262272][T24139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  635.293587][T24194] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  635.294782][T24139] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  635.294808][T24139]  </TASK>
10:01:10 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}]}, 0x38}}, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0xfffffffc}, 0x5, r2) (async)
keyctl$link(0x3, r2, 0x0)

10:01:10 executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$char_usb(r0, &(0x7f00000000c0)=""/105, 0xfffffffffffffd8c)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)

10:01:10 executing program 1:
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x8000000000000001, 0x6, 0x7, 0x800, 0x101, 0xfffffffffffff001, 0xb9}, &(0x7f0000000140)={0x2, 0x1, 0xd18, 0xffff, 0x6, 0xe19, 0x7, 0x6}, &(0x7f0000000180)={0xffff, 0xf89d, 0x99c1, 0x1, 0x0, 0x2, 0xc27, 0x1}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0x2]}, 0x8})
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000ed031c"], 0x54}}, 0x0)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x10, 0x3f8, 0x20, 0x70bd2b, 0x25dfdbfe, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000001}, 0x44090)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x7fff, 0x6, 0x1, 0x6, 0x10001, 0x5, 0xfffffffffffffffd}, &(0x7f00000002c0)={0x732, 0x3, 0x9, 0x80000000, 0x8, 0x8, 0x4, 0x1}, &(0x7f0000000300)={0x1, 0x3, 0x200, 0x72, 0x9, 0x8, 0x6, 0x408}, &(0x7f0000000340)={0x0, 0x989680}, &(0x7f00000003c0)={&(0x7f0000000380)={[0x7]}, 0x8})
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x4, 0x8000000000000001, 0x6, 0x7, 0x800, 0x101, 0xfffffffffffff001, 0xb9}, &(0x7f0000000140)={0x2, 0x1, 0xd18, 0xffff, 0x6, 0xe19, 0x7, 0x6}, &(0x7f0000000180)={0xffff, 0xf89d, 0x99c1, 0x1, 0x0, 0x2, 0xc27, 0x1}, &(0x7f00000001c0)={0x0, 0x989680}, &(0x7f0000000240)={&(0x7f0000000200)={[0x2]}, 0x8}) (async)
socket$nl_audit(0x10, 0x3, 0x9) (async)
sendmsg$AUDIT_USER(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="54000000ed031c"], 0x54}}, 0x0) (async)
sendmsg$AUDIT_TTY_GET(r0, &(0x7f00000004c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000480)={&(0x7f0000000440)={0x10, 0x3f8, 0x20, 0x70bd2b, 0x25dfdbfe, "", [""]}, 0x10}, 0x1, 0x0, 0x0, 0x20000001}, 0x44090) (async)
pselect6(0x40, &(0x7f0000000280)={0x0, 0x7fff, 0x6, 0x1, 0x6, 0x10001, 0x5, 0xfffffffffffffffd}, &(0x7f00000002c0)={0x732, 0x3, 0x9, 0x80000000, 0x8, 0x8, 0x4, 0x1}, &(0x7f0000000300)={0x1, 0x3, 0x200, 0x72, 0x9, 0x8, 0x6, 0x408}, &(0x7f0000000340)={0x0, 0x989680}, &(0x7f00000003c0)={&(0x7f0000000380)={[0x7]}, 0x8}) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
keyctl$link(0x3, r2, 0x0) (async)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x100000000000000)

[  635.339837][T24202] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  635.361457][T24210] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  635.372863][T24213] FAULT_INJECTION: forcing a failure.
[  635.372863][T24213] name failslab, interval 1, probability 0, space 0, times 0
10:01:10 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "f043bb8a9b74be30031f54119f263a45836f70a8f0e415cf2e91a28db53b913fedb47c98beca983c70f6fa2a23adbbbf84b6add15a5472a5f6d849eac89b1ff9", 0x40}, 0x48, r0)
keyctl$search(0xa, r0, &(0x7f0000000380)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, r1)
r2 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "9bfebe500c4551a239b41ef7822a57bb798cf9eb423a2d744f41855bfd4a05e46bf034ab4f09f0967638941a86620f86ed2e02362d6e4e3cc40c8e8ffab8d4df", 0x35}, 0x48, r0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3)
keyctl$link(0x3, r3, 0x0)
keyctl$link(0x8, r2, r3)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r4, 0x0)

10:01:10 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x38, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}]}, 0x38}}, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0xfffffffc}, 0x5, r2) (async)
keyctl$link(0x3, r2, 0x0)

10:01:10 executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$char_usb(r0, &(0x7f00000000c0)=""/105, 0xfffffffffffffd8c)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
read$char_usb(r0, &(0x7f00000000c0)=""/105, 0xfffffffffffffd8c) (async)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86) (async)

10:01:10 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "f043bb8a9b74be30031f54119f263a45836f70a8f0e415cf2e91a28db53b913fedb47c98beca983c70f6fa2a23adbbbf84b6add15a5472a5f6d849eac89b1ff9", 0x40}, 0x48, r0)
keyctl$search(0xa, r0, &(0x7f0000000380)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, r1) (async)
r2 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "9bfebe500c4551a239b41ef7822a57bb798cf9eb423a2d744f41855bfd4a05e46bf034ab4f09f0967638941a86620f86ed2e02362d6e4e3cc40c8e8ffab8d4df", 0x35}, 0x48, r0) (async)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3) (async)
keyctl$link(0x3, r3, 0x0)
keyctl$link(0x8, r2, r3) (async)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r4, 0x0)

[  635.399401][T24228] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  635.408985][T24213] CPU: 1 PID: 24213 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  635.419144][T24213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  635.420404][T24230] netlink: 'syz-executor.3': attribute type 3 has an invalid length.
[  635.429031][T24213] Call Trace:
[  635.429041][T24213]  <TASK>
[  635.429050][T24213]  dump_stack_lvl+0x151/0x1b7
10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1)
keyctl$link(0x3, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$clear(0x7, r0)
keyctl$link(0x8, r0, r2)

10:01:10 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "f043bb8a9b74be30031f54119f263a45836f70a8f0e415cf2e91a28db53b913fedb47c98beca983c70f6fa2a23adbbbf84b6add15a5472a5f6d849eac89b1ff9", 0x40}, 0x48, r0)
keyctl$search(0xa, r0, &(0x7f0000000380)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, r1)
r2 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "9bfebe500c4551a239b41ef7822a57bb798cf9eb423a2d744f41855bfd4a05e46bf034ab4f09f0967638941a86620f86ed2e02362d6e4e3cc40c8e8ffab8d4df", 0x35}, 0x48, r0)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3)
keyctl$link(0x3, r3, 0x0)
keyctl$link(0x8, r2, r3)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r4, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000280), &(0x7f00000002c0)={'fscrypt:', @desc4}, &(0x7f0000000300)={0x0, "f043bb8a9b74be30031f54119f263a45836f70a8f0e415cf2e91a28db53b913fedb47c98beca983c70f6fa2a23adbbbf84b6add15a5472a5f6d849eac89b1ff9", 0x40}, 0x48, r0) (async)
keyctl$search(0xa, r0, &(0x7f0000000380)='keyring\x00', &(0x7f0000000240)={'syz', 0x2}, r1) (async)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "9bfebe500c4551a239b41ef7822a57bb798cf9eb423a2d744f41855bfd4a05e46bf034ab4f09f0967638941a86620f86ed2e02362d6e4e3cc40c8e8ffab8d4df", 0x35}, 0x48, r0) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r3) (async)
keyctl$link(0x3, r3, 0x0) (async)
keyctl$link(0x8, r2, r3) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r4, 0x0) (async)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1) (async)
keyctl$link(0x3, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$clear(0x7, r0) (async)
keyctl$link(0x8, r0, r2)

[  635.429079][T24213]  ? io_uring_drop_tctx_refs+0x190/0x190
[  635.453021][T24213]  dump_stack+0x15/0x17
[  635.457010][T24213]  should_fail+0x3c6/0x510
[  635.461260][T24213]  __should_failslab+0xa4/0xe0
[  635.465859][T24213]  ? vm_area_dup+0x26/0x230
[  635.470197][T24213]  should_failslab+0x9/0x20
[  635.474548][T24213]  slab_pre_alloc_hook+0x37/0xd0
[  635.479316][T24213]  ? vm_area_dup+0x26/0x230
[  635.483656][T24213]  kmem_cache_alloc+0x44/0x200
[  635.488257][T24213]  vm_area_dup+0x26/0x230
[  635.492420][T24213]  copy_mm+0x9a1/0x13e0
10:01:10 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r1, 0x1)
keyctl$link(0x3, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1) (async)
keyctl$clear(0x7, r0)
keyctl$link(0x8, r0, r2)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x200000000000000)

[  635.496414][T24213]  ? copy_signal+0x610/0x610
[  635.500839][T24213]  ? __init_rwsem+0xd6/0x1c0
[  635.505262][T24213]  ? copy_signal+0x4e3/0x610
[  635.509696][T24213]  copy_process+0x1149/0x3290
[  635.514209][T24213]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  635.519162][T24213]  ? copy_clone_args_from_user+0x774/0x830
[  635.524810][T24213]  kernel_clone+0x21e/0x9e0
[  635.529133][T24213]  ? __delayed_free_task+0x20/0x20
[  635.534176][T24213]  ? vfs_write+0x9ec/0x1110
[  635.537447][T24268] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$unlink(0x9, r0, r0)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$search(0xa, r1, &(0x7f0000000080)='syzkaller\x00', &(0x7f00000000c0)={'syz', 0x3}, r2)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x300000000000000)

[  635.538507][T24213]  ? create_io_thread+0x1e0/0x1e0
[  635.538556][T24213]  __x64_sys_clone3+0x376/0x3a0
[  635.557175][T24213]  ? __ia32_sys_clone+0x290/0x290
[  635.557215][T24213]  ? fput+0x1a/0x20
[  635.565671][T24213]  ? debug_smp_processor_id+0x17/0x20
[  635.570877][T24213]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  635.576790][T24213]  ? exit_to_user_mode_prepare+0x39/0xa0
[  635.577660][T24271] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  635.582243][T24213]  do_syscall_64+0x3d/0xb0
10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x400000000000000)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x500000000000000)

10:01:10 executing program 2:
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
read$char_usb(r0, &(0x7f00000000c0)=""/105, 0xfffffffffffffd8c)
setsockopt$TIPC_MCAST_REPLICAST(r0, 0x10f, 0x86)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x600000000000000)

10:01:10 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async, rerun: 32)
keyctl$link(0x3, 0x0, 0x0) (rerun: 32)

[  635.582270][T24213]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[  635.582290][T24213]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  635.582314][T24213] RIP: 0033:0x7f19fd5aeda9
[  635.611242][T24213] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  635.630695][T24213] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  635.638926][T24213] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x700000000000000)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$unlink(0x9, r0, r0) (async)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$search(0xa, r1, &(0x7f0000000080)='syzkaller\x00', &(0x7f00000000c0)={'syz', 0x3}, r2)

10:01:10 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x800000000000000)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$unlink(0x9, r0, r0)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$search(0xa, r1, &(0x7f0000000080)='syzkaller\x00', &(0x7f00000000c0)={'syz', 0x3}, r2)

10:01:10 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 51)

10:01:10 executing program 2:
sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14, &(0x7f00000003c0)={&(0x7f0000000340)="c8c243a53064ea28fc1f69a78b2f4f2f082e937269c669d1be799198e96bd698c85b06824556e0e938dbd310f5a4f4b5ca7600651da36fdcd2927b6e8484c073f84bc6aeb9d569d5c5dc1abd453c0c20", 0x50}, 0x1, 0x0, 0x0, 0x6040080}, 0x20000000)
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000)=<r1=>0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x1}, &(0x7f00000000c0)=""/143, 0x8f, &(0x7f0000000180)=""/38, &(0x7f0000000440)=[0x0, r0, r0, r0, r0, r0, r0, r0], 0x8}, 0x58)
pidfd_send_signal(r1, 0x30, &(0x7f0000000280)={0x17, 0xffffffff, 0x1}, 0x0)

10:01:10 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x4280, 0x0)

[  635.646735][T24213] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  635.654552][T24213] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  635.662362][T24213] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  635.670188][T24213] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  635.677987][T24213]  </TASK>
10:01:10 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x3f7, 0x100, 0x70bd25, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4050080}, 0x44)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
sendmsg$AUDIT_USER(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb8, 0x3ed, 0x1, 0x70bd26, 0x25dfdbfe, "e892cde1132f81574e9d5455feacdbcdbe4931b5162c5556d40be0f6beb1b3d7f07e3f5c941aa9c7c396a3cd861cde2963ff2ea487edb6fd4051f274b4c61021fda213f3a499353c68291076ce4627ed3b0b6c8cf334d2f4c32ad27312fdc916d41cd17462c4db2b0684dd9173e5718ae49b5a7068a3e53816a7a52706b632806b57d7c273d0ba5504094bcd776a37d6e76e6019c626888cc7126c8001c7c585a4d18847e2a6af", ["", "", "", "", "", ""]}, 0xb8}, 0x1, 0x0, 0x0, 0x20004800}, 0x8040)
keyctl$link(0x3, r1, 0x0)

10:01:10 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x4280, 0x0)

10:01:10 executing program 2:
sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14, &(0x7f00000003c0)={&(0x7f0000000340)="c8c243a53064ea28fc1f69a78b2f4f2f082e937269c669d1be799198e96bd698c85b06824556e0e938dbd310f5a4f4b5ca7600651da36fdcd2927b6e8484c073f84bc6aeb9d569d5c5dc1abd453c0c20", 0x50}, 0x1, 0x0, 0x0, 0x6040080}, 0x20000000)
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000)=<r1=>0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x1}, &(0x7f00000000c0)=""/143, 0x8f, &(0x7f0000000180)=""/38, &(0x7f0000000440)=[0x0, r0, r0, r0, r0, r0, r0, r0], 0x8}, 0x58)
pidfd_send_signal(r1, 0x30, &(0x7f0000000280)={0x17, 0xffffffff, 0x1}, 0x0)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x900000000000000)

10:01:10 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x3f7, 0x100, 0x70bd25, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4050080}, 0x44)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
sendmsg$AUDIT_USER(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb8, 0x3ed, 0x1, 0x70bd26, 0x25dfdbfe, "e892cde1132f81574e9d5455feacdbcdbe4931b5162c5556d40be0f6beb1b3d7f07e3f5c941aa9c7c396a3cd861cde2963ff2ea487edb6fd4051f274b4c61021fda213f3a499353c68291076ce4627ed3b0b6c8cf334d2f4c32ad27312fdc916d41cd17462c4db2b0684dd9173e5718ae49b5a7068a3e53816a7a52706b632806b57d7c273d0ba5504094bcd776a37d6e76e6019c626888cc7126c8001c7c585a4d18847e2a6af", ["", "", "", "", "", ""]}, 0xb8}, 0x1, 0x0, 0x0, 0x20004800}, 0x8040) (async)
keyctl$link(0x3, r1, 0x0)

[  635.741893][T24304] FAULT_INJECTION: forcing a failure.
[  635.741893][T24304] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  635.766274][T24304] CPU: 1 PID: 24304 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  635.776453][T24304] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  635.786338][T24304] Call Trace:
10:01:10 executing program 3:
r0 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x3f7, 0x100, 0x70bd25, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4050080}, 0x44) (async)
sendmsg$AUDIT_MAKE_EQUIV(r0, &(0x7f0000000140)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x28, 0x3f7, 0x100, 0x70bd25, 0x25dfdbfd, {0x7, 0x7, './file0', './file0'}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x4050080}, 0x44)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
sendmsg$AUDIT_USER(r0, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000280)={&(0x7f00000001c0)={0xb8, 0x3ed, 0x1, 0x70bd26, 0x25dfdbfe, "e892cde1132f81574e9d5455feacdbcdbe4931b5162c5556d40be0f6beb1b3d7f07e3f5c941aa9c7c396a3cd861cde2963ff2ea487edb6fd4051f274b4c61021fda213f3a499353c68291076ce4627ed3b0b6c8cf334d2f4c32ad27312fdc916d41cd17462c4db2b0684dd9173e5718ae49b5a7068a3e53816a7a52706b632806b57d7c273d0ba5504094bcd776a37d6e76e6019c626888cc7126c8001c7c585a4d18847e2a6af", ["", "", "", "", "", ""]}, 0xb8}, 0x1, 0x0, 0x0, 0x20004800}, 0x8040)
keyctl$link(0x3, r1, 0x0)

10:01:10 executing program 2:
sendmsg$802154_raw(0xffffffffffffffff, &(0x7f0000000400)={&(0x7f0000000300)={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0002}}}, 0x14, &(0x7f00000003c0)={&(0x7f0000000340)="c8c243a53064ea28fc1f69a78b2f4f2f082e937269c669d1be799198e96bd698c85b06824556e0e938dbd310f5a4f4b5ca7600651da36fdcd2927b6e8484c073f84bc6aeb9d569d5c5dc1abd453c0c20", 0x50}, 0x1, 0x0, 0x0, 0x6040080}, 0x20000000) (async)
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000)=<r1=>0xffffffffffffffff, &(0x7f0000000040), &(0x7f0000000080), {0x1}, &(0x7f00000000c0)=""/143, 0x8f, &(0x7f0000000180)=""/38, &(0x7f0000000440)=[0x0, r0, r0, r0, r0, r0, r0, r0], 0x8}, 0x58)
pidfd_send_signal(r1, 0x30, &(0x7f0000000280)={0x17, 0xffffffff, 0x1}, 0x0)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, r1, 0x1)
keyctl$search(0xa, r0, &(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x1}, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

[  635.789465][T24304]  <TASK>
[  635.792240][T24304]  dump_stack_lvl+0x151/0x1b7
[  635.796759][T24304]  ? io_uring_drop_tctx_refs+0x190/0x190
[  635.802223][T24304]  dump_stack+0x15/0x17
[  635.806211][T24304]  should_fail+0x3c6/0x510
[  635.810477][T24304]  should_fail_alloc_page+0x5a/0x80
[  635.815499][T24304]  prepare_alloc_pages+0x15c/0x700
[  635.820446][T24304]  ? __alloc_pages+0x8f0/0x8f0
[  635.825050][T24304]  ? __alloc_pages_bulk+0xe40/0xe40
[  635.830091][T24304]  __alloc_pages+0x18c/0x8f0
[  635.834506][T24304]  ? prep_new_page+0x110/0x110
10:01:10 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_io_uring_setup(0x6d54, &(0x7f0000000080)={0x0, 0x8059a7, 0x200, 0x3, 0x348, 0x0, r0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
syz_io_uring_complete(r1)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, &(0x7f0000000040)=0x4)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, r1, 0x1)
keyctl$search(0xa, r0, &(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x1}, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:10 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_io_uring_setup(0x6d54, &(0x7f0000000080)={0x0, 0x8059a7, 0x200, 0x3, 0x348, 0x0, r0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
syz_io_uring_complete(r1)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, &(0x7f0000000040)=0x4)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r2, r0, r1, 0x1)
keyctl$search(0xa, r0, &(0x7f0000000080)='dns_resolver\x00', &(0x7f00000000c0)={'syz', 0x1}, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

[  635.839108][T24304]  ? is_bpf_text_address+0x172/0x190
[  635.844229][T24304]  pte_alloc_one+0x73/0x1b0
[  635.848566][T24304]  ? pfn_modify_allowed+0x2f0/0x2f0
[  635.853603][T24304]  ? arch_stack_walk+0xf3/0x140
[  635.858289][T24304]  __pte_alloc+0x86/0x350
[  635.862458][T24304]  ? free_pgtables+0x280/0x280
[  635.867057][T24304]  ? _raw_spin_lock+0xa4/0x1b0
[  635.871654][T24304]  ? __kasan_check_write+0x14/0x20
[  635.876607][T24304]  copy_page_range+0x28a8/0x2f90
[  635.881375][T24304]  ? __kasan_slab_alloc+0xb1/0xe0
[  635.886241][T24304]  ? pfn_valid+0x1e0/0x1e0
10:01:10 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_io_uring_setup(0x6d54, &(0x7f0000000080)={0x0, 0x8059a7, 0x200, 0x3, 0x348, 0x0, r0}, &(0x7f0000000100)=<r1=>0x0, &(0x7f0000000140))
syz_io_uring_complete(r1)
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f0000000000)=0x2, &(0x7f0000000040)=0x4)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, r0)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, r0)

[  635.890498][T24304]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  635.896045][T24304]  ? __rb_insert_augmented+0x5de/0x610
[  635.901342][T24304]  copy_mm+0xc7e/0x13e0
[  635.905335][T24304]  ? copy_signal+0x610/0x610
[  635.909753][T24304]  ? __init_rwsem+0xd6/0x1c0
[  635.914183][T24304]  ? copy_signal+0x4e3/0x610
[  635.918610][T24304]  copy_process+0x1149/0x3290
[  635.923131][T24304]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  635.928069][T24304]  ? copy_clone_args_from_user+0x774/0x830
[  635.933710][T24304]  kernel_clone+0x21e/0x9e0
10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, r0) (async)

10:01:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xa00000000000000)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x8, r1, 0xfffffffffffffffa)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r2, 0x0)
keyctl$link(0x3, r0, r1)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x8, r1, 0xfffffffffffffffa)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r2, 0x0) (async)
keyctl$link(0x3, r0, r1)

10:01:10 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14, &(0x7f00000000c0)={&(0x7f0000000040)="785fcb314c8ff30d655e014302a0eff1e6d64db6e6232e3a13be2543cd0498f2a29e3cbf9b04e5be9fe20579a96a1822a30306af38271d25524496136663abbf20bea4e7a459d58edc2d10da2889e65f77bf64116af284feca69a9685907cd3627b15a896292e355951448aa043ec50b1b7ba0204adade9e", 0x78}, 0x1, 0x0, 0x0, 0x44840}, 0x8000)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0x58)
r1 = socket(0x27, 0x80000, 0xffff)
getsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c80, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080))
ioctl$PPPIOCDISCONN(r3, 0x7439)
ioctl$PTP_PIN_SETFUNC(r2, 0x40603d07, &(0x7f0000000200)={'\x00', 0x6, 0x3, 0xffff})
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r4, &(0x7f0000000180)={0x24, @short={0x2, 0x2, 0xaaa2}}, 0x14)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xe9f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffeffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc0000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
r6 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0x480002)
ioctl$LOOP_SET_FD(r6, 0x4c00, r4)
bind$802154_raw(r4, &(0x7f0000000280)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14)

[  635.938049][T24304]  ? __delayed_free_task+0x20/0x20
[  635.942993][T24304]  ? vfs_write+0x9ec/0x1110
[  635.947338][T24304]  ? create_io_thread+0x1e0/0x1e0
[  635.952199][T24304]  __x64_sys_clone3+0x376/0x3a0
[  635.956888][T24304]  ? __ia32_sys_clone+0x290/0x290
[  635.961749][T24304]  ? fput+0x1a/0x20
[  635.965392][T24304]  ? debug_smp_processor_id+0x17/0x20
[  635.970594][T24304]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  635.976498][T24304]  ? exit_to_user_mode_prepare+0x39/0xa0
[  635.981967][T24304]  do_syscall_64+0x3d/0xb0
[  635.986217][T24304]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x8, r1, 0xfffffffffffffffa)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x15, r2, 0x0)
keyctl$link(0x3, r0, r1)

10:01:10 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4)
keyctl$link(0x3, r0, 0x0)

[  635.991946][T24304] RIP: 0033:0x7f19fd5aeda9
[  635.996200][T24304] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  636.015645][T24304] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  636.023888][T24304] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  636.031699][T24304] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0) (async)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4) (async)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4)
keyctl$link(0x3, r0, 0x0)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x4280, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x4280, 0x0) (async)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xb00000000000000)

10:01:11 executing program 3:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4)
keyctl$link(0x3, r0, 0x0)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xc00000000000000)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r0, 0xffffffff, 0x5, r1)
keyctl$link(0x3, r1, 0x0)
keyctl$negate(0xd, r0, 0x8, r0)

10:01:11 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 52)

[  636.039514][T24304] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  636.047326][T24304] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  636.055139][T24304] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  636.063148][T24304]  </TASK>
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$reject(0x13, r0, 0xa705, 0x0, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:11 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14, &(0x7f00000000c0)={&(0x7f0000000040)="785fcb314c8ff30d655e014302a0eff1e6d64db6e6232e3a13be2543cd0498f2a29e3cbf9b04e5be9fe20579a96a1822a30306af38271d25524496136663abbf20bea4e7a459d58edc2d10da2889e65f77bf64116af284feca69a9685907cd3627b15a896292e355951448aa043ec50b1b7ba0204adade9e", 0x78}, 0x1, 0x0, 0x0, 0x44840}, 0x8000) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0x58) (async)
r1 = socket(0x27, 0x80000, 0xffff)
getsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c80, 0x0) (async)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080))
ioctl$PPPIOCDISCONN(r3, 0x7439) (async)
ioctl$PTP_PIN_SETFUNC(r2, 0x40603d07, &(0x7f0000000200)={'\x00', 0x6, 0x3, 0xffff}) (async)
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r4, &(0x7f0000000180)={0x24, @short={0x2, 0x2, 0xaaa2}}, 0x14)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xe9f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffeffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc0000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x10) (async)
r6 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0x480002)
ioctl$LOOP_SET_FD(r6, 0x4c00, r4) (async)
bind$802154_raw(r4, &(0x7f0000000280)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xd00000000000000)

[  636.119873][T24378] FAULT_INJECTION: forcing a failure.
[  636.119873][T24378] name failslab, interval 1, probability 0, space 0, times 0
[  636.133187][T24378] CPU: 0 PID: 24378 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  636.143360][T24378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  636.153249][T24378] Call Trace:
[  636.156371][T24378]  <TASK>
[  636.159148][T24378]  dump_stack_lvl+0x151/0x1b7
[  636.163663][T24378]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe00000000000000)

10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$reject(0x13, r0, 0xa705, 0x0, r0)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$reject(0x13, r0, 0xa705, 0x0, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xe50000000000000)

10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$reject(0x13, r0, 0xa705, 0x0, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x6, r1)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r2, r3)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$negate(0xd, r3, 0x100000001, r4)
keyctl$search(0xa, r1, &(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0)={'syz', 0x2}, r1)
keyctl$link(0x3, r0, 0x0)
keyctl$clear(0x7, r0)
keyctl$reject(0x13, r1, 0x0, 0x7, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1)
keyctl$search(0xa, r1, &(0x7f0000000200)='syzkaller\x00', &(0x7f0000000240)={'syz', 0x2}, r1)

10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x6, r1) (async)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r2, r3) (async, rerun: 32)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0) (rerun: 32)
keyctl$negate(0xd, r3, 0x100000001, r4)
keyctl$search(0xa, r1, &(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0)={'syz', 0x2}, r1)
keyctl$link(0x3, r0, 0x0)
keyctl$clear(0x7, r0) (async)
keyctl$reject(0x13, r1, 0x0, 0x7, 0xfffffffffffffffb) (async, rerun: 64)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1) (async, rerun: 64)
keyctl$search(0xa, r1, &(0x7f0000000200)='syzkaller\x00', &(0x7f0000000240)={'syz', 0x2}, r1)

[  636.169133][T24378]  dump_stack+0x15/0x17
[  636.173120][T24378]  should_fail+0x3c6/0x510
[  636.177383][T24378]  __should_failslab+0xa4/0xe0
[  636.181976][T24378]  ? vm_area_dup+0x26/0x230
[  636.186311][T24378]  should_failslab+0x9/0x20
[  636.190757][T24378]  slab_pre_alloc_hook+0x37/0xd0
[  636.195523][T24378]  ? vm_area_dup+0x26/0x230
[  636.200138][T24378]  kmem_cache_alloc+0x44/0x200
[  636.204739][T24378]  vm_area_dup+0x26/0x230
[  636.208908][T24378]  copy_mm+0x9a1/0x13e0
[  636.212896][T24378]  ? copy_signal+0x610/0x610
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$negate(0xd, r1, 0x6, r1) (async)
r2 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r2, r3) (async)
r4 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$negate(0xd, r3, 0x100000001, r4)
keyctl$search(0xa, r1, &(0x7f0000000080)='id_resolver\x00', &(0x7f00000000c0)={'syz', 0x2}, r1) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$clear(0x7, r0) (async)
keyctl$reject(0x13, r1, 0x0, 0x7, 0xfffffffffffffffb) (async)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1) (async)
keyctl$search(0xa, r1, &(0x7f0000000200)='syzkaller\x00', &(0x7f0000000240)={'syz', 0x2}, r1)

10:01:11 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r0, 0x0, 0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000200)={0x9, &(0x7f0000000080)=[{0xffc1, 0x2, 0x96}, {0x1, 0x0, 0xab, 0x101}, {0x7, 0x72, 0x7f, 0x7}, {0x0, 0x1, 0x81}, {0x7, 0x9, 0x1}, {0x82, 0x20, 0xff, 0xfffffff9}, {0x7, 0x2, 0x20}, {0x3ff, 0x6, 0x81, 0x1}, {0x5, 0x5, 0x3, 0xffffffff}]})
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x18)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0x8, r0}, 0x18)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f00000002c0)=0xffff2c93)

10:01:11 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r0, 0x0, 0x0) (async)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000200)={0x9, &(0x7f0000000080)=[{0xffc1, 0x2, 0x96}, {0x1, 0x0, 0xab, 0x101}, {0x7, 0x72, 0x7f, 0x7}, {0x0, 0x1, 0x81}, {0x7, 0x9, 0x1}, {0x82, 0x20, 0xff, 0xfffffff9}, {0x7, 0x2, 0x20}, {0x3ff, 0x6, 0x81, 0x1}, {0x5, 0x5, 0x3, 0xffffffff}]}) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x18) (async, rerun: 64)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (rerun: 64)
keyctl$link(0x3, r1, 0x0) (async, rerun: 64)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0x8, r0}, 0x18) (async, rerun: 64)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f00000002c0)=0xffff2c93)

[  636.217329][T24378]  ? __init_rwsem+0xd6/0x1c0
[  636.221750][T24378]  ? copy_signal+0x4e3/0x610
[  636.226185][T24378]  copy_process+0x1149/0x3290
[  636.230707][T24378]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  636.235640][T24378]  ? copy_clone_args_from_user+0x774/0x830
[  636.241278][T24378]  kernel_clone+0x21e/0x9e0
[  636.245619][T24378]  ? __delayed_free_task+0x20/0x20
[  636.250565][T24378]  ? vfs_write+0x9ec/0x1110
[  636.254912][T24378]  ? create_io_thread+0x1e0/0x1e0
[  636.259769][T24378]  __x64_sys_clone3+0x376/0x3a0
[  636.264456][T24378]  ? __ia32_sys_clone+0x290/0x290
10:01:11 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
getsockname$tipc(r0, 0x0, 0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f0000000200)={0x9, &(0x7f0000000080)=[{0xffc1, 0x2, 0x96}, {0x1, 0x0, 0xab, 0x101}, {0x7, 0x72, 0x7f, 0x7}, {0x0, 0x1, 0x81}, {0x7, 0x9, 0x1}, {0x82, 0x20, 0xff, 0xfffffff9}, {0x7, 0x2, 0x20}, {0x3ff, 0x6, 0x81, 0x1}, {0x5, 0x5, 0x3, 0xffffffff}]}) (async, rerun: 32)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (rerun: 32)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', 0x0, 0x8}, 0x18) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async)
keyctl$link(0x3, r1, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000340)=@o_path={&(0x7f0000000300)='./file0\x00', 0x0, 0x8, r0}, 0x18) (async)
ioctl$PPPIOCSDEBUG(r0, 0x40047440, &(0x7f00000002c0)=0xffff2c93)

[  636.269315][T24378]  ? fput+0x1a/0x20
[  636.272953][T24378]  ? debug_smp_processor_id+0x17/0x20
[  636.278160][T24378]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  636.284062][T24378]  ? exit_to_user_mode_prepare+0x39/0xa0
[  636.289546][T24378]  do_syscall_64+0x3d/0xb0
[  636.293786][T24378]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  636.299510][T24378] RIP: 0033:0x7f19fd5aeda9
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000240)={'syz', 0x3}, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r0, 0x0)

[  636.303778][T24378] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  636.323216][T24378] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  636.331452][T24378] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  636.339270][T24378] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  636.339294][T24378] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  636.354894][T24378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  636.362706][T24378] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000240)={'syz', 0x3}, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$search(0xa, r0, &(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000240)={'syz', 0x3}, r0) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, 0xfffffffffffffff8) (async)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r1) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r0, 0xffffffff, 0x5, r1)
keyctl$link(0x3, r1, 0x0)
keyctl$negate(0xd, r0, 0x8, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$reject(0x13, r0, 0xffffffff, 0x5, r1) (async)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$negate(0xd, r0, 0x8, r0) (async)

10:01:11 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 53)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r0, 0xffffffff, 0x5, r1)
keyctl$link(0x3, r1, 0x0)
keyctl$negate(0xd, r0, 0x8, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$reject(0x13, r0, 0xffffffff, 0x5, r1) (async)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$negate(0xd, r0, 0x8, r0) (async)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf00000000000000)

[  636.370527][T24378]  </TASK>
10:01:11 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000240)={'syz', 0x3}, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc4}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, 0xfffffffffffffff8)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r1) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r0, 0x0)

10:01:11 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x84600, 0x0)
ioctl$RTC_WIE_OFF(r0, 0x7010)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x420000, 0x0)
ioctl$PTP_PEROUT_REQUEST(r1, 0x40383d03, &(0x7f0000000140)={{0x5, 0x6}, {0x5, 0x24}, 0x8ec})
ioctl$RTC_PIE_OFF(r1, 0x7006)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)
keyctl$negate(0xd, r3, 0x5, r2)

10:01:11 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x80000000}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20000000}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x44}}, 0x40800)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)

10:01:11 executing program 2:
r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
sendmsg$802154_raw(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x24, @short={0x2, 0x0, 0xaaa3}}, 0x14, &(0x7f00000000c0)={&(0x7f0000000040)="785fcb314c8ff30d655e014302a0eff1e6d64db6e6232e3a13be2543cd0498f2a29e3cbf9b04e5be9fe20579a96a1822a30306af38271d25524496136663abbf20bea4e7a459d58edc2d10da2889e65f77bf64116af284feca69a9685907cd3627b15a896292e355951448aa043ec50b1b7ba0204adade9e", 0x78}, 0x1, 0x0, 0x0, 0x44840}, 0x8000)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0x1}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0x58)
r1 = socket(0x27, 0x80000, 0xffff)
getsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000140), &(0x7f0000000180)=0x4)
r2 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000001c0), 0x40c80, 0x0)
r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080)) (async)
ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000080))
ioctl$PPPIOCDISCONN(r3, 0x7439)
ioctl$PTP_PIN_SETFUNC(r2, 0x40603d07, &(0x7f0000000200)={'\x00', 0x6, 0x3, 0xffff})
r4 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
bind$802154_raw(r4, &(0x7f0000000180)={0x24, @short={0x2, 0x2, 0xaaa2}}, 0x14) (async)
bind$802154_raw(r4, &(0x7f0000000180)={0x24, @short={0x2, 0x2, 0xaaa2}}, 0x14)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f0000000340), r1)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xe9f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffeffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc0000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x10) (async)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x54, r5, 0x10, 0x70bd2b, 0x25dfdbfc, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x6}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x7}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0xe9f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xfffeffff}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0xc0000}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x5}]}, 0x54}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
r6 = syz_open_dev$loop(&(0x7f00000002c0), 0x6, 0x480002)
ioctl$LOOP_SET_FD(r6, 0x4c00, r4) (async)
ioctl$LOOP_SET_FD(r6, 0x4c00, r4)
bind$802154_raw(r4, &(0x7f0000000280)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14) (async)
bind$802154_raw(r4, &(0x7f0000000280)={0x24, @short={0x2, 0x3, 0xaaa1}}, 0x14)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1000000000000000)

10:01:11 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x84600, 0x0)
ioctl$RTC_WIE_OFF(r0, 0x7010) (async, rerun: 32)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x420000, 0x0) (rerun: 32)
ioctl$PTP_PEROUT_REQUEST(r1, 0x40383d03, &(0x7f0000000140)={{0x5, 0x6}, {0x5, 0x24}, 0x8ec}) (async)
ioctl$RTC_PIE_OFF(r1, 0x7006) (async, rerun: 64)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (rerun: 64)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0) (async)
keyctl$negate(0xd, r3, 0x5, r2)

[  636.418239][T24448] FAULT_INJECTION: forcing a failure.
[  636.418239][T24448] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  636.484895][T24448] CPU: 1 PID: 24448 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  636.495070][T24448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  636.504968][T24448] Call Trace:
[  636.508089][T24448]  <TASK>
[  636.510873][T24448]  dump_stack_lvl+0x151/0x1b7
[  636.515378][T24448]  ? io_uring_drop_tctx_refs+0x190/0x190
[  636.520852][T24448]  dump_stack+0x15/0x17
[  636.524862][T24448]  should_fail+0x3c6/0x510
[  636.529093][T24448]  should_fail_alloc_page+0x5a/0x80
[  636.534125][T24448]  prepare_alloc_pages+0x15c/0x700
[  636.539080][T24448]  ? __alloc_pages_bulk+0xe40/0xe40
[  636.544109][T24448]  __alloc_pages+0x18c/0x8f0
[  636.548536][T24448]  ? prep_new_page+0x110/0x110
[  636.553134][T24448]  ? __alloc_pages+0x27e/0x8f0
[  636.557737][T24448]  ? __kasan_check_write+0x14/0x20
[  636.562683][T24448]  ? _raw_spin_lock+0xa4/0x1b0
[  636.567292][T24448]  pte_alloc_one+0x73/0x1b0
[  636.571625][T24448]  ? pfn_modify_allowed+0x2f0/0x2f0
[  636.576655][T24448]  ? __pmd_alloc+0x48d/0x550
[  636.581090][T24448]  __pte_alloc+0x86/0x350
[  636.585244][T24448]  ? __pud_alloc+0x260/0x260
[  636.589671][T24448]  ? __pud_alloc+0x213/0x260
[  636.594096][T24448]  ? free_pgtables+0x280/0x280
[  636.598701][T24448]  ? do_handle_mm_fault+0x2330/0x2330
[  636.603905][T24448]  ? __stack_depot_save+0x34/0x470
[  636.608942][T24448]  ? anon_vma_clone+0x9a/0x500
[  636.613545][T24448]  copy_page_range+0x28a8/0x2f90
[  636.618585][T24448]  ? __kasan_slab_alloc+0xb1/0xe0
[  636.623548][T24448]  ? slab_post_alloc_hook+0x53/0x2c0
[  636.628666][T24448]  ? kernel_clone+0x21e/0x9e0
[  636.633176][T24448]  ? do_syscall_64+0x3d/0xb0
[  636.637600][T24448]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  636.643511][T24448]  ? pfn_valid+0x1e0/0x1e0
[  636.647752][T24448]  ? rwsem_write_trylock+0x15b/0x290
[  636.652875][T24448]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  636.659124][T24448]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  636.664678][T24448]  ? __rb_insert_augmented+0x5de/0x610
[  636.669978][T24448]  copy_mm+0xc7e/0x13e0
[  636.673968][T24448]  ? copy_signal+0x610/0x610
[  636.678392][T24448]  ? __init_rwsem+0xd6/0x1c0
[  636.682820][T24448]  ? copy_signal+0x4e3/0x610
[  636.687246][T24448]  copy_process+0x1149/0x3290
[  636.691762][T24448]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  636.696706][T24448]  ? copy_clone_args_from_user+0x774/0x830
[  636.702349][T24448]  kernel_clone+0x21e/0x9e0
[  636.706683][T24448]  ? __delayed_free_task+0x20/0x20
[  636.711631][T24448]  ? vfs_write+0x9ec/0x1110
[  636.715972][T24448]  ? create_io_thread+0x1e0/0x1e0
[  636.720930][T24448]  __x64_sys_clone3+0x376/0x3a0
[  636.725616][T24448]  ? __ia32_sys_clone+0x290/0x290
[  636.730473][T24448]  ? fput+0x1a/0x20
[  636.734115][T24448]  ? debug_smp_processor_id+0x17/0x20
[  636.739320][T24448]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  636.745222][T24448]  ? exit_to_user_mode_prepare+0x39/0xa0
[  636.750688][T24448]  do_syscall_64+0x3d/0xb0
[  636.754944][T24448]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  636.760670][T24448] RIP: 0033:0x7f19fd5aeda9
[  636.764924][T24448] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
10:01:11 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x80000000}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20000000}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x44}}, 0x40800) (async)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x80000000}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20000000}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x44}}, 0x40800)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$link(0x3, r2, 0x0)

10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1100000000000000)

10:01:11 executing program 1:
r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000180), 0x84600, 0x0)
ioctl$RTC_WIE_OFF(r0, 0x7010)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x420000, 0x0)
ioctl$PTP_PEROUT_REQUEST(r1, 0x40383d03, &(0x7f0000000140)={{0x5, 0x6}, {0x5, 0x24}, 0x8ec})
ioctl$RTC_PIE_OFF(r1, 0x7006)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0) (async, rerun: 32)
keyctl$negate(0xd, r3, 0x5, r2) (rerun: 32)

10:01:11 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 54)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0x1fe, &(0x7f0000000040)=0x4)

[  636.784374][T24448] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  636.792614][T24448] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  636.800427][T24448] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  636.808233][T24448] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  636.816043][T24448] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  636.823856][T24448] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  636.831673][T24448]  </TASK>
10:01:11 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1200000000000000)

10:01:11 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) (rerun: 64)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x44, r1, 0x200, 0x70bd27, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0x80000000}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x20000000}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x4}], @NL80211_ATTR_DURATION={0x8, 0x57, 0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x1}]]}, 0x44}}, 0x40800) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2) (async)
keyctl$link(0x3, r2, 0x0)

10:01:11 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = syz_pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0xc, &(0x7f0000000000)={0x7, 0x1ff, 0x5}, 0x0)

10:01:11 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0x1fe, &(0x7f0000000040)=0x4)

[  636.879305][T24482] FAULT_INJECTION: forcing a failure.
[  636.879305][T24482] name failslab, interval 1, probability 0, space 0, times 0
[  636.899881][T24482] CPU: 0 PID: 24482 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  636.910053][T24482] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  636.919949][T24482] Call Trace:
[  636.923067][T24482]  <TASK>
[  636.925847][T24482]  dump_stack_lvl+0x151/0x1b7
[  636.930356][T24482]  ? io_uring_drop_tctx_refs+0x190/0x190
[  636.935828][T24482]  ? avc_denied+0x1b0/0x1b0
[  636.940163][T24482]  dump_stack+0x15/0x17
[  636.944168][T24482]  should_fail+0x3c6/0x510
[  636.948415][T24482]  __should_failslab+0xa4/0xe0
[  636.953010][T24482]  ? vm_area_dup+0x26/0x230
[  636.957347][T24482]  should_failslab+0x9/0x20
[  636.961691][T24482]  slab_pre_alloc_hook+0x37/0xd0
[  636.966548][T24482]  ? vm_area_dup+0x26/0x230
[  636.970887][T24482]  kmem_cache_alloc+0x44/0x200
[  636.975493][T24482]  vm_area_dup+0x26/0x230
[  636.979655][T24482]  copy_mm+0x9a1/0x13e0
[  636.983650][T24482]  ? copy_signal+0x610/0x610
[  636.988073][T24482]  ? __init_rwsem+0xd6/0x1c0
[  636.992502][T24482]  ? copy_signal+0x4e3/0x610
[  636.996926][T24482]  copy_process+0x1149/0x3290
[  637.001443][T24482]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  637.006387][T24482]  ? copy_clone_args_from_user+0x774/0x830
[  637.012028][T24482]  kernel_clone+0x21e/0x9e0
[  637.016371][T24482]  ? __delayed_free_task+0x20/0x20
[  637.021315][T24482]  ? vfs_write+0x9ec/0x1110
[  637.025657][T24482]  ? create_io_thread+0x1e0/0x1e0
[  637.030516][T24482]  __x64_sys_clone3+0x376/0x3a0
[  637.035295][T24482]  ? __ia32_sys_clone+0x290/0x290
[  637.040152][T24482]  ? fput+0x1a/0x20
[  637.043811][T24482]  ? debug_smp_processor_id+0x17/0x20
[  637.049009][T24482]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  637.054993][T24482]  ? exit_to_user_mode_prepare+0x39/0xa0
[  637.060466][T24482]  do_syscall_64+0x3d/0xb0
[  637.064721][T24482]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  637.070441][T24482] RIP: 0033:0x7f19fd5aeda9
[  637.074697][T24482] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  637.094137][T24482] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  637.102379][T24482] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  637.110192][T24482] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  637.118182][T24482] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1400000000000000)

10:01:12 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 55)

10:01:12 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = syz_pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0xc, &(0x7f0000000000)={0x7, 0x1ff, 0x5}, 0x0)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r1, 0x112, 0xa, &(0x7f0000000000)=0x1fe, &(0x7f0000000040)=0x4)

[  637.125987][T24482] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.133802][T24482] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  637.141614][T24482]  </TASK>
10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x105000, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r0, 0x1)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r0, 0x1)
r3 = syz_io_uring_complete(0x0)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000200)=0x2)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = syz_pidfd_open(r0, 0x0)
pidfd_send_signal(r1, 0xc, &(0x7f0000000000)={0x7, 0x1ff, 0x5}, 0x0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
syz_pidfd_open(r0, 0x0) (async)
pidfd_send_signal(r1, 0xc, &(0x7f0000000000)={0x7, 0x1ff, 0x5}, 0x0) (async)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1500000000000000)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r0)
add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r1)
keyctl$reject(0x13, r1, 0x4, 0x4e2, r1)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r3 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$unlink(0x9, r3, r2)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r2)
r5 = add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r4)
r6 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$negate(0xd, r6, 0x7fffffffffffffff, r5)
keyctl$unlink(0x9, r7, 0xfffffffffffffffc)
keyctl$link(0x8, r6, r7)
r8 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$search(0xa, r8, &(0x7f0000000100)='rxrpc_s\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0)
keyctl$search(0xa, r6, &(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, r8)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r1)
r9 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r6)
keyctl$link(0x3, r9, 0x0)

[  637.185713][T24498] FAULT_INJECTION: forcing a failure.
[  637.185713][T24498] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  637.224232][T24498] CPU: 0 PID: 24498 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  637.234410][T24498] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  637.244306][T24498] Call Trace:
[  637.247425][T24498]  <TASK>
[  637.250205][T24498]  dump_stack_lvl+0x151/0x1b7
[  637.254816][T24498]  ? io_uring_drop_tctx_refs+0x190/0x190
[  637.260287][T24498]  dump_stack+0x15/0x17
[  637.264274][T24498]  should_fail+0x3c6/0x510
[  637.268541][T24498]  should_fail_alloc_page+0x5a/0x80
[  637.273559][T24498]  prepare_alloc_pages+0x15c/0x700
[  637.278509][T24498]  ? rcu_gp_kthread_wake+0x90/0x90
[  637.283457][T24498]  ? __alloc_pages_bulk+0xe40/0xe40
[  637.288490][T24498]  __alloc_pages+0x18c/0x8f0
[  637.292930][T24498]  ? prep_new_page+0x110/0x110
[  637.297517][T24498]  pte_alloc_one+0x73/0x1b0
[  637.301865][T24498]  ? pfn_modify_allowed+0x2f0/0x2f0
[  637.306888][T24498]  ? preempt_schedule+0xd9/0xe0
[  637.311577][T24498]  ? preempt_schedule_common+0xbe/0xf0
[  637.316882][T24498]  __pte_alloc+0x86/0x350
[  637.316925][T24498]  ? free_pgtables+0x280/0x280
[  637.316957][T24498]  ? _raw_spin_lock+0xa4/0x1b0
[  637.316988][T24498]  ? __kasan_check_write+0x14/0x20
10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x105000, 0x0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r0, 0x1) (async)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r0, 0x1) (async)
r3 = syz_io_uring_complete(0x0)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000200)=0x2)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 2:
r0 = getpid()
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = accept4$tipc(r1, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x4)
syz_clone3(&(0x7f00000042c0)={0x90200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1}, 0x58)
getpid()
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000240), 0x105000, 0x0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r0, 0x1)
r2 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
keyctl$KEYCTL_MOVE(0x1e, r0, r2, r0, 0x1)
r3 = syz_io_uring_complete(0x0)
ioctl$PPPIOCCONNECT(r3, 0x4004743a, &(0x7f0000000200)=0x2)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 2:
r0 = getpid()
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = accept4$tipc(r1, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x4)
syz_clone3(&(0x7f00000042c0)={0x90200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1}, 0x58)
getpid()
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 2:
r0 = getpid()
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
r2 = accept4$tipc(r1, 0x0, 0x0, 0x0)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x4)
syz_clone3(&(0x7f00000042c0)={0x90200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1}, 0x58)
getpid()
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
getpid() (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) (async)
accept4$tipc(r1, 0x0, 0x0, 0x0) (async)
ioctl$LOOP_SET_DIRECT_IO(r1, 0x4c08, 0x4) (async)
syz_clone3(&(0x7f00000042c0)={0x90200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r0], 0x1}, 0x58) (async)
getpid() (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00'}) (async)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x1800000000000000)

10:01:12 executing program 3:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x2500000000000000)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4000000000000000)

10:01:12 executing program 2:
r0 = syz_clone3(&(0x7f0000000280)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r1=>0x0, {0x3}, &(0x7f00000000c0)=""/98, 0x62, &(0x7f0000000140)=""/215, &(0x7f0000000240)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6}, 0x58)
r2 = getpid()
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r4 = getpid()
syz_clone3(&(0x7f00000008c0)={0x100000400, &(0x7f0000000540), &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r4, r4], 0x2, {r3}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r5, 0x0], 0x2}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0, r5, r1, r2, r1, r0], 0x6}, 0x58)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4800000000000000)

[  637.317014][T24498]  copy_page_range+0x28a8/0x2f90
[  637.317036][T24498]  ? __kasan_slab_alloc+0xb1/0xe0
[  637.317065][T24498]  ? pfn_valid+0x1e0/0x1e0
[  637.317084][T24498]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  637.317110][T24498]  ? __rb_insert_augmented+0x5de/0x610
[  637.317139][T24498]  copy_mm+0xc7e/0x13e0
[  637.317167][T24498]  ? copy_signal+0x610/0x610
[  637.317192][T24498]  ? __init_rwsem+0xd6/0x1c0
[  637.317217][T24498]  ? copy_signal+0x4e3/0x610
[  637.317241][T24498]  copy_process+0x1149/0x3290
10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  637.317270][T24498]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  637.317296][T24498]  ? copy_clone_args_from_user+0x774/0x830
[  637.317319][T24498]  kernel_clone+0x21e/0x9e0
[  637.317343][T24498]  ? __delayed_free_task+0x20/0x20
[  637.317363][T24498]  ? vfs_write+0x9ec/0x1110
[  637.406553][T24498]  ? create_io_thread+0x1e0/0x1e0
[  637.411412][T24498]  __x64_sys_clone3+0x376/0x3a0
[  637.416098][T24498]  ? __ia32_sys_clone+0x290/0x290
[  637.421043][T24498]  ? fput+0x1a/0x20
[  637.424690][T24498]  ? debug_smp_processor_id+0x17/0x20
[  637.429897][T24498]  ? fpregs_assert_state_consistent+0xb6/0xe0
10:01:12 executing program 2:
r0 = syz_clone3(&(0x7f0000000280)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r1=>0x0, {0x3}, &(0x7f00000000c0)=""/98, 0x62, &(0x7f0000000140)=""/215, &(0x7f0000000240)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6}, 0x58)
r2 = getpid() (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r4 = getpid()
syz_clone3(&(0x7f00000008c0)={0x100000400, &(0x7f0000000540), &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r4, r4], 0x2, {r3}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r5, 0x0], 0x2}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0, r5, r1, r2, r1, r0], 0x6}, 0x58)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x12}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

[  637.435802][T24498]  ? exit_to_user_mode_prepare+0x39/0xa0
[  637.441270][T24498]  do_syscall_64+0x3d/0xb0
[  637.445522][T24498]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  637.451246][T24498] RIP: 0033:0x7f19fd5aeda9
[  637.455498][T24498] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  637.474939][T24498] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x4c00000000000000)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x12}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r0)
add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r1) (async)
keyctl$reject(0x13, r1, 0x4, 0x4e2, r1)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r3 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$unlink(0x9, r3, r2) (async)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r2)
r5 = add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r4) (async)
r6 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) (async)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$negate(0xd, r6, 0x7fffffffffffffff, r5) (async)
keyctl$unlink(0x9, r7, 0xfffffffffffffffc) (async)
keyctl$link(0x8, r6, r7) (async)
r8 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$search(0xa, r8, &(0x7f0000000100)='rxrpc_s\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0)
keyctl$search(0xa, r6, &(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, r8) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r1) (async)
r9 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r6)
keyctl$link(0x3, r9, 0x0)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x12}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x12}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6800000000000000)

10:01:12 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 56)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r0)
add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r1)
keyctl$reject(0x13, r1, 0x4, 0x4e2, r1) (async)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r3 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$unlink(0x9, r3, r2)
r4 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f0000000080)={0x0, "1408ca58ece6db17f82245925503fc23e2732ce977f746da5ecb2a7768fb8705f33113963934a4c174d787764e6b887c13870e1e66860e6987371f96567f4bb3"}, 0x48, r2)
r5 = add_key$keyring(&(0x7f0000000200), 0x0, 0x0, 0x0, r4) (async)
r6 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
r7 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) (async)
keyctl$negate(0xd, r6, 0x7fffffffffffffff, r5)
keyctl$unlink(0x9, r7, 0xfffffffffffffffc)
keyctl$link(0x8, r6, r7) (async)
r8 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$search(0xa, r8, &(0x7f0000000100)='rxrpc_s\x00', &(0x7f0000000140)={'syz', 0x3}, 0x0) (async)
keyctl$search(0xa, r6, &(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, r8) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r1)
r9 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r6)
keyctl$link(0x3, r9, 0x0)

[  637.483190][T24498] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  637.491103][T24498] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  637.498914][T24498] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  637.506724][T24498] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.514535][T24498] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  637.522350][T24498]  </TASK>
10:01:12 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, &(0x7f00000000c0)={0x9cbf, 0x3})
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000200)={'\x00', 0x49f4, 0x3, 0x401})
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x6c00000000000000)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7400000000000000)

10:01:12 executing program 2:
r0 = syz_clone3(&(0x7f0000000280)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080)=<r1=>0x0, {0x3}, &(0x7f00000000c0)=""/98, 0x62, &(0x7f0000000140)=""/215, &(0x7f0000000240)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x6}, 0x58) (async)
r2 = getpid()
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0) (async)
r4 = getpid()
syz_clone3(&(0x7f00000008c0)={0x100000400, &(0x7f0000000540), &(0x7f00000002c0)=<r5=>0x0, &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r4, r4], 0x2, {r3}}, 0x58)
syz_clone3(&(0x7f0000000840)={0x804000, &(0x7f00000005c0), &(0x7f0000000600), &(0x7f0000000640), {0x38}, &(0x7f0000000680)=""/130, 0x82, &(0x7f0000000740)=""/183, &(0x7f0000000800)=[r5, 0x0], 0x2}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000300)=[0x0, r5, r1, r2, r1, r0], 0x6}, 0x58)

[  637.561846][T24578] FAULT_INJECTION: forcing a failure.
[  637.561846][T24578] name failslab, interval 1, probability 0, space 0, times 0
[  637.582088][T24578] CPU: 0 PID: 24578 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  637.592270][T24578] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  637.602151][T24578] Call Trace:
[  637.605273][T24578]  <TASK>
10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x7a00000000000000)

[  637.608050][T24578]  dump_stack_lvl+0x151/0x1b7
[  637.612566][T24578]  ? io_uring_drop_tctx_refs+0x190/0x190
[  637.618034][T24578]  dump_stack+0x15/0x17
[  637.622023][T24578]  should_fail+0x3c6/0x510
[  637.626278][T24578]  __should_failslab+0xa4/0xe0
[  637.630876][T24578]  ? anon_vma_fork+0xf7/0x4e0
[  637.635386][T24578]  should_failslab+0x9/0x20
[  637.639730][T24578]  slab_pre_alloc_hook+0x37/0xd0
[  637.644503][T24578]  ? anon_vma_fork+0xf7/0x4e0
[  637.649011][T24578]  kmem_cache_alloc+0x44/0x200
[  637.653614][T24578]  anon_vma_fork+0xf7/0x4e0
[  637.657957][T24578]  ? anon_vma_name+0x4c/0x70
10:01:12 executing program 2:
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000040)={0x80200, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, r0, r0], 0x3}, 0x58)

10:01:12 executing program 2:
getpid() (async)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000040)={0x80200, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, r0, r0], 0x3}, 0x58)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xf0ffffff00000000)

[  637.662381][T24578]  ? vm_area_dup+0x17a/0x230
[  637.666808][T24578]  copy_mm+0xa3a/0x13e0
[  637.670807][T24578]  ? copy_signal+0x610/0x610
[  637.675230][T24578]  ? __init_rwsem+0xd6/0x1c0
[  637.679657][T24578]  ? copy_signal+0x4e3/0x610
[  637.684091][T24578]  copy_process+0x1149/0x3290
[  637.688599][T24578]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  637.693541][T24578]  ? copy_clone_args_from_user+0x774/0x830
[  637.699187][T24578]  kernel_clone+0x21e/0x9e0
[  637.703522][T24578]  ? __delayed_free_task+0x20/0x20
10:01:12 executing program 2:
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000040)={0x80200, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, r0, r0], 0x3}, 0x58) (async)
syz_clone3(&(0x7f0000000040)={0x80200, 0x0, 0x0, 0x0, {0x22}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, r0, r0], 0x3}, 0x58)

10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xffffff7f00000000)

10:01:12 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000300), 0x20841, 0x0)
ioctl$RTC_WIE_ON(r1, 0x700f)
r2 = getpid()
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%pB    \x00'}, 0x20)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map=r3, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0]}, 0x40)
r4 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$link(0x3, r5, 0x0)
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f00000042c0)={0x1082600, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0], 0x1, {r0}}, 0x58)

[  637.708471][T24578]  ? vfs_write+0x9ec/0x1110
[  637.712815][T24578]  ? create_io_thread+0x1e0/0x1e0
[  637.717682][T24578]  __x64_sys_clone3+0x376/0x3a0
[  637.722357][T24578]  ? __ia32_sys_clone+0x290/0x290
[  637.727217][T24578]  ? fput+0x1a/0x20
[  637.730865][T24578]  ? debug_smp_processor_id+0x17/0x20
[  637.736071][T24578]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  637.741975][T24578]  ? exit_to_user_mode_prepare+0x39/0xa0
[  637.747441][T24578]  do_syscall_64+0x3d/0xb0
[  637.751698][T24578]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  637.757419][T24578] RIP: 0033:0x7f19fd5aeda9
10:01:12 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0xffffffff00000000)

10:01:12 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000300), 0x20841, 0x0)
ioctl$RTC_WIE_ON(r1, 0x700f)
r2 = getpid() (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%pB    \x00'}, 0x20)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map=r3, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0]}, 0x40) (async)
r4 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$link(0x3, r5, 0x0) (async)
syz_pidfd_open(r2, 0x0) (async)
syz_clone3(&(0x7f00000042c0)={0x1082600, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0], 0x1, {r0}}, 0x58)

10:01:12 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, &(0x7f00000000c0)={0x9cbf, 0x3})
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000200)={'\x00', 0x49f4, 0x3, 0x401}) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 1:
openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  637.761670][T24578] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  637.781127][T24578] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  637.789365][T24578] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  637.797170][T24578] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:12 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 57)

10:01:12 executing program 3:
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000080), 0x101000, 0x0)
ioctl$PTP_EXTTS_REQUEST2(r0, 0x40103d0b, &(0x7f00000000c0)={0x9cbf, 0x3}) (async)
ioctl$PTP_PIN_GETFUNC2(r0, 0xc0603d0f, &(0x7f0000000200)={'\x00', 0x49f4, 0x3, 0x401}) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async, rerun: 32)
keyctl$link(0x3, r1, 0x0) (rerun: 32)

10:01:12 executing program 1:
openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 0:
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x21}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2de}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}]]}, 0x98}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="b920c1d58e2e928fdc7b8ba14043be7178d9a22ab14b691b1e87464c5cb61bdce2542d0f6b7600", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:12 executing program 0:
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, 0x0) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x21}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2de}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}]]}, 0x98}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="b920c1d58e2e928fdc7b8ba14043be7178d9a22ab14b691b1e87464c5cb61bdce2542d0f6b7600", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  637.805078][T24578] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  637.805102][T24578] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  637.805118][T24578] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  637.805138][T24578]  </TASK>
10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x0, 0x35, 0x33, 0x34, 0x33, 0x66, 0x30, 0x63, 0x30, 0x31, 0x63, 0x34, 0x30, 0x65, 0x37, 0x32]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:12 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) (async)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000300), 0x20841, 0x0)
ioctl$RTC_WIE_ON(r1, 0x700f)
r2 = getpid()
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0xffffffffffffffff, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%pB    \x00'}, 0x20)
bpf$BPF_PROG_QUERY(0x10, &(0x7f00000002c0)={@map=r3, 0x0, 0x1, 0x0, &(0x7f00000001c0)=[0x0, 0x0], 0x2, 0x0, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0]}, 0x40) (async)
r4 = add_key$keyring(&(0x7f0000000340), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r5 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, r4)
keyctl$link(0x3, r5, 0x0) (async)
syz_pidfd_open(r2, 0x0) (async)
syz_clone3(&(0x7f00000042c0)={0x1082600, 0x0, 0x0, 0x0, {0x7}, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0x0], 0x1, {r0}}, 0x58)

10:01:12 executing program 1:
openat$pidfd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  637.869886][T24627] FAULT_INJECTION: forcing a failure.
[  637.869886][T24627] name failslab, interval 1, probability 0, space 0, times 0
[  637.895561][T24627] CPU: 1 PID: 24627 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  637.905821][T24627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  637.915722][T24627] Call Trace:
10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 2:
getpid()
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80200, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x4000000000000048, {r0}}, 0x58)
getpid()
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040))
ioctl$RTC_PIE_OFF(r1, 0x7006)

10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x0, 0x35, 0x33, 0x34, 0x33, 0x66, 0x30, 0x63, 0x30, 0x31, 0x63, 0x34, 0x30, 0x65, 0x37, 0x32]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  637.918840][T24627]  <TASK>
[  637.921614][T24627]  dump_stack_lvl+0x151/0x1b7
[  637.926131][T24627]  ? io_uring_drop_tctx_refs+0x190/0x190
[  637.931596][T24627]  dump_stack+0x15/0x17
[  637.935585][T24627]  should_fail+0x3c6/0x510
[  637.939842][T24627]  __should_failslab+0xa4/0xe0
[  637.944441][T24627]  ? anon_vma_fork+0xf7/0x4e0
[  637.948955][T24627]  should_failslab+0x9/0x20
[  637.953292][T24627]  slab_pre_alloc_hook+0x37/0xd0
[  637.958069][T24627]  ? anon_vma_fork+0xf7/0x4e0
[  637.962577][T24627]  kmem_cache_alloc+0x44/0x200
10:01:12 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$unlink(0x9, r2, r1)
keyctl$link(0x8, r0, r1)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r3, 0x0)

10:01:12 executing program 2:
getpid()
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80200, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x4000000000000048, {r0}}, 0x58)
getpid() (async)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)) (async)
ioctl$RTC_PIE_OFF(r1, 0x7006)

10:01:12 executing program 2:
getpid() (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000000c0)={0x80200, 0x0, 0x0, 0x0, {0x4}, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x4000000000000048, {r0}}, 0x58)
getpid() (async, rerun: 32)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (rerun: 32)
ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000040)) (async)
ioctl$RTC_PIE_OFF(r1, 0x7006)

10:01:12 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x0, 0x35, 0x33, 0x34, 0x33, 0x66, 0x30, 0x63, 0x30, 0x31, 0x63, 0x34, 0x30, 0x65, 0x37, 0x32]}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x2}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

[  637.967181][T24627]  anon_vma_fork+0xf7/0x4e0
[  637.971521][T24627]  ? anon_vma_name+0x4c/0x70
[  637.975945][T24627]  ? vm_area_dup+0x17a/0x230
[  637.980372][T24627]  copy_mm+0xa3a/0x13e0
[  637.984892][T24627]  ? copy_signal+0x610/0x610
[  637.989314][T24627]  ? __init_rwsem+0xd6/0x1c0
[  637.993742][T24627]  ? copy_signal+0x4e3/0x610
[  637.998164][T24627]  copy_process+0x1149/0x3290
[  638.002681][T24627]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  638.007627][T24627]  ? copy_clone_args_from_user+0x774/0x830
[  638.013266][T24627]  kernel_clone+0x21e/0x9e0
[  638.017606][T24627]  ? __delayed_free_task+0x20/0x20
[  638.022552][T24627]  ? vfs_write+0x9ec/0x1110
[  638.026892][T24627]  ? create_io_thread+0x1e0/0x1e0
[  638.031753][T24627]  __x64_sys_clone3+0x376/0x3a0
[  638.036435][T24627]  ? __ia32_sys_clone+0x290/0x290
[  638.041302][T24627]  ? fput+0x1a/0x20
[  638.044945][T24627]  ? debug_smp_processor_id+0x17/0x20
[  638.050147][T24627]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  638.056049][T24627]  ? exit_to_user_mode_prepare+0x39/0xa0
[  638.061519][T24627]  do_syscall_64+0x3d/0xb0
[  638.065771][T24627]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  638.071497][T24627] RIP: 0033:0x7f19fd5aeda9
[  638.075756][T24627] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  638.095195][T24627] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  638.103443][T24627] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  638.111248][T24627] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:13 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000002c0)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x2}, &(0x7f00000000c0)=""/123, 0x7b, &(0x7f0000000140)=""/203, &(0x7f0000000240)=[r0, r0, r0], 0x3, {r1}}, 0x58)

10:01:13 executing program 0:
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x21}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2de}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}]]}, 0x98}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="b920c1d58e2e928fdc7b8ba14043be7178d9a22ab14b691b1e87464c5cb61bdce2542d0f6b7600", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
ioctl$PTP_PIN_SETFUNC2(0xffffffffffffffff, 0x40603d10, 0x0) (async)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) (async)
openat$ptp0(0xffffffffffffff9c, &(0x7f0000000840), 0x2, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r2, 0x8, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x0, 0x21}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2de}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xb}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xd}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x1608}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x21}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x5}, @NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x1ff}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x2}, @NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_CENTER_FREQ1={0x8, 0xa0, 0x3}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xf}], @chandef_params=[@NL80211_ATTR_CENTER_FREQ2={0x8, 0xa1, 0x3}]]}, 0x98}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000000) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="b920c1d58e2e928fdc7b8ba14043be7178d9a22ab14b691b1e87464c5cb61bdce2542d0f6b7600", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$unlink(0x9, r2, r1) (async)
keyctl$link(0x8, r0, r1)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r3, 0x0)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)

[  638.119066][T24627] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  638.126879][T24627] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.134684][T24627] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  638.142502][T24627]  </TASK>
10:01:13 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000002c0)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x2}, &(0x7f00000000c0)=""/123, 0x7b, &(0x7f0000000140)=""/203, &(0x7f0000000240)=[r0, r0, r0], 0x3, {r1}}, 0x58)

10:01:13 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 58)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$unlink(0x9, r2, r1)
keyctl$link(0x8, r0, r1)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r3, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
keyctl$unlink(0x9, r2, r1) (async)
keyctl$link(0x8, r0, r1) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r3, 0x0) (async)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)

10:01:13 executing program 2:
r0 = syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000280)='./cgroup.net/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000002c0)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x2}, &(0x7f00000000c0)=""/123, 0x7b, &(0x7f0000000140)=""/203, &(0x7f0000000240)=[r0, r0, r0], 0x3, {r1}}, 0x58)

[  638.223543][T24696] FAULT_INJECTION: forcing a failure.
[  638.223543][T24696] name failslab, interval 1, probability 0, space 0, times 0
[  638.247502][T24696] CPU: 0 PID: 24696 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  638.257682][T24696] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  638.267578][T24696] Call Trace:
[  638.270703][T24696]  <TASK>
10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r7=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r8=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r9=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r13=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r15=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r16=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r17=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r18=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r11}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r15}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}]}}, {{0x8, 0x1, r17}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r18}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', <r19=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'ip6tnl0\x00', <r20=>0x0, 0x29, 0x8, 0x6, 0x5, 0x23, @mcast1, @empty, 0x40, 0x40, 0x1ff, 0x80000000}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a80)={'syztnl0\x00', &(0x7f0000000a00)={'gretap0\x00', <r21=>0x0, 0x8, 0x10, 0xfff, 0x1, {{0xb, 0x4, 0x1, 0x2, 0x2c, 0x66, 0x0, 0x2, 0x29, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3f}, {[@timestamp_prespec={0x44, 0x14, 0xa5, 0x3, 0x2, [{@remote, 0xff}, {@empty, 0x7f}]}, @ra={0x94, 0x4}]}}}}})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f00000016c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001680)={&(0x7f0000000ac0)={0xb9c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x26}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x7, 0x3}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8}, {0x15c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x3, 0x1, 0x4, 0x6}, {0x0, 0xfa, 0x6, 0x3}, {0xfff, 0x81, 0xc8, 0x3}, {0x0, 0x3, 0x9}, {0x6, 0x1, 0x8, 0x6}, {0xffff, 0x6, 0x65, 0x1}, {0x1, 0x9, 0x69, 0x8}]}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x218, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x81, 0x1, 0x0, 0x9}, {0x7, 0x40, 0x83, 0x8001}, {0x4, 0xec, 0x0, 0x3ff}, {0x4, 0x60, 0x4, 0x7}, {0x4, 0x4, 0x3}, {0x6, 0xff, 0x2, 0xb8cd}, {0x3, 0x4, 0x1, 0x4}, {0x0, 0x7, 0x8, 0x8001}]}}}]}}, {{0x8}, {0x270, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5e}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x71e, 0x0, 0x20, 0x4d7c}, {0x7fff, 0x6, 0x81, 0x80}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x180, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r20}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xffffff00}}, {0x8, 0x6, r21}}}]}}]}, 0xb9c}, 0x1, 0x0, 0x0, 0x40002}, 0x44000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r22=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex=r6, 0xf, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000003c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0]}, 0x40)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000128bd7000fddbdf251000000008000300", @ANYRES32=r22, @ANYBLOB="0c0099000001001060000000bdc787409d"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ff5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$link(0x3, r1, 0x0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)

[  638.273477][T24696]  dump_stack_lvl+0x151/0x1b7
[  638.277993][T24696]  ? io_uring_drop_tctx_refs+0x190/0x190
[  638.283464][T24696]  dump_stack+0x15/0x17
[  638.287449][T24696]  should_fail+0x3c6/0x510
[  638.291714][T24696]  __should_failslab+0xa4/0xe0
[  638.296303][T24696]  ? anon_vma_fork+0x1df/0x4e0
[  638.300904][T24696]  should_failslab+0x9/0x20
[  638.305245][T24696]  slab_pre_alloc_hook+0x37/0xd0
[  638.310015][T24696]  ? anon_vma_fork+0x1df/0x4e0
[  638.314614][T24696]  kmem_cache_alloc+0x44/0x200
[  638.319237][T24696]  anon_vma_fork+0x1df/0x4e0
10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ff5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ff5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:13 executing program 2:
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "847332735aff1753795153a79e676cf22525767c40497ea50030a3a729698bab606bd1fbf1fb90a93a227b7b55d2b2b7a5afa530d03ce832d045dda27af79129", 0x2b}, 0x48, 0xfffffffffffffffa)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r7=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r8=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r9=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r13=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r15=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r16=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r17=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r18=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r11}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r15}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}]}}, {{0x8, 0x1, r17}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r18}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', <r19=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'ip6tnl0\x00', <r20=>0x0, 0x29, 0x8, 0x6, 0x5, 0x23, @mcast1, @empty, 0x40, 0x40, 0x1ff, 0x80000000}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a80)={'syztnl0\x00', &(0x7f0000000a00)={'gretap0\x00', 0x0, 0x8, 0x10, 0xfff, 0x1, {{0xb, 0x4, 0x1, 0x2, 0x2c, 0x66, 0x0, 0x2, 0x29, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3f}, {[@timestamp_prespec={0x44, 0x14, 0xa5, 0x3, 0x2, [{@remote, 0xff}, {@empty, 0x7f}]}, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a80)={'syztnl0\x00', &(0x7f0000000a00)={'gretap0\x00', <r21=>0x0, 0x8, 0x10, 0xfff, 0x1, {{0xb, 0x4, 0x1, 0x2, 0x2c, 0x66, 0x0, 0x2, 0x29, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3f}, {[@timestamp_prespec={0x44, 0x14, 0xa5, 0x3, 0x2, [{@remote, 0xff}, {@empty, 0x7f}]}, @ra={0x94, 0x4}]}}}}})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f00000016c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001680)={&(0x7f0000000ac0)={0xb9c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x26}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x7, 0x3}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8}, {0x15c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x3, 0x1, 0x4, 0x6}, {0x0, 0xfa, 0x6, 0x3}, {0xfff, 0x81, 0xc8, 0x3}, {0x0, 0x3, 0x9}, {0x6, 0x1, 0x8, 0x6}, {0xffff, 0x6, 0x65, 0x1}, {0x1, 0x9, 0x69, 0x8}]}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x218, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x81, 0x1, 0x0, 0x9}, {0x7, 0x40, 0x83, 0x8001}, {0x4, 0xec, 0x0, 0x3ff}, {0x4, 0x60, 0x4, 0x7}, {0x4, 0x4, 0x3}, {0x6, 0xff, 0x2, 0xb8cd}, {0x3, 0x4, 0x1, 0x4}, {0x0, 0x7, 0x8, 0x8001}]}}}]}}, {{0x8}, {0x270, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5e}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x71e, 0x0, 0x20, 0x4d7c}, {0x7fff, 0x6, 0x81, 0x80}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x180, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r20}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xffffff00}}, {0x8, 0x6, r21}}}]}}]}, 0xb9c}, 0x1, 0x0, 0x0, 0x40002}, 0x44000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r22=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex=r6, 0xf, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000003c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0]}, 0x40) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex=r6, 0xf, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000003c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0]}, 0x40)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000128bd7000fddbdf251000000008000300", @ANYRES32=r22, @ANYBLOB="0c0099000001001060000000bdc787409d"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  638.323657][T24696]  copy_mm+0xa3a/0x13e0
[  638.327642][T24696]  ? copy_signal+0x610/0x610
[  638.332066][T24696]  ? __init_rwsem+0xd6/0x1c0
[  638.336502][T24696]  ? copy_signal+0x4e3/0x610
[  638.341091][T24696]  copy_process+0x1149/0x3290
[  638.345613][T24696]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  638.350728][T24696]  ? copy_clone_args_from_user+0x774/0x830
[  638.356367][T24696]  kernel_clone+0x21e/0x9e0
[  638.360704][T24696]  ? __delayed_free_task+0x20/0x20
[  638.365667][T24696]  ? vfs_write+0x9ec/0x1110
10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
getuid() (async)
keyctl$get_persistent(0x16, r2, r0) (async)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r2=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'team0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r6=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r7=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', 0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r8=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r9=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r10=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', 0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r13=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r15=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r16=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r17=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r18=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r2}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r6}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r9}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r11}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r15}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}]}}, {{0x8, 0x1, r17}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r18}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000840)={'batadv_slave_0\x00', <r19=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f00000009c0)={'ip6tnl0\x00', &(0x7f0000000940)={'ip6tnl0\x00', <r20=>0x0, 0x29, 0x8, 0x6, 0x5, 0x23, @mcast1, @empty, 0x40, 0x40, 0x1ff, 0x80000000}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a80)={'syztnl0\x00', &(0x7f0000000a00)={'gretap0\x00', <r21=>0x0, 0x8, 0x10, 0xfff, 0x1, {{0xb, 0x4, 0x1, 0x2, 0x2c, 0x66, 0x0, 0x2, 0x29, 0x0, @rand_addr=0x64010100, @dev={0xac, 0x14, 0x14, 0x3f}, {[@timestamp_prespec={0x44, 0x14, 0xa5, 0x3, 0x2, [{@remote, 0xff}, {@empty, 0x7f}]}, @ra={0x94, 0x4}]}}}}})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f00000016c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000001680)={&(0x7f0000000ac0)={0xb9c, 0x0, 0x1, 0x70bd2a, 0x25dfdbfe, {}, [{{0x8}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x26}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0x10, 0x4, 'loadbalance\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xe, 0x4, 'broadcast\x00'}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8, 0x7, 0x3}}}, {0x3c, 0x1, @name={{0x24}, {0x5}, {0xb, 0x4, 'random\x00'}}}]}}, {{0x8}, {0x15c, 0x2, 0x0, 0x1, [{0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0x7}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x7fffffff}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x1f}}}, {0x6c, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x3c, 0x4, [{0x3, 0x1, 0x4, 0x6}, {0x0, 0xfa, 0x6, 0x3}, {0xfff, 0x81, 0xc8, 0x3}, {0x0, 0x3, 0x9}, {0x6, 0x1, 0x8, 0x6}, {0xffff, 0x6, 0x65, 0x1}, {0x1, 0x9, 0x69, 0x8}]}}}]}}, {{0x8}, {0xb8, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x2}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}]}}, {{0x8}, {0x80, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}]}}, {{0x8}, {0x218, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x9}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0xffffffff}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x74, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x44, 0x4, [{0x81, 0x1, 0x0, 0x9}, {0x7, 0x40, 0x83, 0x8001}, {0x4, 0xec, 0x0, 0x3ff}, {0x4, 0x60, 0x4, 0x7}, {0x4, 0x4, 0x3}, {0x6, 0xff, 0x2, 0xb8cd}, {0x3, 0x4, 0x1, 0x4}, {0x0, 0x7, 0x8, 0x8001}]}}}]}}, {{0x8}, {0x270, 0x2, 0x0, 0x1, [{0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x5e}}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x71e, 0x0, 0x20, 0x4d7c}, {0x7fff, 0x6, 0x81, 0x80}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfb}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x180, 0x2, 0x0, 0x1, [{0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r20}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0xffffff00}}, {0x8, 0x6, r21}}}]}}]}, 0xb9c}, 0x1, 0x0, 0x0, 0x40002}, 0x44000)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r22=>0x0})
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000380)={@ifindex=r6, 0xf, 0x0, 0x2, &(0x7f0000000200)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x7, 0x0, &(0x7f00000003c0)=[0x0, 0x0], &(0x7f0000000300)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000340)=[0x0]}, 0x40)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="000128bd7000fddbdf251000000008000300", @ANYRES32=r22, @ANYBLOB="0c0099000001001060000000bdc787409d"], 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
keyctl$search(0xa, 0x0, &(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x1}, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r0, 0x2, 0x5, r0)

10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
getuid() (async)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0) (async)
keyctl$get_persistent(0x16, r1, r0)
keyctl$search(0xa, 0x0, &(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x1}, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r0, 0x2, 0x5, r0)

[  638.369987][T24696]  ? create_io_thread+0x1e0/0x1e0
[  638.374862][T24696]  __x64_sys_clone3+0x376/0x3a0
[  638.379539][T24696]  ? __ia32_sys_clone+0x290/0x290
[  638.384402][T24696]  ? fput+0x1a/0x20
[  638.388044][T24696]  ? debug_smp_processor_id+0x17/0x20
[  638.393250][T24696]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  638.399156][T24696]  ? exit_to_user_mode_prepare+0x39/0xa0
[  638.404623][T24696]  do_syscall_64+0x3d/0xb0
[  638.408873][T24696]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  638.414601][T24696] RIP: 0033:0x7f19fd5aeda9
10:01:13 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
getuid() (async)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0) (async)
keyctl$get_persistent(0x16, r1, r0)
keyctl$search(0xa, 0x0, &(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x1}, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r0, 0x2, 0x5, r0)

10:01:13 executing program 2:
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "847332735aff1753795153a79e676cf22525767c40497ea50030a3a729698bab606bd1fbf1fb90a93a227b7b55d2b2b7a5afa530d03ce832d045dda27af79129", 0x2b}, 0x48, 0xfffffffffffffffa) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ff5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  638.418863][T24696] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  638.438298][T24696] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  638.446546][T24696] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  638.454353][T24696] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  638.462254][T24696] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:13 executing program 2:
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "847332735aff1753795153a79e676cf22525767c40497ea50030a3a729698bab606bd1fbf1fb90a93a227b7b55d2b2b7a5afa530d03ce832d045dda27af79129", 0x2b}, 0x48, 0xfffffffffffffffa) (async)
add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc3}, &(0x7f0000000080)={0x0, "847332735aff1753795153a79e676cf22525767c40497ea50030a3a729698bab606bd1fbf1fb90a93a227b7b55d2b2b7a5afa530d03ce832d045dda27af79129", 0x2b}, 0x48, 0xfffffffffffffffa)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%-010d \x00'}, 0x20)
keyctl$negate(0xd, r1, 0x9, r0)
r3 = syz_io_uring_complete(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x1, 0x7, 0x1, 0x2a81, r2, 0x81, '\x00', 0x0, r3, 0x3, 0x4, 0x4, 0xe}, 0x48)

10:01:13 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:13 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 59)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%-010d \x00'}, 0x20)
keyctl$negate(0xd, r1, 0x9, r0)
r3 = syz_io_uring_complete(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x1, 0x7, 0x1, 0x2a81, r2, 0x81, '\x00', 0x0, r3, 0x3, 0x4, 0x4, 0xe}, 0x48)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{}, &(0x7f0000000080), &(0x7f00000000c0)='%-010d \x00'}, 0x20) (async)
keyctl$negate(0xd, r1, 0x9, r0) (async)
syz_io_uring_complete(0x0) (async)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x1, 0x7, 0x1, 0x2a81, r2, 0x81, '\x00', 0x0, r3, 0x3, 0x4, 0x4, 0xe}, 0x48) (async)

[  638.470067][T24696] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.477874][T24696] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  638.485692][T24696]  </TASK>
10:01:13 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x3, 0x0, 0x0)

10:01:13 executing program 2:
syz_clone3(&(0x7f0000000000)={0x80080200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = syz_io_uring_complete(0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0xfff8, 0x3f, 0x1, 0x8}, {0x0, 0x2, 0x7, 0x8}, {0x0, 0x7, 0xc8, 0x1f}, {0x7, 0x1f, 0xcb, 0x100}, {0x77, 0x80, 0x4, 0x20}, {0x8001, 0xf9, 0x81, 0x8000}, {0x93, 0x7, 0x3e, 0xff}, {0x800, 0xf8, 0x1f, 0x7}]})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100))
socket$inet_icmp_raw(0x2, 0x3, 0x1)

10:01:13 executing program 3:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000200)={{0xffffffffffffffff, <r2=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%-010d \x00'}, 0x20)
keyctl$negate(0xd, r1, 0x9, r0)
r3 = syz_io_uring_complete(0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x1, 0x7, 0x1, 0x2a81, r2, 0x81, '\x00', 0x0, r3, 0x3, 0x4, 0x4, 0xe}, 0x48)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

[  638.548810][T24769] FAULT_INJECTION: forcing a failure.
[  638.548810][T24769] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  638.586705][T24769] CPU: 1 PID: 24769 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
10:01:13 executing program 2:
syz_clone3(&(0x7f0000000000)={0x80080200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = syz_io_uring_complete(0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0xfff8, 0x3f, 0x1, 0x8}, {0x0, 0x2, 0x7, 0x8}, {0x0, 0x7, 0xc8, 0x1f}, {0x7, 0x1f, 0xcb, 0x100}, {0x77, 0x80, 0x4, 0x20}, {0x8001, 0xf9, 0x81, 0x8000}, {0x93, 0x7, 0x3e, 0xff}, {0x800, 0xf8, 0x1f, 0x7}]}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100))
socket$inet_icmp_raw(0x2, 0x3, 0x1)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x30}, 0x48, r0)
keyctl$negate(0xd, r0, 0x400, r1)
keyctl$link(0x3, r0, 0x0)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x30}, 0x48, r0)
keyctl$negate(0xd, r0, 0x400, r1) (async)
keyctl$link(0x3, r0, 0x0)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x802, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)

[  638.596885][T24769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  638.606776][T24769] Call Trace:
[  638.609901][T24769]  <TASK>
[  638.612689][T24769]  dump_stack_lvl+0x151/0x1b7
[  638.617192][T24769]  ? io_uring_drop_tctx_refs+0x190/0x190
[  638.622753][T24769]  dump_stack+0x15/0x17
[  638.626741][T24769]  should_fail+0x3c6/0x510
[  638.630993][T24769]  should_fail_alloc_page+0x5a/0x80
[  638.636035][T24769]  prepare_alloc_pages+0x15c/0x700
[  638.640974][T24769]  ? __alloc_pages_bulk+0xe40/0xe40
10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x30}, 0x48, r0)
keyctl$negate(0xd, r0, 0x400, r1)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x30}, 0x48, r0) (async)
keyctl$negate(0xd, r0, 0x400, r1) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:13 executing program 2:
syz_clone3(&(0x7f0000000000)={0x80080200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = syz_io_uring_complete(0x0)
ioctl$PPPIOCSPASS(r0, 0x40107447, &(0x7f00000000c0)={0x8, &(0x7f0000000080)=[{0xfff8, 0x3f, 0x1, 0x8}, {0x0, 0x2, 0x7, 0x8}, {0x0, 0x7, 0xc8, 0x1f}, {0x7, 0x1f, 0xcb, 0x100}, {0x77, 0x80, 0x4, 0x20}, {0x8001, 0xf9, 0x81, 0x8000}, {0x93, 0x7, 0x3e, 0xff}, {0x800, 0xf8, 0x1f, 0x7}]}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000100)) (rerun: 64)
socket$inet_icmp_raw(0x2, 0x3, 0x1)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x802, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)

[  638.646005][T24769]  __alloc_pages+0x18c/0x8f0
[  638.650431][T24769]  ? prep_new_page+0x110/0x110
[  638.655038][T24769]  get_zeroed_page+0x1b/0x40
[  638.659457][T24769]  __pud_alloc+0x8b/0x260
[  638.663622][T24769]  ? stack_trace_snprint+0xf0/0xf0
[  638.668571][T24769]  ? do_handle_mm_fault+0x2330/0x2330
[  638.673776][T24769]  ? __stack_depot_save+0x34/0x470
[  638.678734][T24769]  ? anon_vma_clone+0x9a/0x500
[  638.683327][T24769]  copy_page_range+0x2bcf/0x2f90
[  638.688096][T24769]  ? __kasan_slab_alloc+0xb1/0xe0
[  638.692962][T24769]  ? slab_post_alloc_hook+0x53/0x2c0
10:01:13 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r0 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r1=>0x0, &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000880)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f00000007c0)=""/116, &(0x7f0000000740)=[r0, r0], 0x2, {r2}}, 0x58)
syz_clone3(&(0x7f0000000900)={0x30200, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1], 0x1, {r2}}, 0x58)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x62, 0x32, 0x66, 0x5c, 0x66, 0x51, 0x61, 0x6, 0x58, 0x37, 0x62, 0x39, 0x33, 0x35, 0x34, 0x59]}, &(0x7f0000000180)={0x0, "33b97b7d8b78049caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e00000000e0ff0f0012a18b6cf81133cb801a00"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, r2, 0x802, 0x70bd28, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000)

[  638.698077][T24769]  ? copy_mm+0xa3a/0x13e0
[  638.702246][T24769]  ? copy_process+0x1149/0x3290
[  638.707021][T24769]  ? kernel_clone+0x21e/0x9e0
[  638.711531][T24769]  ? __x64_sys_clone3+0x376/0x3a0
[  638.716392][T24769]  ? do_syscall_64+0x3d/0xb0
[  638.720818][T24769]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  638.726727][T24769]  ? pfn_valid+0x1e0/0x1e0
[  638.730976][T24769]  ? rwsem_write_trylock+0x15b/0x290
[  638.736094][T24769]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  638.742343][T24769]  ? vma_gap_callbacks_rotate+0x1e2/0x210
10:01:13 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r0 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r1=>0x0, &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000880)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f00000007c0)=""/116, &(0x7f0000000740)=[r0, r0], 0x2, {r2}}, 0x58) (async)
syz_clone3(&(0x7f0000000900)={0x30200, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1], 0x1, {r2}}, 0x58)

[  638.747902][T24769]  ? __rb_insert_augmented+0x5de/0x610
[  638.753196][T24769]  copy_mm+0xc7e/0x13e0
[  638.757186][T24769]  ? copy_signal+0x610/0x610
[  638.761614][T24769]  ? __init_rwsem+0xd6/0x1c0
[  638.766040][T24769]  ? copy_signal+0x4e3/0x610
[  638.770466][T24769]  copy_process+0x1149/0x3290
[  638.774981][T24769]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  638.779932][T24769]  ? copy_clone_args_from_user+0x774/0x830
[  638.785565][T24769]  kernel_clone+0x21e/0x9e0
[  638.789907][T24769]  ? __delayed_free_task+0x20/0x20
[  638.794851][T24769]  ? vfs_write+0x9ec/0x1110
10:01:13 executing program 2:
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r0 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r1=>0x0, &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000880)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f00000007c0)=""/116, &(0x7f0000000740)=[r0, r0], 0x2, {r2}}, 0x58)
syz_clone3(&(0x7f0000000900)={0x30200, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1], 0x1, {r2}}, 0x58)
syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0), &(0x7f0000000200), {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) (async)
syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0) (async)
syz_clone3(&(0x7f0000000880)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f00000007c0)=""/116, &(0x7f0000000740)=[r0, r0], 0x2, {r2}}, 0x58) (async)
syz_clone3(&(0x7f0000000900)={0x30200, 0x0, 0x0, 0x0, {0x2a}, 0x0, 0x0, 0x0, &(0x7f0000000840)=[r1], 0x1, {r2}}, 0x58) (async)

[  638.799195][T24769]  ? create_io_thread+0x1e0/0x1e0
[  638.804058][T24769]  __x64_sys_clone3+0x376/0x3a0
[  638.808741][T24769]  ? __ia32_sys_clone+0x290/0x290
[  638.813603][T24769]  ? fput+0x1a/0x20
[  638.817267][T24769]  ? debug_smp_processor_id+0x17/0x20
[  638.822452][T24769]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  638.828355][T24769]  ? exit_to_user_mode_prepare+0x39/0xa0
[  638.833832][T24769]  do_syscall_64+0x3d/0xb0
[  638.838079][T24769]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  638.843802][T24769] RIP: 0033:0x7f19fd5aeda9
[  638.848059][T24769] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  638.867509][T24769] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  638.876111][T24769] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  638.884007][T24769] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  638.891816][T24769] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x62, 0x32, 0x66, 0x5c, 0x66, 0x51, 0x61, 0x6, 0x58, 0x37, 0x62, 0x39, 0x33, 0x35, 0x34, 0x59]}, &(0x7f0000000180)={0x0, "33b97b7d8b78049caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e00000000e0ff0f0012a18b6cf81133cb801a00"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

10:01:13 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf25810000000a00060008021100000000000600660012e000000af70500ffffffffffff0200"], 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x40004)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf25810000000a00060008021100000000000600660012e000000af70500ffffffffffff0200"], 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x40004)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf25810000000a00060008021100000000000600660012e000000af70500ffffffffffff0200"], 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x40004) (async)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @auto=[0x62, 0x32, 0x66, 0x5c, 0x66, 0x51, 0x61, 0x6, 0x58, 0x37, 0x62, 0x39, 0x33, 0x35, 0x34, 0x59]}, &(0x7f0000000180)={0x0, "33b97b7d8b78049caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e00000000e0ff0f0012a18b6cf81133cb801a00"}, 0x48, r0) (async, rerun: 64)
keyctl$link(0x3, r0, 0x0) (rerun: 64)

10:01:13 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x3, 0x0, 0x0)

10:01:13 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 60)

10:01:13 executing program 1:
r0 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "e787cc7687611187a760b39a85ce281c234cc8d501c2cf5a4bed465b9dc9788763690452dbf53becb4df19247aa6692dcab7006eef56a9dbe3d98f5afb4e9e91", 0x1a}, 0x48, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$negate(0xd, r0, 0x800, r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r2)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
keyctl$link(0x3, r4, r4)

10:01:13 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1f}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r1, 0x7, 0x8, r1)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)

[  638.899631][T24769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  638.907441][T24769] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  638.915256][T24769]  </TASK>
10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r0, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002cbd7000fddbdf25810000000a00060008021100000000000600660012e000000af70500ffffffffffff0200"], 0x34}, 0x1, 0x0, 0x0, 0x20000001}, 0x40004)

[  638.958426][T24847] FAULT_INJECTION: forcing a failure.
[  638.958426][T24847] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  638.973771][T24847] CPU: 1 PID: 24847 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  638.983933][T24847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  638.993829][T24847] Call Trace:
[  638.996951][T24847]  <TASK>
[  638.999741][T24847]  dump_stack_lvl+0x151/0x1b7
10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:13 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0], 0x1}, 0x58)

10:01:13 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$team(&(0x7f0000000080), r0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:13 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1f}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r1, 0x7, 0x8, r1)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1f}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r1, 0x7, 0x8, r1) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0) (async)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a", 0x1f}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r1, 0x7, 0x8, r1) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r2, 0x0)

10:01:14 executing program 2:
r0 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000840)=0x1, &(0x7f0000000880)=0x4)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000180)=0x1, 0x2)
syz_clone3(&(0x7f00000008c0)={0x0, &(0x7f0000000380), &(0x7f00000001c0), &(0x7f0000000200)=<r1=>0x0, {0x27}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)}, 0x58)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x3041600, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r1], 0x1}, 0x58)

[  639.004247][T24847]  ? io_uring_drop_tctx_refs+0x190/0x190
[  639.009731][T24847]  dump_stack+0x15/0x17
[  639.013702][T24847]  should_fail+0x3c6/0x510
[  639.017958][T24847]  should_fail_alloc_page+0x5a/0x80
[  639.022994][T24847]  prepare_alloc_pages+0x15c/0x700
[  639.027942][T24847]  ? __alloc_pages_bulk+0xe40/0xe40
[  639.033072][T24847]  __alloc_pages+0x18c/0x8f0
[  639.037500][T24847]  ? prep_new_page+0x110/0x110
[  639.042094][T24847]  ? __alloc_pages+0x27e/0x8f0
[  639.046703][T24847]  ? __kasan_check_write+0x14/0x20
[  639.051646][T24847]  ? _raw_spin_lock+0xa4/0x1b0
[  639.056247][T24847]  pte_alloc_one+0x73/0x1b0
[  639.060705][T24847]  ? pfn_modify_allowed+0x2f0/0x2f0
[  639.065737][T24847]  ? __pmd_alloc+0x48d/0x550
[  639.070163][T24847]  __pte_alloc+0x86/0x350
[  639.074326][T24847]  ? __pud_alloc+0x260/0x260
[  639.078767][T24847]  ? __pud_alloc+0x213/0x260
[  639.083181][T24847]  ? free_pgtables+0x280/0x280
[  639.087778][T24847]  ? do_handle_mm_fault+0x2330/0x2330
[  639.092986][T24847]  ? __stack_depot_save+0x34/0x470
[  639.097933][T24847]  ? anon_vma_clone+0x9a/0x500
[  639.102544][T24847]  copy_page_range+0x28a8/0x2f90
10:01:14 executing program 2:
r0 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000840)=0x1, &(0x7f0000000880)=0x4) (async, rerun: 32)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000180)=0x1, 0x2) (async, rerun: 32)
syz_clone3(&(0x7f00000008c0)={0x0, &(0x7f0000000380), &(0x7f00000001c0), &(0x7f0000000200)=<r1=>0x0, {0x27}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)}, 0x58)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x3041600, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r1], 0x1}, 0x58)

[  639.107306][T24847]  ? __kasan_slab_alloc+0xb1/0xe0
[  639.112176][T24847]  ? slab_post_alloc_hook+0x53/0x2c0
[  639.117292][T24847]  ? kernel_clone+0x21e/0x9e0
[  639.121804][T24847]  ? do_syscall_64+0x3d/0xb0
[  639.126225][T24847]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  639.132142][T24847]  ? pfn_valid+0x1e0/0x1e0
[  639.136473][T24847]  ? rwsem_write_trylock+0x15b/0x290
[  639.141604][T24847]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  639.147840][T24847]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  639.153396][T24847]  ? __rb_insert_augmented+0x5de/0x610
10:01:14 executing program 2:
r0 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, &(0x7f0000000840)=0x1, &(0x7f0000000880)=0x4)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000180)=0x1, 0x2)
syz_clone3(&(0x7f00000008c0)={0x0, &(0x7f0000000380), &(0x7f00000001c0), &(0x7f0000000200)=<r1=>0x0, {0x27}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)}, 0x58) (async)
r2 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480), &(0x7f00000004c0), {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r1, r2], 0x2, {r3}}, 0x58) (async, rerun: 64)
syz_clone3(&(0x7f00000042c0)={0x3041600, 0x0, 0x0, 0x0, {0x6}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[r1], 0x1}, 0x58) (rerun: 64)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000080), r0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r0, @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  639.158698][T24847]  copy_mm+0xc7e/0x13e0
[  639.162684][T24847]  ? copy_signal+0x610/0x610
[  639.167110][T24847]  ? __init_rwsem+0xd6/0x1c0
[  639.171535][T24847]  ? copy_signal+0x4e3/0x610
[  639.175965][T24847]  copy_process+0x1149/0x3290
[  639.180478][T24847]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  639.185424][T24847]  ? copy_clone_args_from_user+0x774/0x830
[  639.191063][T24847]  kernel_clone+0x21e/0x9e0
[  639.195405][T24847]  ? __delayed_free_task+0x20/0x20
[  639.200352][T24847]  ? vfs_write+0x9ec/0x1110
[  639.204690][T24847]  ? create_io_thread+0x1e0/0x1e0
[  639.209555][T24847]  __x64_sys_clone3+0x376/0x3a0
[  639.214239][T24847]  ? __ia32_sys_clone+0x290/0x290
[  639.219100][T24847]  ? fput+0x1a/0x20
[  639.222744][T24847]  ? debug_smp_processor_id+0x17/0x20
[  639.227952][T24847]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  639.233856][T24847]  ? exit_to_user_mode_prepare+0x39/0xa0
[  639.239324][T24847]  do_syscall_64+0x3d/0xb0
[  639.243571][T24847]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  639.249298][T24847] RIP: 0033:0x7f19fd5aeda9
[  639.253554][T24847] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  639.272996][T24847] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  639.281238][T24847] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  639.289049][T24847] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  639.296867][T24847] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)

10:01:14 executing program 1:
r0 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "e787cc7687611187a760b39a85ce281c234cc8d501c2cf5a4bed465b9dc9788763690452dbf53becb4df19247aa6692dcab7006eef56a9dbe3d98f5afb4e9e91", 0x1a}, 0x48, 0xfffffffffffffff8) (async, rerun: 64)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) (rerun: 64)
keyctl$negate(0xd, r0, 0x800, r1) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r2) (async, rerun: 32)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (rerun: 32)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
keyctl$link(0x3, r4, r4)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ccbc00000000000000"], 0x28}}, 0x0)

10:01:14 executing program 1:
r0 = add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "e787cc7687611187a760b39a85ce281c234cc8d501c2cf5a4bed465b9dc9788763690452dbf53becb4df19247aa6692dcab7006eef56a9dbe3d98f5afb4e9e91", 0x1a}, 0x48, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$negate(0xd, r0, 0x800, r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r2)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3)
keyctl$link(0x3, r4, r4)
add_key$fscrypt_v1(&(0x7f0000000140), &(0x7f0000000180)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "e787cc7687611187a760b39a85ce281c234cc8d501c2cf5a4bed465b9dc9788763690452dbf53becb4df19247aa6692dcab7006eef56a9dbe3d98f5afb4e9e91", 0x1a}, 0x48, 0xfffffffffffffff8) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) (async)
keyctl$negate(0xd, r0, 0x800, r1) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$team(&(0x7f00000000c0), r2) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r3) (async)
keyctl$link(0x3, r4, r4) (async)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1) (async)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (rerun: 64)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ccbc00000000000000"], 0x28}}, 0x0)

[  639.304677][T24847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  639.312486][T24847] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  639.320300][T24847]  </TASK>
10:01:14 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 61)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1) (async)

10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  639.391203][T24913] FAULT_INJECTION: forcing a failure.
[  639.391203][T24913] name failslab, interval 1, probability 0, space 0, times 0
[  639.412826][T24913] CPU: 1 PID: 24913 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  639.422999][T24913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  639.432897][T24913] Call Trace:
[  639.436104][T24913]  <TASK>
[  639.438882][T24913]  dump_stack_lvl+0x151/0x1b7
[  639.443419][T24913]  ? io_uring_drop_tctx_refs+0x190/0x190
[  639.448862][T24913]  dump_stack+0x15/0x17
[  639.452856][T24913]  should_fail+0x3c6/0x510
[  639.457107][T24913]  __should_failslab+0xa4/0xe0
[  639.461712][T24913]  ? vm_area_dup+0x26/0x230
[  639.466047][T24913]  should_failslab+0x9/0x20
[  639.470386][T24913]  slab_pre_alloc_hook+0x37/0xd0
[  639.475159][T24913]  ? vm_area_dup+0x26/0x230
[  639.479497][T24913]  kmem_cache_alloc+0x44/0x200
[  639.484100][T24913]  vm_area_dup+0x26/0x230
[  639.488268][T24913]  copy_mm+0x9a1/0x13e0
[  639.492260][T24913]  ? copy_signal+0x610/0x610
[  639.496687][T24913]  ? __init_rwsem+0xd6/0x1c0
[  639.501110][T24913]  ? copy_signal+0x4e3/0x610
[  639.505544][T24913]  copy_process+0x1149/0x3290
[  639.510157][T24913]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  639.515096][T24913]  ? copy_clone_args_from_user+0x774/0x830
[  639.520741][T24913]  kernel_clone+0x21e/0x9e0
[  639.525080][T24913]  ? __delayed_free_task+0x20/0x20
[  639.530030][T24913]  ? vfs_write+0x9ec/0x1110
[  639.534363][T24913]  ? create_io_thread+0x1e0/0x1e0
[  639.539224][T24913]  __x64_sys_clone3+0x376/0x3a0
[  639.543912][T24913]  ? __ia32_sys_clone+0x290/0x290
[  639.548794][T24913]  ? fput+0x1a/0x20
[  639.552417][T24913]  ? debug_smp_processor_id+0x17/0x20
[  639.557625][T24913]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  639.563523][T24913]  ? exit_to_user_mode_prepare+0x39/0xa0
[  639.568993][T24913]  do_syscall_64+0x3d/0xb0
[  639.573251][T24913]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  639.578975][T24913] RIP: 0033:0x7f19fd5aeda9
[  639.583230][T24913] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  639.602669][T24913] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  639.610915][T24913] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  639.618723][T24913] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  639.626534][T24913] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  639.634467][T24913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)

10:01:14 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 62)

10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)

[  639.642264][T24913] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  639.650181][T24913]  </TASK>
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100ccbc00000000000000"], 0x28}}, 0x0)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)

[  639.694986][T24930] FAULT_INJECTION: forcing a failure.
[  639.694986][T24930] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  639.722747][T24930] CPU: 1 PID: 24930 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  639.732923][T24930] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8991, &(0x7f00000008c0)={'batadv_slave_1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000096d42902326c23591ab44f1fa18f646b7f29ee8b1e514c70e6786f50854da970c890291d078ec51de5ff64350c5e2103e213bbd340534d5071de677d24d7", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = syz_open_dev$rtc(&(0x7f0000000040), 0x1f, 0x80300)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000180))
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)

10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = syz_open_dev$rtc(&(0x7f0000000040), 0x1f, 0x80300)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000180))
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8991, &(0x7f00000008c0)={'batadv_slave_1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000096d42902326c23591ab44f1fa18f646b7f29ee8b1e514c70e6786f50854da970c890291d078ec51de5ff64350c5e2103e213bbd340534d5071de677d24d7", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000096d42902326c23591ab44f1fa18f646b7f29ee8b1e514c70e6786f50854da970c890291d078ec51de5ff64350c5e2103e213bbd340534d5071de677d24d7", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:14 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = syz_open_dev$rtc(&(0x7f0000000040), 0x1f, 0x80300)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000180))
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r2, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
syz_open_dev$rtc(&(0x7f0000000040), 0x1f, 0x80300) (async)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000180)) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r2, 0x0) (async)

[  639.742817][T24930] Call Trace:
[  639.745942][T24930]  <TASK>
[  639.748716][T24930]  dump_stack_lvl+0x151/0x1b7
[  639.753236][T24930]  ? io_uring_drop_tctx_refs+0x190/0x190
[  639.758702][T24930]  dump_stack+0x15/0x17
[  639.762692][T24930]  should_fail+0x3c6/0x510
[  639.766947][T24930]  should_fail_alloc_page+0x5a/0x80
[  639.771976][T24930]  prepare_alloc_pages+0x15c/0x700
[  639.776926][T24930]  ? __alloc_pages_bulk+0xe40/0xe40
[  639.781963][T24930]  __alloc_pages+0x18c/0x8f0
[  639.786386][T24930]  ? prep_new_page+0x110/0x110
[  639.790985][T24930]  ? __alloc_pages+0x27e/0x8f0
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8991, &(0x7f00000008c0)={'batadv_slave_1\x00'})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000096d42902326c23591ab44f1fa18f646b7f29ee8b1e514c70e6786f50854da970c890291d078ec51de5ff64350c5e2103e213bbd340534d5071de677d24d7", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  639.795588][T24930]  ? __kasan_check_write+0x14/0x20
[  639.800534][T24930]  ? _raw_spin_lock+0xa4/0x1b0
[  639.805138][T24930]  pte_alloc_one+0x73/0x1b0
[  639.809470][T24930]  ? pfn_modify_allowed+0x2f0/0x2f0
[  639.814506][T24930]  ? __pmd_alloc+0x48d/0x550
[  639.818932][T24930]  __pte_alloc+0x86/0x350
[  639.823187][T24930]  ? __pud_alloc+0x260/0x260
[  639.827610][T24930]  ? __pud_alloc+0x213/0x260
[  639.832061][T24930]  ? free_pgtables+0x280/0x280
[  639.836640][T24930]  ? do_handle_mm_fault+0x2330/0x2330
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000040), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x24, r4, 0x4, 0x70bda6, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x24000815)

[  639.841846][T24930]  ? __stack_depot_save+0x34/0x470
[  639.846789][T24930]  ? anon_vma_clone+0x9a/0x500
[  639.851399][T24930]  copy_page_range+0x28a8/0x2f90
[  639.856172][T24930]  ? __kasan_slab_alloc+0xb1/0xe0
[  639.861026][T24930]  ? slab_post_alloc_hook+0x53/0x2c0
[  639.866145][T24930]  ? kernel_clone+0x21e/0x9e0
[  639.870661][T24930]  ? do_syscall_64+0x3d/0xb0
[  639.875085][T24930]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  639.881168][T24930]  ? pfn_valid+0x1e0/0x1e0
[  639.885416][T24930]  ? rwsem_write_trylock+0x15b/0x290
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000040), 0x4) (async)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x24, r4, 0x4, 0x70bda6, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x24000815)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)

[  639.890535][T24930]  ? vma_interval_tree_augment_rotate+0x1d0/0x1d0
[  639.896783][T24930]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  639.902337][T24930]  ? __rb_insert_augmented+0x5de/0x610
[  639.907908][T24930]  copy_mm+0xc7e/0x13e0
[  639.910745][T24969] __nla_validate_parse: 46 callbacks suppressed
[  639.910764][T24969] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  639.911885][T24930]  ? copy_signal+0x610/0x610
[  639.911914][T24930]  ? __init_rwsem+0xd6/0x1c0
[  639.911935][T24930]  ? copy_signal+0x4e3/0x610
[  639.911956][T24930]  copy_process+0x1149/0x3290
[  639.944878][T24930]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  639.949816][T24930]  ? copy_clone_args_from_user+0x774/0x830
[  639.955472][T24930]  kernel_clone+0x21e/0x9e0
[  639.959803][T24930]  ? __delayed_free_task+0x20/0x20
[  639.964745][T24930]  ? vfs_write+0x9ec/0x1110
[  639.969081][T24930]  ? create_io_thread+0x1e0/0x1e0
[  639.971530][T24971] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  639.973941][T24930]  __x64_sys_clone3+0x376/0x3a0
[  639.987745][T24930]  ? __ia32_sys_clone+0x290/0x290
[  639.992611][T24930]  ? fput+0x1a/0x20
10:01:14 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) (async)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
setsockopt$TIPC_SRC_DROPPABLE(r2, 0x10f, 0x80, &(0x7f0000000040), 0x4)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000140)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)={0x24, r4, 0x4, 0x70bda6, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x2}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r5}]}, 0x24}, 0x1, 0x0, 0x0, 0x4004}, 0x24000815)

10:01:14 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r1) (async)
keyctl$clear(0x7, r2) (async)

[  639.996250][T24930]  ? debug_smp_processor_id+0x17/0x20
[  640.001455][T24930]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  640.007362][T24930]  ? exit_to_user_mode_prepare+0x39/0xa0
[  640.012831][T24930]  do_syscall_64+0x3d/0xb0
[  640.017081][T24930]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.022807][T24930] RIP: 0033:0x7f19fd5aeda9
[  640.027071][T24930] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  640.046936][T24930] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  640.055181][T24930] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  640.062990][T24930] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  640.070805][T24930] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  640.078613][T24930] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  640.086428][T24930] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
10:01:15 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 63)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$clear(0x7, r2)

10:01:15 executing program 2:
r0 = syz_clone3(&(0x7f0000000100)={0x80200, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0xffffff86)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r1)
r3 = syz_clone3(&(0x7f0000002340)={0x10000000, &(0x7f0000001200), &(0x7f0000001240), &(0x7f0000001280), {0x14}, &(0x7f00000012c0)=""/4096, 0x1000, &(0x7f00000022c0)=""/23, &(0x7f0000002300)=[r0], 0x1}, 0x58)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000002400), 0x100, 0x0)
syz_clone3(&(0x7f0000002440)={0x100100000, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000fc0), {0x23}, &(0x7f0000001000)=""/218, 0xda, &(0x7f0000001100)=""/241, &(0x7f00000023c0)=[r3], 0x1, {r4}}, 0x58)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200)={'team0\x00', <r5=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280), &(0x7f00000002c0)=[0x0], 0x0, 0x5f, &(0x7f0000000300), 0x0, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xd5, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000540)={'batadv0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'gretap0\x00', &(0x7f00000005c0)={'syztnl0\x00', <r9=>0x0, 0x80, 0x8, 0x8, 0x9, {{0x18, 0x4, 0x3, 0x21, 0x60, 0x65, 0x0, 0x5, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0xe}, {[@generic={0x7, 0x12, "9eba8a6a57a5ef973d8ace84b7ef4115"}, @ssrr={0x89, 0x7, 0x29, [@rand_addr=0x64010102]}, @noop, @ssrr={0x89, 0x7, 0xc3, [@loopback]}, @end, @rr={0x7, 0x27, 0x66, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @empty, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101, @broadcast, @broadcast]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000680)={'batadv0\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe1, &(0x7f00000007c0)=[{}], 0x8, 0x10, &(0x7f0000000800), &(0x7f0000000840), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000880)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000a00)={'team0\x00', <r13=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'ip6_vti0\x00', <r14=>0x0, 0x4, 0x1, 0x1d, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x7, 0x8000, 0x6d94, 0xc}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000f80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000b00)={0x414, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r8}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0xf0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r13}, {0x104, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}]}}]}, 0x414}, 0x1, 0x0, 0x0, 0x800}, 0x90)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x400}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x60}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

[  640.092579][T24989] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.094410][T24930]  </TASK>
10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0xe4, 0x4, r2)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x400}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x60}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x24004000}, 0x0) (async, rerun: 32)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (rerun: 32)

[  640.150375][T24999] FAULT_INJECTION: forcing a failure.
[  640.150375][T24999] name failslab, interval 1, probability 0, space 0, times 0
[  640.166569][T25002] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async, rerun: 64)
keyctl$link(0x3, r0, 0x0) (async, rerun: 64)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0) (async)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0xe4, 0x4, r2)

[  640.194569][T24999] CPU: 1 PID: 24999 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  640.204737][T24999] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  640.207866][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.214625][T24999] Call Trace:
[  640.214635][T24999]  <TASK>
[  640.214643][T24999]  dump_stack_lvl+0x151/0x1b7
[  640.214670][T24999]  ? io_uring_drop_tctx_refs+0x190/0x190
[  640.214694][T24999]  dump_stack+0x15/0x17
10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r0) (async)
r2 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$reject(0x13, r1, 0xe4, 0x4, r2)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$unlink(0x9, r0, r0)
keyctl$link(0x8, r0, r0)

[  640.235015][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.239712][T24999]  should_fail+0x3c6/0x510
[  640.239743][T24999]  __should_failslab+0xa4/0xe0
[  640.248470][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.252812][T24999]  ? vm_area_dup+0x26/0x230
[  640.252843][T24999]  should_failslab+0x9/0x20
[  640.265096][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.270786][T24999]  slab_pre_alloc_hook+0x37/0xd0
[  640.270821][T24999]  ? vm_area_dup+0x26/0x230
10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$unlink(0x9, r0, r0)
keyctl$link(0x8, r0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$unlink(0x9, r0, r0) (async)
keyctl$link(0x8, r0, r0) (async)

10:01:15 executing program 2:
r0 = syz_clone3(&(0x7f0000000100)={0x80200, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0xffffff86)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r1) (async)
r3 = syz_clone3(&(0x7f0000002340)={0x10000000, &(0x7f0000001200), &(0x7f0000001240), &(0x7f0000001280), {0x14}, &(0x7f00000012c0)=""/4096, 0x1000, &(0x7f00000022c0)=""/23, &(0x7f0000002300)=[r0], 0x1}, 0x58) (async)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000002400), 0x100, 0x0)
syz_clone3(&(0x7f0000002440)={0x100100000, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000fc0), {0x23}, &(0x7f0000001000)=""/218, 0xda, &(0x7f0000001100)=""/241, &(0x7f00000023c0)=[r3], 0x1, {r4}}, 0x58) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200)={'team0\x00', <r5=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280), &(0x7f00000002c0)=[0x0], 0x0, 0x5f, &(0x7f0000000300), 0x0, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xd5, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000540)={'batadv0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'gretap0\x00', &(0x7f00000005c0)={'syztnl0\x00', <r9=>0x0, 0x80, 0x8, 0x8, 0x9, {{0x18, 0x4, 0x3, 0x21, 0x60, 0x65, 0x0, 0x5, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0xe}, {[@generic={0x7, 0x12, "9eba8a6a57a5ef973d8ace84b7ef4115"}, @ssrr={0x89, 0x7, 0x29, [@rand_addr=0x64010102]}, @noop, @ssrr={0x89, 0x7, 0xc3, [@loopback]}, @end, @rr={0x7, 0x27, 0x66, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @empty, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101, @broadcast, @broadcast]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000680)={'batadv0\x00', <r10=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'team0\x00', <r11=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe1, &(0x7f00000007c0)=[{}], 0x8, 0x10, &(0x7f0000000800), &(0x7f0000000840), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000880)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000a00)={'team0\x00', <r13=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'ip6_vti0\x00', <r14=>0x0, 0x4, 0x1, 0x1d, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x7, 0x8000, 0x6d94, 0xc}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000f80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000b00)={0x414, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r8}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0xf0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r13}, {0x104, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}]}}]}, 0x414}, 0x1, 0x0, 0x0, 0x800}, 0x90)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async, rerun: 32)
keyctl$unlink(0x9, r0, r0) (async, rerun: 32)
keyctl$link(0x8, r0, r0)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$BATADV_CMD_TP_METER(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x64, r2, 0x400, 0x70bd2a, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x80}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x400}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x7}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x60}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5, 0x2e, 0x1}, @BATADV_ATTR_TPMETER_TEST_TIME={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}]}, 0x64}, 0x1, 0x0, 0x0, 0x24004000}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  640.279870][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.288666][T24999]  kmem_cache_alloc+0x44/0x200
[  640.288701][T24999]  vm_area_dup+0x26/0x230
[  640.288725][T24999]  copy_mm+0x9a1/0x13e0
[  640.306969][T25010] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  640.311508][T24999]  ? copy_signal+0x610/0x610
[  640.311541][T24999]  ? __init_rwsem+0xd6/0x1c0
[  640.311565][T24999]  ? copy_signal+0x4e3/0x610
[  640.342141][T24999]  copy_process+0x1149/0x3290
10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$search(0xa, 0x0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1}, r0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async, rerun: 32)
keyctl$search(0xa, 0x0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1}, r0) (rerun: 32)

10:01:15 executing program 0:
r0 = syz_io_uring_setup(0x2ea3, &(0x7f0000000000)={0x0, 0xff12, 0x20, 0x0, 0x145}, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x5ae1, &(0x7f0000000100)={0x0, 0xd4fe, 0x0, 0x0, 0x3dd, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYRES16=r2], 0x28}}, 0x0)

[  640.346666][T24999]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  640.351599][T24999]  ? copy_clone_args_from_user+0x774/0x830
[  640.357247][T24999]  kernel_clone+0x21e/0x9e0
[  640.361577][T24999]  ? __delayed_free_task+0x20/0x20
[  640.366524][T24999]  ? vfs_write+0x9ec/0x1110
[  640.370872][T24999]  ? create_io_thread+0x1e0/0x1e0
[  640.375726][T24999]  __x64_sys_clone3+0x376/0x3a0
[  640.380425][T24999]  ? __ia32_sys_clone+0x290/0x290
[  640.385278][T24999]  ? fput+0x1a/0x20
[  640.388920][T24999]  ? debug_smp_processor_id+0x17/0x20
[  640.394142][T24999]  ? fpregs_assert_state_consistent+0xb6/0xe0
10:01:15 executing program 0:
r0 = syz_io_uring_setup(0x2ea3, &(0x7f0000000000)={0x0, 0xff12, 0x20, 0x0, 0x145}, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x5ae1, &(0x7f0000000100)={0x0, 0xd4fe, 0x0, 0x0, 0x3dd, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYRES16=r2], 0x28}}, 0x0)

10:01:15 executing program 0:
r0 = syz_io_uring_setup(0x2ea3, &(0x7f0000000000)={0x0, 0xff12, 0x20, 0x0, 0x145}, &(0x7f0000000080), &(0x7f00000000c0))
syz_io_uring_setup(0x5ae1, &(0x7f0000000100)={0x0, 0xd4fe, 0x0, 0x0, 0x3dd, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000200))
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYRES16=r2], 0x28}}, 0x0)
syz_io_uring_setup(0x2ea3, &(0x7f0000000000)={0x0, 0xff12, 0x20, 0x0, 0x145}, &(0x7f0000000080), &(0x7f00000000c0)) (async)
syz_io_uring_setup(0x5ae1, &(0x7f0000000100)={0x0, 0xd4fe, 0x0, 0x0, 0x3dd, 0x0, r0}, &(0x7f00000001c0), &(0x7f0000000200)) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYRES16=r2], 0x28}}, 0x0) (async)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x8, r1, r2)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "9d18b64653abe3f17aa53d487749e9b71003dabb45542de766099783ec350e344e0059e395dd2347f334add4c1a990262704bf0aad5201d72131758d385cb431", 0x23}, 0x48, r2)
keyctl$link(0x3, r2, r0)
syz_io_uring_setup(0x5708, &(0x7f0000000280)={0x0, 0x4705, 0x80, 0x3, 0x308}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000380)=0x9, 0x0, 0x4)

[  640.400029][T24999]  ? exit_to_user_mode_prepare+0x39/0xa0
[  640.405496][T24999]  do_syscall_64+0x3d/0xb0
[  640.409835][T24999]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.415573][T24999] RIP: 0033:0x7f19fd5aeda9
[  640.419814][T24999] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  640.439270][T24999] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r3, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xf8, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x82eb}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa000}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10001}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xe7b68869046a262e}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xe00}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xf}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x12}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4380}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x10}}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000080)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)
keyctl$search(0xa, 0x0, &(0x7f00000000c0)='dns_resolver\x00', &(0x7f0000000140)={'syz', 0x1}, r0)

10:01:15 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 64)

[  640.447504][T24999] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  640.455316][T24999] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  640.463124][T24999] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  640.470936][T24999] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  640.478744][T24999] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  640.486736][T24999]  </TASK>
10:01:15 executing program 2:
syz_clone3(&(0x7f0000000100)={0x80200, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0xffffff86) (async)
r0 = syz_clone3(&(0x7f0000000100)={0x80200, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000004280)}, 0xffffff86)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$team(&(0x7f00000001c0), r1) (async)
r2 = syz_genetlink_get_family_id$team(&(0x7f00000001c0), r1)
r3 = syz_clone3(&(0x7f0000002340)={0x10000000, &(0x7f0000001200), &(0x7f0000001240), &(0x7f0000001280), {0x14}, &(0x7f00000012c0)=""/4096, 0x1000, &(0x7f00000022c0)=""/23, &(0x7f0000002300)=[r0], 0x1}, 0x58)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000002400), 0x100, 0x0)
syz_clone3(&(0x7f0000002440)={0x100100000, &(0x7f0000000280), &(0x7f0000000300), &(0x7f0000000fc0), {0x23}, &(0x7f0000001000)=""/218, 0xda, &(0x7f0000001100)=""/241, &(0x7f00000023c0)=[r3], 0x1, {r4}}, 0x58)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000200)={'team0\x00', <r5=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280), &(0x7f00000002c0)=[0x0], 0x0, 0x5f, &(0x7f0000000300), 0x0, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xd5, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0xe0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000240)=[0x0], ""/16, <r6=>0x0, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000280), &(0x7f00000002c0)=[0x0], 0x0, 0x5f, &(0x7f0000000300), 0x0, 0x10, &(0x7f0000000340), &(0x7f0000000380), 0x8, 0xd5, 0x8, 0x8, &(0x7f00000003c0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000540)={'batadv0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000640)={'gretap0\x00', &(0x7f00000005c0)={'syztnl0\x00', <r9=>0x0, 0x80, 0x8, 0x8, 0x9, {{0x18, 0x4, 0x3, 0x21, 0x60, 0x65, 0x0, 0x5, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0xe}, {[@generic={0x7, 0x12, "9eba8a6a57a5ef973d8ace84b7ef4115"}, @ssrr={0x89, 0x7, 0x29, [@rand_addr=0x64010102]}, @noop, @ssrr={0x89, 0x7, 0xc3, [@loopback]}, @end, @rr={0x7, 0x27, 0x66, [@initdev={0xac, 0x1e, 0x1, 0x0}, @loopback, @remote, @empty, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}, @private=0xa010101, @broadcast, @broadcast]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000680)={'batadv0\x00', <r10=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe1, &(0x7f00000007c0)=[{}], 0x8, 0x10, &(0x7f0000000800), &(0x7f0000000840), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000880)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000009c0)={0xffffffffffffffff, 0xe0, &(0x7f00000008c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x3, 0x5, &(0x7f0000000740)=[0x0, 0x0, 0x0], &(0x7f0000000780)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0xe1, &(0x7f00000007c0)=[{}], 0x8, 0x10, &(0x7f0000000800), &(0x7f0000000840), 0x8, 0x41, 0x8, 0x8, &(0x7f0000000880)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000a00)={'team0\x00', <r13=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'ip6_vti0\x00', 0x0, 0x4, 0x1, 0x1d, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x7, 0x8000, 0x6d94, 0xc}}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000ac0)={'syztnl2\x00', &(0x7f0000000a40)={'ip6_vti0\x00', <r14=>0x0, 0x4, 0x1, 0x1d, 0x1, 0x10, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, 0x7, 0x8000, 0x6d94, 0xc}})
sendmsg$TEAM_CMD_PORT_LIST_GET(r1, &(0x7f0000000f80)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000f40)={&(0x7f0000000b00)={0x414, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [{{0x8, 0x1, r5}, {0x1f4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xfff}}, {0x8, 0x6, r6}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7fff}}, {0x8, 0x6, r7}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r8}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r9}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0xf0, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x9}}, {0x8, 0x6, r12}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x1}}}, {0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}]}}, {{0x8, 0x1, r13}, {0x104, 0x2, 0x0, 0x1, [{0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}]}}]}, 0x414}, 0x1, 0x0, 0x0, 0x800}, 0x90)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4) (async)
sendmsg$BATADV_CMD_SET_MESH(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x14, 0x0, 0x400, 0x70bd28, 0x25dfdbfe}, 0x14}, 0x1, 0x0, 0x0, 0x40}, 0x4)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x8, r1, r2)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "9d18b64653abe3f17aa53d487749e9b71003dabb45542de766099783ec350e344e0059e395dd2347f334add4c1a990262704bf0aad5201d72131758d385cb431", 0x23}, 0x48, r2) (async)
keyctl$link(0x3, r2, r0) (async)
syz_io_uring_setup(0x5708, &(0x7f0000000280)={0x0, 0x4705, 0x80, 0x3, 0x308}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000380)=0x9, 0x0, 0x4)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0xd, 0x1, 0x2, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0]}, 0x40)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r3, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800) (async)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xf8, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x82eb}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa000}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10001}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xe7b68869046a262e}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xe00}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xf}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x12}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4380}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x10}}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x4000) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0xd, 0x1, 0x2, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0]}, 0x40)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0) (async)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0xd, 0x1, 0x2, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0]}, 0x40) (async)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$link(0x8, r1, r2)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "9d18b64653abe3f17aa53d487749e9b71003dabb45542de766099783ec350e344e0059e395dd2347f334add4c1a990262704bf0aad5201d72131758d385cb431", 0x23}, 0x48, r2)
keyctl$link(0x3, r2, r0)
syz_io_uring_setup(0x5708, &(0x7f0000000280)={0x0, 0x4705, 0x80, 0x3, 0x308}, &(0x7f0000000300)=<r3=>0x0, &(0x7f0000000340))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000380)=0x9, 0x0, 0x4)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0x0) (async)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) (async)
keyctl$link(0x8, r1, r2) (async)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f00000001c0)={'fscrypt:', @desc2}, &(0x7f0000000200)={0x0, "9d18b64653abe3f17aa53d487749e9b71003dabb45542de766099783ec350e344e0059e395dd2347f334add4c1a990262704bf0aad5201d72131758d385cb431", 0x23}, 0x48, r2) (async)
keyctl$link(0x3, r2, r0) (async)
syz_io_uring_setup(0x5708, &(0x7f0000000280)={0x0, 0x4705, 0x80, 0x3, 0x308}, &(0x7f0000000300), &(0x7f0000000340)) (async)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x114, &(0x7f0000000380)=0x9, 0x0, 0x4) (async)

[  640.559034][T25069] FAULT_INJECTION: forcing a failure.
[  640.559034][T25069] name failslab, interval 1, probability 0, space 0, times 0
[  640.591540][T25069] CPU: 0 PID: 25069 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0) (async)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r3, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800) (async)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r3, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800)
sendmsg$IPVS_CMD_DEL_DEST(r0, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000040)={0xf8, r3, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x82eb}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xa000}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x2}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x10001}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xe7b68869046a262e}, @IPVS_DEST_ATTR_TUN_FLAGS={0x6, 0xf, 0x9}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_U_THRESH={0x8}]}, @IPVS_CMD_ATTR_DAEMON={0x1c, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x1}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0xe00}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e22}]}, @IPVS_CMD_ATTR_DAEMON={0x4}, @IPVS_CMD_ATTR_SERVICE={0x1c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x7d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x7}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0xf}]}, @IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3b}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x12}]}, @IPVS_CMD_ATTR_SERVICE={0x48, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4380}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x3e}, @IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e24}, @IPVS_SVC_ATTR_PROTOCOL={0x6, 0x2, 0x2f}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2e, 0x10}}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}]}, 0xf8}, 0x1, 0x0, 0x0, 0x40}, 0x4000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
keyctl$link(0x3, r0, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000280)={@map, 0xd, 0x1, 0x2, &(0x7f0000000080)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000000c0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000200)=[0x0, 0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0]}, 0x40)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000080)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)

[  640.601711][T25069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  640.611607][T25069] Call Trace:
[  640.614733][T25069]  <TASK>
[  640.617505][T25069]  dump_stack_lvl+0x151/0x1b7
[  640.622021][T25069]  ? io_uring_drop_tctx_refs+0x190/0x190
[  640.627487][T25069]  dump_stack+0x15/0x17
[  640.631476][T25069]  should_fail+0x3c6/0x510
[  640.635737][T25069]  __should_failslab+0xa4/0xe0
[  640.640593][T25069]  ? vm_area_dup+0x26/0x230
[  640.644932][T25069]  should_failslab+0x9/0x20
[  640.649269][T25069]  slab_pre_alloc_hook+0x37/0xd0
[  640.654060][T25069]  ? vm_area_dup+0x26/0x230
10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r1, 0x0, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2c}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x20000800)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x37, 0x35, 0x61, 0x36, 0x30, 0x64, 0x63, 0x33, 0x66, 0x32, 0x39, 0x35, 0x37, 0x30, 0x31]}, &(0x7f0000000200)={0x0, "e887f466e425d5bcd2d987dc1da24617898cfaa90ab710e10be284a2f7bd8e6dc7332932633fe153ec8775e365d0e062ea154e166900", 0x30}, 0x48, 0x0)
keyctl$negate(0xd, r2, 0x29, r2)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0) (async, rerun: 64)
add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x37, 0x35, 0x61, 0x36, 0x30, 0x64, 0x63, 0x33, 0x66, 0x32, 0x39, 0x35, 0x37, 0x30, 0x31]}, &(0x7f0000000200)={0x0, "e887f466e425d5bcd2d987dc1da24617898cfaa90ab710e10be284a2f7bd8e6dc7332932633fe153ec8775e365d0e062ea154e166900", 0x30}, 0x48, 0x0) (async, rerun: 64)
keyctl$negate(0xd, r2, 0x29, r2)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x15, r3, 0x0)
keyctl$negate(0xd, r2, 0x6, r3)
keyctl$link(0x3, r0, 0x0)

[  640.658387][T25069]  kmem_cache_alloc+0x44/0x200
[  640.662997][T25069]  vm_area_dup+0x26/0x230
[  640.667153][T25069]  copy_mm+0x9a1/0x13e0
[  640.671148][T25069]  ? copy_signal+0x610/0x610
[  640.675570][T25069]  ? __init_rwsem+0xd6/0x1c0
[  640.679994][T25069]  ? copy_signal+0x4e3/0x610
[  640.684422][T25069]  copy_process+0x1149/0x3290
[  640.688939][T25069]  ? __kasan_check_write+0x14/0x20
[  640.693889][T25069]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  640.698915][T25069]  ? copy_clone_args_from_user+0x774/0x830
[  640.704563][T25069]  kernel_clone+0x21e/0x9e0
10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x15, r3, 0x0)
keyctl$negate(0xd, r2, 0x6, r3)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1) (async)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0) (async)
keyctl$link(0x15, r3, 0x0) (async)
keyctl$negate(0xd, r2, 0x6, r3) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)
add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x37, 0x35, 0x61, 0x36, 0x30, 0x64, 0x63, 0x33, 0x66, 0x32, 0x39, 0x35, 0x37, 0x30, 0x31]}, &(0x7f0000000200)={0x0, "e887f466e425d5bcd2d987dc1da24617898cfaa90ab710e10be284a2f7bd8e6dc7332932633fe153ec8775e365d0e062ea154e166900", 0x30}, 0x48, 0x0)
keyctl$negate(0xd, r2, 0x29, r2)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r1, 0x0, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2c}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x20000800)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  640.709069][T25069]  ? __delayed_free_task+0x20/0x20
[  640.714018][T25069]  ? vfs_write+0x9ec/0x1110
[  640.718361][T25069]  ? create_io_thread+0x1e0/0x1e0
[  640.723220][T25069]  __x64_sys_clone3+0x376/0x3a0
[  640.727903][T25069]  ? __ia32_sys_clone+0x290/0x290
[  640.732765][T25069]  ? fput+0x1a/0x20
[  640.736412][T25069]  ? debug_smp_processor_id+0x17/0x20
[  640.741615][T25069]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  640.747524][T25069]  ? exit_to_user_mode_prepare+0x39/0xa0
[  640.752992][T25069]  do_syscall_64+0x3d/0xb0
10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, r1, 0x0, 0x70bd26, 0x25dfdbfe, {{}, {@void, @val={0xc, 0x99, {0x6, 0x2c}}}}, ["", ""]}, 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x20000800)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000240), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x15, r3, 0x0)
keyctl$negate(0xd, r2, 0x6, r3)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r1) (async)
add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000240), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, r0) (async)
keyctl$link(0x15, r3, 0x0) (async)
keyctl$negate(0xd, r2, 0x6, r3) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="60aeafd31526a98c98b530d464fdc75cab4084777e2941c8ae46959a172b2cf2e58f177de3f5130dd672732cdfcfb39d4ddfed7a9240eb", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x35, 0x34, 0x30, 0x54, 0x39, 0x34, 0x62, 0x37, 0x33, 0x32, 0x62, 0x62, 0x37, 0x61, 0x34]}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xfffffffffffffff9)
keyctl$restrict_keyring(0x1d, r2, &(0x7f00000002c0)='.dead\x00', 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)
keyctl$reject(0x13, r1, 0xfbe3, 0x3, r1)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r1) (async, rerun: 64)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (rerun: 64)
r2 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x35, 0x34, 0x30, 0x54, 0x39, 0x34, 0x62, 0x37, 0x33, 0x32, 0x62, 0x62, 0x37, 0x61, 0x34]}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xfffffffffffffff9)
keyctl$restrict_keyring(0x1d, r2, &(0x7f00000002c0)='.dead\x00', 0x0)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)
keyctl$reject(0x13, r1, 0xfbe3, 0x3, r1)

[  640.757241][T25069]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  640.762972][T25069] RIP: 0033:0x7f19fd5aeda9
[  640.767222][T25069] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  640.786751][T25069] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  640.795012][T25069] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="60aeafd31526a98c98b530d464fdc75cab4084777e2941c8ae46959a172b2cf2e58f177de3f5130dd672732cdfcfb39d4ddfed7a9240eb", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="60aeafd31526a98c98b530d464fdc75cab4084777e2941c8ae46959a172b2cf2e58f177de3f5130dd672732cdfcfb39d4ddfed7a9240eb", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000380)={'syz', 0x0}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f00000003c0)={'syz', 0x3}, 0x0, 0x0, r1) (async)
add_key$keyring(&(0x7f0000000340), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @auto=[0x34, 0x35, 0x34, 0x30, 0x54, 0x39, 0x34, 0x62, 0x37, 0x33, 0x32, 0x62, 0x62, 0x37, 0x61, 0x34]}, &(0x7f0000000200)={0x0, "b65aa9feb40eca3063ec4ea4288a0d16e2a412d0ff5f112151ef1bf70d4beb01f9215fea9dadfd1db53357291653ef0f5ce09db2762365c4db60d22e58cd2612"}, 0x48, 0xfffffffffffffff9)
keyctl$restrict_keyring(0x1d, r2, &(0x7f00000002c0)='.dead\x00', 0x0) (async)
r3 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)
keyctl$reject(0x13, r1, 0xfbe3, 0x3, r1)

10:01:15 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'erspan0\x00', <r1=>0x0, 0x8000, 0x7800, 0x0, 0xfc, {{0x13, 0x4, 0x1, 0xa, 0x4c, 0x66, 0x0, 0x80, 0x29, 0x0, @broadcast, @multicast1, {[@lsrr={0x83, 0xf, 0xae, [@remote, @empty, @loopback]}, @lsrr={0x83, 0xf, 0x3c, [@loopback, @empty, @dev={0xac, 0x14, 0x14, 0x33}]}, @end, @timestamp={0x44, 0x18, 0xa9, 0x0, 0x3, [0x10001, 0x9, 0x100, 0x5fc3, 0x6]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'sit0\x00', r1, 0x1, 0x1, 0xfffffffe, 0xd1, {{0x10, 0x4, 0x3, 0x37, 0x40, 0x68, 0x0, 0xfc, 0x4, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x2b, 0x50, [@loopback, @dev={0xac, 0x14, 0x14, 0x1a}, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @multicast1, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}})
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:15 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 65)

10:01:15 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000200)=0x200, &(0x7f0000000240)=0x4)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x8, r2, r1)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000280)=0xc6cc, 0x2)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x8, r3, r3)
keyctl$link(0x3, r1, 0x0)
keyctl$negate(0xd, 0x0, 0x9, r3)
keyctl$reject(0x13, r2, 0x7ff, 0xad22, r3)

10:01:15 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xffffff5b, r1, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xd}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x19}]}, 0x23}, 0x1, 0x0, 0x0, 0x4004000}, 0x4040094)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r2, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x5c, r1, 0x300, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)

[  640.802807][T25069] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  640.810703][T25069] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  640.818518][T25069] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  640.826326][T25069] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  640.834147][T25069]  </TASK>
10:01:15 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'erspan0\x00', <r1=>0x0, 0x8000, 0x7800, 0x0, 0xfc, {{0x13, 0x4, 0x1, 0xa, 0x4c, 0x66, 0x0, 0x80, 0x29, 0x0, @broadcast, @multicast1, {[@lsrr={0x83, 0xf, 0xae, [@remote, @empty, @loopback]}, @lsrr={0x83, 0xf, 0x3c, [@loopback, @empty, @dev={0xac, 0x14, 0x14, 0x33}]}, @end, @timestamp={0x44, 0x18, 0xa9, 0x0, 0x3, [0x10001, 0x9, 0x100, 0x5fc3, 0x6]}]}}}}}) (rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'sit0\x00', r1, 0x1, 0x1, 0xfffffffe, 0xd1, {{0x10, 0x4, 0x3, 0x37, 0x40, 0x68, 0x0, 0xfc, 0x4, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x2b, 0x50, [@loopback, @dev={0xac, 0x14, 0x14, 0x1a}, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @multicast1, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
getuid()
keyctl$search(0xa, r0, &(0x7f00000000c0)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
getuid() (async)
keyctl$search(0xa, r0, &(0x7f00000000c0)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, r0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  640.882452][T25164] FAULT_INJECTION: forcing a failure.
[  640.882452][T25164] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  640.903039][T25164] CPU: 0 PID: 25164 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  640.913303][T25164] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  640.923198][T25164] Call Trace:
[  640.926322][T25164]  <TASK>
10:01:15 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000080)={'syztnl2\x00', &(0x7f0000000000)={'erspan0\x00', <r1=>0x0, 0x8000, 0x7800, 0x0, 0xfc, {{0x13, 0x4, 0x1, 0xa, 0x4c, 0x66, 0x0, 0x80, 0x29, 0x0, @broadcast, @multicast1, {[@lsrr={0x83, 0xf, 0xae, [@remote, @empty, @loopback]}, @lsrr={0x83, 0xf, 0x3c, [@loopback, @empty, @dev={0xac, 0x14, 0x14, 0x33}]}, @end, @timestamp={0x44, 0x18, 0xa9, 0x0, 0x3, [0x10001, 0x9, 0x100, 0x5fc3, 0x6]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000140)={'erspan0\x00', &(0x7f00000000c0)={'sit0\x00', r1, 0x1, 0x1, 0xfffffffe, 0xd1, {{0x10, 0x4, 0x3, 0x37, 0x40, 0x68, 0x0, 0xfc, 0x4, 0x0, @remote, @multicast1, {[@lsrr={0x83, 0x2b, 0x50, [@loopback, @dev={0xac, 0x14, 0x14, 0x1a}, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010102, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @multicast1, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x1, 0x0}]}]}}}}}) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
getuid()
keyctl$search(0xa, r0, &(0x7f00000000c0)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
getuid() (async)
keyctl$search(0xa, r0, &(0x7f00000000c0)='.request_key_auth\x00', &(0x7f0000000140)={'syz', 0x2}, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)

10:01:15 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='user\x00', &(0x7f00000000c0)='&}\x00')
keyctl$clear(0x7, r0)

10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x30080, 0x0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

[  640.929101][T25164]  dump_stack_lvl+0x151/0x1b7
[  640.933610][T25164]  ? io_uring_drop_tctx_refs+0x190/0x190
[  640.939085][T25164]  ? __update_load_avg_cfs_rq+0xb1/0x2f0
[  640.944546][T25164]  dump_stack+0x15/0x17
[  640.948540][T25164]  should_fail+0x3c6/0x510
[  640.952797][T25164]  should_fail_alloc_page+0x5a/0x80
[  640.957840][T25164]  prepare_alloc_pages+0x15c/0x700
[  640.962779][T25164]  ? __alloc_pages_bulk+0xe40/0xe40
[  640.967986][T25164]  ? sched_clock+0x9/0x10
[  640.972154][T25164]  __alloc_pages+0x18c/0x8f0
[  640.976571][T25164]  ? prep_new_page+0x110/0x110
10:01:15 executing program 1:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x30080, 0x0) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:15 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='user\x00', &(0x7f00000000c0)='&}\x00')
keyctl$clear(0x7, r0)

[  640.981175][T25164]  ? is_bpf_text_address+0x172/0x190
[  640.986296][T25164]  pte_alloc_one+0x73/0x1b0
[  640.990631][T25164]  ? pfn_modify_allowed+0x2f0/0x2f0
[  640.995720][T25164]  ? arch_stack_walk+0xf3/0x140
[  641.000360][T25164]  __pte_alloc+0x86/0x350
[  641.004609][T25164]  ? free_pgtables+0x280/0x280
[  641.009208][T25164]  ? _raw_spin_lock+0xa4/0x1b0
[  641.013808][T25164]  ? __kasan_check_write+0x14/0x20
[  641.019029][T25164]  copy_page_range+0x28a8/0x2f90
[  641.023801][T25164]  ? __kasan_slab_alloc+0xb1/0xe0
[  641.028670][T25164]  ? pfn_valid+0x1e0/0x1e0
10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f00000001c0), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x1}, 0x0, 0x0, r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x30080, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:16 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='user\x00', &(0x7f00000000c0)='&}\x00') (async)
keyctl$clear(0x7, r0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)

[  641.033004][T25164]  ? vma_gap_callbacks_rotate+0x1e2/0x210
[  641.038554][T25164]  ? __rb_insert_augmented+0x5de/0x610
[  641.043855][T25164]  copy_mm+0xc7e/0x13e0
[  641.047847][T25164]  ? copy_signal+0x610/0x610
[  641.052367][T25164]  ? __init_rwsem+0xd6/0x1c0
[  641.056800][T25164]  ? copy_signal+0x4e3/0x610
[  641.061220][T25164]  copy_process+0x1149/0x3290
[  641.065742][T25164]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  641.070708][T25164]  ? copy_clone_args_from_user+0x774/0x830
[  641.076594][T25164]  kernel_clone+0x21e/0x9e0
10:01:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x408, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6d0}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xec2}]}, 0x54}, 0x1, 0x0, 0x0, 0xc8}, 0x400d0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)

[  641.080930][T25164]  ? __delayed_free_task+0x20/0x20
[  641.085881][T25164]  ? vfs_write+0x9ec/0x1110
[  641.090217][T25164]  ? create_io_thread+0x1e0/0x1e0
[  641.095075][T25164]  __x64_sys_clone3+0x376/0x3a0
[  641.099853][T25164]  ? __ia32_sys_clone+0x290/0x290
[  641.104711][T25164]  ? fput+0x1a/0x20
[  641.108359][T25164]  ? debug_smp_processor_id+0x17/0x20
[  641.113580][T25164]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  641.119475][T25164]  ? exit_to_user_mode_prepare+0x39/0xa0
[  641.124931][T25164]  do_syscall_64+0x3d/0xb0
10:01:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4b47, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x30, r3, 0x800, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x7}, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x41}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x408c2}, 0x44800)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000001}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000050)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r0)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r7, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000004}, 0x40000)

10:01:16 executing program 2:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x408, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6d0}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xec2}]}, 0x54}, 0x1, 0x0, 0x0, 0xc8}, 0x400d0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:16 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x54, 0x0, 0x408, 0x70bd25, 0x25dfdbfc, {}, [@BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x6d0}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x7}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xec2}]}, 0x54}, 0x1, 0x0, 0x0, 0xc8}, 0x400d0) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4b47, 0x0)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r2=>0x0}) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x30, r3, 0x800, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x7}, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x41}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x408c2}, 0x44800) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000001}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000050)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r0)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r7, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000004}, 0x40000)

[  641.129184][T25164]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  641.134910][T25164] RIP: 0033:0x7f19fd5aeda9
[  641.139166][T25164] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  641.158692][T25164] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  641.166940][T25164] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  641.174748][T25164] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xffffff5b, r1, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xd}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x19}]}, 0x23}, 0x1, 0x0, 0x0, 0x4004000}, 0x4040094)
r2 = socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r2, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x5c, r1, 0x300, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)

10:01:16 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000200)=0x200, &(0x7f0000000240)=0x4)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x8, r2, r1)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000280)=0xc6cc, 0x2)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x8, r3, r3)
keyctl$link(0x3, r1, 0x0)
keyctl$negate(0xd, 0x0, 0x9, r3)
keyctl$reject(0x13, r2, 0x7ff, 0xad22, r3)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) (async)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000200)=0x200, &(0x7f0000000240)=0x4) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1) (async)
keyctl$link(0x8, r2, r1) (async)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000280)=0xc6cc, 0x2) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async)
keyctl$link(0x8, r3, r3) (async)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$negate(0xd, 0x0, 0x9, r3) (async)
keyctl$reject(0x13, r2, 0x7ff, 0xad22, r3) (async)

10:01:16 executing program 1:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x4b47, 0x0) (async)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000180)={'batadv0\x00', <r2=>0x0})
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_GET_COALESCE(r0, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000340)={&(0x7f0000000400)={0x30, r3, 0x800, 0x70bd2a, 0x25dfdbfc, {{}, {@val={0x8, 0x1, 0x7}, @val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x0, 0x41}}}}, ["", "", "", "", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x408c2}, 0x44800) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000240)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x2c, r1, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x80000001}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000}, 0x20000050) (async)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r6 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r5)
keyctl$link(0x3, r6, 0x0)
r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000440), r0)
sendmsg$BATADV_CMD_GET_VLAN(r0, &(0x7f0000000500)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f00000004c0)={&(0x7f0000000480)={0x1c, r7, 0x4, 0x70bd2c, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000004}, 0x40000)

[  641.182644][T25164] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  641.190455][T25164] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  641.198268][T25164] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  641.206088][T25164]  </TASK>
10:01:16 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 66)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xffffff5b, r1, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xd}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x19}]}, 0x23}, 0x1, 0x0, 0x0, 0x4004000}, 0x4040094)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_POWER_SAVE(r2, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x5c, r1, 0x300, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0xffffff5b, r1, 0x100, 0x70bd25, 0x25dfdbfe, {{}, {@void, @void}}, [@NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xd}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x27}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x35}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0x19}]}, 0x23}, 0x1, 0x0, 0x0, 0x4004000}, 0x4040094) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00'}) (async)
sendmsg$NL80211_CMD_SET_POWER_SAVE(r2, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)={0x5c, r1, 0x300, 0x70bd26, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}, @NL80211_ATTR_PS_STATE={0x8, 0x5d, 0x1}]}, 0x5c}, 0x1, 0x0, 0x0, 0x80}, 0x4000000) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000000), r0) (async)

10:01:16 executing program 3:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x5}, 0x48) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000200)=0x200, &(0x7f0000000240)=0x4)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$link(0x8, r2, r1) (async)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, &(0x7f0000000280)=0xc6cc, 0x2) (async)
r3 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x8, r3, r3)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$negate(0xd, 0x0, 0x9, r3)
keyctl$reject(0x13, r2, 0x7ff, 0xad22, r3)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "78e2baab0c522b028f8eb42585b793ab5783c1c5ad4e50ee5c7b1a0759cab35213a1fd8e034af5703aef6eb098cdd561f2bafd1962d82d3c04d6b8bb424c3a76", 0x31}, 0x48, r0)

10:01:16 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x76}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24040080)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000080)={&(0x7f0000000380)="98097aeee10b4b48c2c2badb7e9b5bdeab345314e03a2630c0dfe33f6ea9b47e12252712e641498efb947fbe443498fc2356381045e94f86da21c256f7c354f12c7ea8b45fea6414b4e8e5a36ce0e6be7465a64c001f3a4236d2e69c68aafb217a64aa6609f6ff19a4728949273cdc401b1c6d15a977665f0c7edbc22e4f329befe2e086a0fe85bc83fa29a84e3e8b2138adc47b08a4ed2009c769db212803547f32c2108e94ffe71d3694c2c8f2b02744628cd0d97838b3d8515debc0c7ebac59223d994a413db342c440e3f6b2c5c3075aecc46063ab376aeecdae7292b30000121b7edad6df1f297304bf2570bb6aa0c835cd680b29672a43ff3ff56970b64fbc137b4f3082cd6c3a96ffba92ef7a8cf2f5b8fb0c51b785461c97810c8cea5d00000000d3622d6afbc50b80ef254e384ecf80af3ba3d0463476243e764c6a60fa2b2e0168f76cc08c8b57d17da6bae08beebf0000000000000000001000009a93345e49026b3d09e7382c9f1cc0b7fe5366c10d04c2f36d34cf34ec4ed5342e6ad328ca1f014660cf4ec4fafbffa35e5102233d5622e68c6e528e690a8108fbedb2c7932675c7abc0d316df4a46b4abd8e481ddbdb3c6cf5bad9332651f324ed924ae74567129edfedbbe90c54e62830f285b8956b38d4c1dd66d63476d8cb119089f3d55e0b31ac6dbdcb6a5880db4bfe2569d23e9078cbd1c024344177ab7f795e0999f1835ed80ba4379b9823c479794d9fd8971d06af2944ed1964a2c6ad416fb6b5204fd82c9925c09cbec6599a35e6c683ec4deb92484156d571eb274fff8e1b40de298b19a42d6299283875c4503695877756493ee6936443c2efab1d92d744f700308e28ba2d539e273e59149", 0x272}, 0x1, 0x0, 0x0, 0x24000481}, 0x4015)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1e000000000000faff1401f19c05a24364b5548cdac68b45a75305e6dec856907de0510a0a7467f09e56a244e970c14d52f35639d072104897556e8a395ad687dacedadc88d04f235644e9da3a42ed52fed2ba25a7ec758408cd3e6166b788c0a54954657f72907cd18685ccd348b1ea120b9e5557aea2ab6fb3283515f7dede4ab0b9403219ab77149bba"], 0x28}}, 0x0)

[  641.267854][T25247] FAULT_INJECTION: forcing a failure.
[  641.267854][T25247] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  641.296804][T25247] CPU: 0 PID: 25247 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  641.306969][T25247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async, rerun: 32)
keyctl$link(0x3, r1, 0x0) (rerun: 32)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1e000000000000faff1401f19c05a24364b5548cdac68b45a75305e6dec856907de0510a0a7467f09e56a244e970c14d52f35639d072104897556e8a395ad687dacedadc88d04f235644e9da3a42ed52fed2ba25a7ec758408cd3e6166b788c0a54954657f72907cd18685ccd348b1ea120b9e5557aea2ab6fb3283515f7dede4ab0b9403219ab77149bba"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1e000000000000faff1401f19c05a24364b5548cdac68b45a75305e6dec856907de0510a0a7467f09e56a244e970c14d52f35639d072104897556e8a395ad687dacedadc88d04f235644e9da3a42ed52fed2ba25a7ec758408cd3e6166b788c0a54954657f72907cd18685ccd348b1ea120b9e5557aea2ab6fb3283515f7dede4ab0b9403219ab77149bba"], 0x28}}, 0x0) (async)

10:01:16 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @val={0xc}}}}, 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x76}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24040080) (async)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000080)={&(0x7f0000000380)="98097aeee10b4b48c2c2badb7e9b5bdeab345314e03a2630c0dfe33f6ea9b47e12252712e641498efb947fbe443498fc2356381045e94f86da21c256f7c354f12c7ea8b45fea6414b4e8e5a36ce0e6be7465a64c001f3a4236d2e69c68aafb217a64aa6609f6ff19a4728949273cdc401b1c6d15a977665f0c7edbc22e4f329befe2e086a0fe85bc83fa29a84e3e8b2138adc47b08a4ed2009c769db212803547f32c2108e94ffe71d3694c2c8f2b02744628cd0d97838b3d8515debc0c7ebac59223d994a413db342c440e3f6b2c5c3075aecc46063ab376aeecdae7292b30000121b7edad6df1f297304bf2570bb6aa0c835cd680b29672a43ff3ff56970b64fbc137b4f3082cd6c3a96ffba92ef7a8cf2f5b8fb0c51b785461c97810c8cea5d00000000d3622d6afbc50b80ef254e384ecf80af3ba3d0463476243e764c6a60fa2b2e0168f76cc08c8b57d17da6bae08beebf0000000000000000001000009a93345e49026b3d09e7382c9f1cc0b7fe5366c10d04c2f36d34cf34ec4ed5342e6ad328ca1f014660cf4ec4fafbffa35e5102233d5622e68c6e528e690a8108fbedb2c7932675c7abc0d316df4a46b4abd8e481ddbdb3c6cf5bad9332651f324ed924ae74567129edfedbbe90c54e62830f285b8956b38d4c1dd66d63476d8cb119089f3d55e0b31ac6dbdcb6a5880db4bfe2569d23e9078cbd1c024344177ab7f795e0999f1835ed80ba4379b9823c479794d9fd8971d06af2944ed1964a2c6ad416fb6b5204fd82c9925c09cbec6599a35e6c683ec4deb92484156d571eb274fff8e1b40de298b19a42d6299283875c4503695877756493ee6936443c2efab1d92d744f700308e28ba2d539e273e59149", 0x272}, 0x1, 0x0, 0x0, 0x24000481}, 0x4015) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  641.316874][T25247] Call Trace:
[  641.319987][T25247]  <TASK>
[  641.322765][T25247]  dump_stack_lvl+0x151/0x1b7
[  641.327299][T25247]  ? io_uring_drop_tctx_refs+0x190/0x190
[  641.332752][T25247]  dump_stack+0x15/0x17
[  641.336736][T25247]  should_fail+0x3c6/0x510
[  641.340992][T25247]  should_fail_alloc_page+0x5a/0x80
[  641.346117][T25247]  prepare_alloc_pages+0x15c/0x700
[  641.351060][T25247]  ? __alloc_pages+0x8f0/0x8f0
[  641.355747][T25247]  ? __alloc_pages_bulk+0xe40/0xe40
[  641.360776][T25247]  __alloc_pages+0x18c/0x8f0
[  641.365203][T25247]  ? prep_new_page+0x110/0x110
[  641.369804][T25247]  ? is_bpf_text_address+0x172/0x190
[  641.374925][T25247]  pte_alloc_one+0x73/0x1b0
[  641.379270][T25247]  ? pfn_modify_allowed+0x2f0/0x2f0
[  641.384298][T25247]  ? arch_stack_walk+0xf3/0x140
[  641.388988][T25247]  __pte_alloc+0x86/0x350
[  641.393165][T25247]  ? free_pgtables+0x280/0x280
[  641.397751][T25247]  ? _raw_spin_lock+0xa4/0x1b0
[  641.402353][T25247]  ? __kasan_check_write+0x14/0x20
[  641.407304][T25247]  copy_page_range+0x28a8/0x2f90
[  641.412073][T25247]  ? __kasan_slab_alloc+0xb1/0xe0
[  641.416945][T25247]  ? pfn_valid+0x1e0/0x1e0
[  641.421194][T25247]  ? vma_interval_tree_augment_rotate+0x1a3/0x1d0
[  641.427438][T25247]  copy_mm+0xc7e/0x13e0
[  641.431439][T25247]  ? copy_signal+0x610/0x610
[  641.435853][T25247]  ? __init_rwsem+0xd6/0x1c0
[  641.440284][T25247]  ? copy_signal+0x4e3/0x610
[  641.444710][T25247]  copy_process+0x1149/0x3290
[  641.449226][T25247]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  641.454255][T25247]  ? copy_clone_args_from_user+0x774/0x830
[  641.459897][T25247]  kernel_clone+0x21e/0x9e0
[  641.464238][T25247]  ? __delayed_free_task+0x20/0x20
[  641.469185][T25247]  ? vfs_write+0x9ec/0x1110
[  641.473523][T25247]  ? create_io_thread+0x1e0/0x1e0
[  641.478388][T25247]  __x64_sys_clone3+0x376/0x3a0
[  641.483069][T25247]  ? __ia32_sys_clone+0x290/0x290
[  641.487935][T25247]  ? fput+0x1a/0x20
[  641.491577][T25247]  ? debug_smp_processor_id+0x17/0x20
[  641.496782][T25247]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  641.502684][T25247]  ? exit_to_user_mode_prepare+0x39/0xa0
[  641.508151][T25247]  do_syscall_64+0x3d/0xb0
[  641.512407][T25247]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  641.518136][T25247] RIP: 0033:0x7f19fd5aeda9
[  641.522389][T25247] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  641.543929][T25247] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  641.552156][T25247] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  641.559967][T25247] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "78e2baab0c522b028f8eb42585b793ab5783c1c5ad4e50ee5c7b1a0759cab35213a1fd8e034af5703aef6eb098cdd561f2bafd1962d82d3c04d6b8bb424c3a76", 0x31}, 0x48, r0) (async)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "78e2baab0c522b028f8eb42585b793ab5783c1c5ad4e50ee5c7b1a0759cab35213a1fd8e034af5703aef6eb098cdd561f2bafd1962d82d3c04d6b8bb424c3a76", 0x31}, 0x48, r0)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1e000000000000faff1401f19c05a24364b5548cdac68b45a75305e6dec856907de0510a0a7467f09e56a244e970c14d52f35639d072104897556e8a395ad687dacedadc88d04f235644e9da3a42ed52fed2ba25a7ec758408cd3e6166b788c0a54954657f72907cd18685ccd348b1ea120b9e5557aea2ab6fb3283515f7dede4ab0b9403219ab77149bba"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="1e000000000000faff1401f19c05a24364b5548cdac68b45a75305e6dec856907de0510a0a7467f09e56a244e970c14d52f35639d072104897556e8a395ad687dacedadc88d04f235644e9da3a42ed52fed2ba25a7ec758408cd3e6166b788c0a54954657f72907cd18685ccd348b1ea120b9e5557aea2ab6fb3283515f7dede4ab0b9403219ab77149bba"], 0x28}}, 0x0) (async)

10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffa)
r1 = add_key$keyring(&(0x7f0000000280), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r1) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @val={0xc}}}}, 0x28}}, 0x0)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x76}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24040080)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000080)={&(0x7f0000000380)="98097aeee10b4b48c2c2badb7e9b5bdeab345314e03a2630c0dfe33f6ea9b47e12252712e641498efb947fbe443498fc2356381045e94f86da21c256f7c354f12c7ea8b45fea6414b4e8e5a36ce0e6be7465a64c001f3a4236d2e69c68aafb217a64aa6609f6ff19a4728949273cdc401b1c6d15a977665f0c7edbc22e4f329befe2e086a0fe85bc83fa29a84e3e8b2138adc47b08a4ed2009c769db212803547f32c2108e94ffe71d3694c2c8f2b02744628cd0d97838b3d8515debc0c7ebac59223d994a413db342c440e3f6b2c5c3075aecc46063ab376aeecdae7292b30000121b7edad6df1f297304bf2570bb6aa0c835cd680b29672a43ff3ff56970b64fbc137b4f3082cd6c3a96ffba92ef7a8cf2f5b8fb0c51b785461c97810c8cea5d00000000d3622d6afbc50b80ef254e384ecf80af3ba3d0463476243e764c6a60fa2b2e0168f76cc08c8b57d17da6bae08beebf0000000000000000001000009a93345e49026b3d09e7382c9f1cc0b7fe5366c10d04c2f36d34cf34ec4ed5342e6ad328ca1f014660cf4ec4fafbffa35e5102233d5622e68c6e528e690a8108fbedb2c7932675c7abc0d316df4a46b4abd8e481ddbdb3c6cf5bad9332651f324ed924ae74567129edfedbbe90c54e62830f285b8956b38d4c1dd66d63476d8cb119089f3d55e0b31ac6dbdcb6a5880db4bfe2569d23e9078cbd1c024344177ab7f795e0999f1835ed80ba4379b9823c479794d9fd8971d06af2944ed1964a2c6ad416fb6b5204fd82c9925c09cbec6599a35e6c683ec4deb92484156d571eb274fff8e1b40de298b19a42d6299283875c4503695877756493ee6936443c2efab1d92d744f700308e28ba2d539e273e59149", 0x272}, 0x1, 0x0, 0x0, 0x24000481}, 0x4015)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x2040, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x117}, @val={0xc}}}}, 0x28}}, 0x0) (async)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x38, r2, 0x8, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x0, 0x76}}}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x7}, @NL80211_ATTR_CHANNEL_WIDTH={0x8, 0x9f, 0x7}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0x8}]]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x24040080) (async)
sendmsg$802154_raw(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, @none={0x0, 0x3}}, 0x14, &(0x7f0000000080)={&(0x7f0000000380)="98097aeee10b4b48c2c2badb7e9b5bdeab345314e03a2630c0dfe33f6ea9b47e12252712e641498efb947fbe443498fc2356381045e94f86da21c256f7c354f12c7ea8b45fea6414b4e8e5a36ce0e6be7465a64c001f3a4236d2e69c68aafb217a64aa6609f6ff19a4728949273cdc401b1c6d15a977665f0c7edbc22e4f329befe2e086a0fe85bc83fa29a84e3e8b2138adc47b08a4ed2009c769db212803547f32c2108e94ffe71d3694c2c8f2b02744628cd0d97838b3d8515debc0c7ebac59223d994a413db342c440e3f6b2c5c3075aecc46063ab376aeecdae7292b30000121b7edad6df1f297304bf2570bb6aa0c835cd680b29672a43ff3ff56970b64fbc137b4f3082cd6c3a96ffba92ef7a8cf2f5b8fb0c51b785461c97810c8cea5d00000000d3622d6afbc50b80ef254e384ecf80af3ba3d0463476243e764c6a60fa2b2e0168f76cc08c8b57d17da6bae08beebf0000000000000000001000009a93345e49026b3d09e7382c9f1cc0b7fe5366c10d04c2f36d34cf34ec4ed5342e6ad328ca1f014660cf4ec4fafbffa35e5102233d5622e68c6e528e690a8108fbedb2c7932675c7abc0d316df4a46b4abd8e481ddbdb3c6cf5bad9332651f324ed924ae74567129edfedbbe90c54e62830f285b8956b38d4c1dd66d63476d8cb119089f3d55e0b31ac6dbdcb6a5880db4bfe2569d23e9078cbd1c024344177ab7f795e0999f1835ed80ba4379b9823c479794d9fd8971d06af2944ed1964a2c6ad416fb6b5204fd82c9925c09cbec6599a35e6c683ec4deb92484156d571eb274fff8e1b40de298b19a42d6299283875c4503695877756493ee6936443c2efab1d92d744f700308e28ba2d539e273e59149", 0x272}, 0x1, 0x0, 0x0, 0x24000481}, 0x4015) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)

[  641.567866][T25247] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  641.575677][T25247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  641.583491][T25247] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  641.591299][T25247]  </TASK>
10:01:16 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 67)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair(0x2300bb40c57fb3ec, 0x5, 0x1bb, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040), &(0x7f0000000080)=0x4)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "78e2baab0c522b028f8eb42585b793ab5783c1c5ad4e50ee5c7b1a0759cab35213a1fd8e034af5703aef6eb098cdd561f2bafd1962d82d3c04d6b8bb424c3a76", 0x31}, 0x48, r0)

10:01:16 executing program 3:
r0 = syz_open_dev$rtc(&(0x7f0000000080), 0x7d3, 0x280002)
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f00000000c0))
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
socketpair(0x2300bb40c57fb3ec, 0x5, 0x1bb, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040), &(0x7f0000000080)=0x4)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
keyctl$clear(0x7, r0)

[  641.644510][T25298] FAULT_INJECTION: forcing a failure.
[  641.644510][T25298] name failslab, interval 1, probability 0, space 0, times 0
[  641.671432][T25298] CPU: 0 PID: 25298 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  641.681601][T25298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
10:01:16 executing program 3:
r0 = syz_open_dev$rtc(&(0x7f0000000080), 0x7d3, 0x280002)
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f00000000c0))
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)
syz_open_dev$rtc(&(0x7f0000000080), 0x7d3, 0x280002) (async)
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f00000000c0)) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async)
keyctl$link(0x3, r1, 0x0) (async)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$clear(0x7, r0)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair(0x2300bb40c57fb3ec, 0x5, 0x1bb, &(0x7f0000000000)) (async)
socketpair(0x2300bb40c57fb3ec, 0x5, 0x1bb, &(0x7f0000000000)={<r2=>0xffffffffffffffff})
getsockopt$TIPC_DEST_DROPPABLE(r2, 0x10f, 0x81, &(0x7f0000000040), &(0x7f0000000080)=0x4)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
keyctl$clear(0x7, r0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$clear(0x7, r0) (async)

10:01:16 executing program 3:
r0 = syz_open_dev$rtc(&(0x7f0000000080), 0x7d3, 0x280002)
ioctl$RTC_ALM_READ(r0, 0x80247008, &(0x7f00000000c0)) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async, rerun: 64)
keyctl$link(0x3, r1, 0x0) (rerun: 64)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x28}}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)

10:01:16 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 68)

[  641.691508][T25298] Call Trace:
[  641.691521][T25298]  <TASK>
[  641.691531][T25298]  dump_stack_lvl+0x151/0x1b7
[  641.691562][T25298]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x2}, r0)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0)
keyctl$reject(0x13, r0, 0x8000000000000000, 0x2, r1)
keyctl$unlink(0x9, r0, r1)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x28}}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x28}}, 0x0) (async)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) (async)

[  641.691586][T25298]  dump_stack+0x15/0x17
[  641.691605][T25298]  should_fail+0x3c6/0x510
10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x2}, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r0, 0x8000000000000000, 0x2, r1)
keyctl$unlink(0x9, r0, r1)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=ANY=[], 0x28}}, 0x0)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)

10:01:16 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 69)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)
getuid()
keyctl$link(0x3, r1, 0x0)
keyctl$unlink(0x9, r0, 0xfffffffffffffffa)
r3 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "80426626c1d81d0534e7ce681c67b798acaf9d1e101eee1901bf68058c090fa30a72219f01119d54e1507fe39c07dbc3276470c0a8e521b757fed6d360e99d5a", 0x28}, 0x48, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r1, r3, r1, 0x0)
keyctl$unlink(0x9, r3, r1)
keyctl$unlink(0x9, r0, r1)
keyctl$search(0xa, r1, &(0x7f0000000300)='pkcs7_test\x00', &(0x7f0000000340)={'syz', 0x2}, r0)
socket(0x18, 0x4, 0xac01)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc4}, &(0x7f0000000280)={0x0, "0d4efbfe26fdbc0275bb951a9b0e766668f3d3eb915236490dab095a893fc8070c28aeaf8d88265feaffffae3ab04a872f2b52ad6768e26f726fb58751b9acca", 0x2a}, 0x48, r0)

10:01:16 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$search(0xa, r0, &(0x7f0000000080)='cifs.spnego\x00', &(0x7f00000000c0)={'syz', 0x2}, r0) (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$reject(0x13, r0, 0x8000000000000000, 0x2, r1)
keyctl$unlink(0x9, r0, r1)

[  641.691627][T25298]  __should_failslab+0xa4/0xe0
[  641.691651][T25298]  ? anon_vma_clone+0x9a/0x500
[  641.691670][T25298]  should_failslab+0x9/0x20
[  641.691691][T25298]  slab_pre_alloc_hook+0x37/0xd0
[  641.691716][T25298]  ? anon_vma_clone+0x9a/0x500
[  641.691734][T25298]  kmem_cache_alloc+0x44/0x200
10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x840)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0) (async, rerun: 64)
getuid() (async, rerun: 64)
keyctl$link(0x3, r1, 0x0) (async, rerun: 64)
keyctl$unlink(0x9, r0, 0xfffffffffffffffa) (rerun: 64)
r3 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "80426626c1d81d0534e7ce681c67b798acaf9d1e101eee1901bf68058c090fa30a72219f01119d54e1507fe39c07dbc3276470c0a8e521b757fed6d360e99d5a", 0x28}, 0x48, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r1, r3, r1, 0x0)
keyctl$unlink(0x9, r3, r1)
keyctl$unlink(0x9, r0, r1) (async)
keyctl$search(0xa, r1, &(0x7f0000000300)='pkcs7_test\x00', &(0x7f0000000340)={'syz', 0x2}, r0) (async, rerun: 64)
socket(0x18, 0x4, 0xac01) (async, rerun: 64)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) (async, rerun: 64)
add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc4}, &(0x7f0000000280)={0x0, "0d4efbfe26fdbc0275bb951a9b0e766668f3d3eb915236490dab095a893fc8070c28aeaf8d88265feaffffae3ab04a872f2b52ad6768e26f726fb58751b9acca", 0x2a}, 0x48, r0) (rerun: 64)

10:01:16 executing program 3:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00009b", @ANYRES16=r0, @ANYBLOB="10002abd7000fddbdf250a00000005002e00000000000500380001000000050030000100000005002e000000000008003400ff0000000500380001000000050038000100000008000600", @ANYRES32=r1, @ANYBLOB="0500350001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf4ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfa7}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
r4 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000340)=0x2, &(0x7f0000000380)=0x4)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r5)
keyctl$link(0x3, r5, 0x0)

[  641.691758][T25298]  anon_vma_clone+0x9a/0x500
[  641.691778][T25298]  anon_vma_fork+0x91/0x4e0
[  641.691797][T25298]  ? anon_vma_name+0x43/0x70
10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x840)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = getuid()
keyctl$get_persistent(0x16, r2, r0)
getuid()
keyctl$link(0x3, r1, 0x0)
keyctl$unlink(0x9, r0, 0xfffffffffffffffa)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "80426626c1d81d0534e7ce681c67b798acaf9d1e101eee1901bf68058c090fa30a72219f01119d54e1507fe39c07dbc3276470c0a8e521b757fed6d360e99d5a", 0x28}, 0x48, 0xfffffffffffffffa) (async)
r3 = add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "80426626c1d81d0534e7ce681c67b798acaf9d1e101eee1901bf68058c090fa30a72219f01119d54e1507fe39c07dbc3276470c0a8e521b757fed6d360e99d5a", 0x28}, 0x48, 0xfffffffffffffffa)
keyctl$KEYCTL_MOVE(0x1e, r1, r3, r1, 0x0)
keyctl$unlink(0x9, r3, r1) (async)
keyctl$unlink(0x9, r3, r1)
keyctl$unlink(0x9, r0, r1)
keyctl$search(0xa, r1, &(0x7f0000000300)='pkcs7_test\x00', &(0x7f0000000340)={'syz', 0x2}, r0) (async)
keyctl$search(0xa, r1, &(0x7f0000000300)='pkcs7_test\x00', &(0x7f0000000340)={'syz', 0x2}, r0)
socket(0x18, 0x4, 0xac01) (async)
socket(0x18, 0x4, 0xac01)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) (async)
add_key$keyring(&(0x7f0000000380), &(0x7f00000003c0)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc)
add_key$fscrypt_v1(&(0x7f0000000200), &(0x7f0000000240)={'fscrypt:', @desc4}, &(0x7f0000000280)={0x0, "0d4efbfe26fdbc0275bb951a9b0e766668f3d3eb915236490dab095a893fc8070c28aeaf8d88265feaffffae3ab04a872f2b52ad6768e26f726fb58751b9acca", 0x2a}, 0x48, r0)

10:01:16 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 70)

10:01:16 executing program 3:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00009b", @ANYRES16=r0, @ANYBLOB="10002abd7000fddbdf250a00000005002e00000000000500380001000000050030000100000005002e000000000008003400ff0000000500380001000000050038000100000008000600", @ANYRES32=r1, @ANYBLOB="0500350001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf4ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfa7}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
r4 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000340)=0x2, &(0x7f0000000380)=0x4)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r5)
keyctl$link(0x3, r5, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00009b", @ANYRES16=r0, @ANYBLOB="10002abd7000fddbdf250a00000005002e00000000000500380001000000050030000100000005002e000000000008003400ff0000000500380001000000050038000100000008000600", @ANYRES32=r1, @ANYBLOB="0500350001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) (async)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf4ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfa7}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) (async)
socket$bt_hidp(0x1f, 0x3, 0x6) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000340)=0x2, &(0x7f0000000380)=0x4) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r5) (async)
keyctl$link(0x3, r5, 0x0) (async)

[  641.691815][T25298]  ? vm_area_dup+0x17a/0x230
[  641.691839][T25298]  copy_mm+0xa3a/0x13e0
[  641.691888][T25298]  ? copy_signal+0x610/0x610
[  641.691931][T25298]  ? __init_rwsem+0xd6/0x1c0
[  641.691955][T25298]  ? copy_signal+0x4e3/0x610
[  641.691980][T25298]  copy_process+0x1149/0x3290
[  641.692009][T25298]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  641.692035][T25298]  ? copy_clone_args_from_user+0x774/0x830
10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0x1, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180)='%pI4   \x00'}, 0x20)
r2 = syz_io_uring_setup(0x77df, &(0x7f0000000340)={0x0, 0x6fc4, 0x20, 0x1, 0x378}, &(0x7f00000003c0), &(0x7f0000000400))
syz_io_uring_setup(0x47bb, &(0x7f0000000440)={0x0, 0x8d01, 0x6a2687bbb24b1985, 0x3, 0x39f, 0x0, r2}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000500))
r4 = syz_io_uring_complete(r3)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40103d0b, &(0x7f0000000300)={0x8})
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0)
r6 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r6)
keyctl$link(0x3, r5, 0x0)

10:01:16 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_STOP_AP(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {{}, {@void, @void}}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x840)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0x1, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180)='%pI4   \x00'}, 0x20)
r2 = syz_io_uring_setup(0x77df, &(0x7f0000000340)={0x0, 0x6fc4, 0x20, 0x1, 0x378}, &(0x7f00000003c0), &(0x7f0000000400))
syz_io_uring_setup(0x47bb, &(0x7f0000000440)={0x0, 0x8d01, 0x6a2687bbb24b1985, 0x3, 0x39f, 0x0, r2}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000500))
r4 = syz_io_uring_complete(r3)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40103d0b, &(0x7f0000000300)={0x8}) (async)
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0) (async)
r6 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r6) (async)
keyctl$link(0x3, r5, 0x0)

[  641.692058][T25298]  kernel_clone+0x21e/0x9e0
[  641.692082][T25298]  ? __delayed_free_task+0x20/0x20
[  641.692102][T25298]  ? vfs_write+0x9ec/0x1110
[  641.692122][T25298]  ? create_io_thread+0x1e0/0x1e0
[  641.692149][T25298]  __x64_sys_clone3+0x376/0x3a0
[  641.692174][T25298]  ? __ia32_sys_clone+0x290/0x290
[  641.692200][T25298]  ? fput+0x1a/0x20
[  641.692222][T25298]  ? debug_smp_processor_id+0x17/0x20
[  641.692245][T25298]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  641.692271][T25298]  ? exit_to_user_mode_prepare+0x39/0xa0
10:01:16 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x0, 0x622, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1f0f}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff7ba0}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x8001}, 0x4000010)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:16 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={0x1, <r1=>0xffffffffffffffff}, 0x4)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180)='%pI4   \x00'}, 0x20) (async)
r2 = syz_io_uring_setup(0x77df, &(0x7f0000000340)={0x0, 0x6fc4, 0x20, 0x1, 0x378}, &(0x7f00000003c0), &(0x7f0000000400))
syz_io_uring_setup(0x47bb, &(0x7f0000000440)={0x0, 0x8d01, 0x6a2687bbb24b1985, 0x3, 0x39f, 0x0, r2}, &(0x7f00000004c0)=<r3=>0x0, &(0x7f0000000500))
r4 = syz_io_uring_complete(r3)
ioctl$PTP_EXTTS_REQUEST2(r4, 0x40103d0b, &(0x7f0000000300)={0x8})
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0) (async)
r6 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, r6)
keyctl$link(0x3, r5, 0x0)

10:01:17 executing program 3:
r0 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00', <r1=>0x0})
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00009b", @ANYRES16=r0, @ANYBLOB="10002abd7000fddbdf250a00000005002e00000000000500380001000000050030000100000005002e000000000008003400ff0000000500380001000000050038000100000008000600", @ANYRES32=r1, @ANYBLOB="0500350001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf4ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfa7}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40)
r4 = socket$bt_hidp(0x1f, 0x3, 0x6)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000340)=0x2, &(0x7f0000000380)=0x4)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r5)
keyctl$link(0x3, r5, 0x0)
syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) (async)
sendmsg$BATADV_CMD_GET_GATEWAYS(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c00009b", @ANYRES16=r0, @ANYBLOB="10002abd7000fddbdf250a00000005002e00000000000500380001000000050030000100000005002e000000000008003400ff0000000500380001000000050038000100000008000600", @ANYRES32=r1, @ANYBLOB="0500350001000000"], 0x5c}, 0x1, 0x0, 0x0, 0x200080c0}, 0x8000) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000400), 0xffffffffffffffff) (async)
sendmsg$IPVS_CMD_DEL_DEST(r2, &(0x7f0000000540)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0x98, r3, 0x200, 0x70bd2a, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0xf4ff}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x40}, @IPVS_CMD_ATTR_DAEMON={0x38, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @mcast1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @multicast2}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xfa7}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x4}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e20}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e24}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x3}]}]}, 0x98}, 0x1, 0x0, 0x0, 0x20000000}, 0x40) (async)
socket$bt_hidp(0x1f, 0x3, 0x6) (async)
getsockopt$bt_BT_CHANNEL_POLICY(r4, 0x112, 0xa, &(0x7f0000000340)=0x2, &(0x7f0000000380)=0x4) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc3}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r5) (async)
keyctl$link(0x3, r5, 0x0) (async)

[  641.692295][T25298]  do_syscall_64+0x3d/0xb0
[  641.692321][T25298]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  641.692348][T25298] RIP: 0033:0x7f19fd5aeda9
[  641.692368][T25298] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  641.692388][T25298] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  641.692415][T25298] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x0, 0x622, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1f0f}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff7ba0}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x8001}, 0x4000010) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  641.692432][T25298] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  641.692447][T25298] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  641.692462][T25298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  641.692476][T25298] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  641.692495][T25298]  </TASK>
[  641.777624][T25342] FAULT_INJECTION: forcing a failure.
[  641.777624][T25342] name failslab, interval 1, probability 0, space 0, times 0
[  641.777661][T25342] CPU: 1 PID: 25342 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  641.777695][T25342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  641.777711][T25342] Call Trace:
[  641.777719][T25342]  <TASK>
[  641.777728][T25342]  dump_stack_lvl+0x151/0x1b7
[  641.777757][T25342]  ? io_uring_drop_tctx_refs+0x190/0x190
[  641.777783][T25342]  dump_stack+0x15/0x17
[  641.777811][T25342]  should_fail+0x3c6/0x510
[  641.777834][T25342]  __should_failslab+0xa4/0xe0
[  641.777859][T25342]  ? anon_vma_clone+0x9a/0x500
[  641.777880][T25342]  should_failslab+0x9/0x20
[  641.777902][T25342]  slab_pre_alloc_hook+0x37/0xd0
[  641.777928][T25342]  ? anon_vma_clone+0x9a/0x500
[  641.777952][T25342]  kmem_cache_alloc+0x44/0x200
[  641.777976][T25342]  anon_vma_clone+0x9a/0x500
[  641.777999][T25342]  anon_vma_fork+0x91/0x4e0
[  641.778018][T25342]  ? anon_vma_name+0x43/0x70
[  641.778037][T25342]  ? vm_area_dup+0x17a/0x230
[  641.778061][T25342]  copy_mm+0xa3a/0x13e0
[  641.778088][T25342]  ? copy_signal+0x610/0x610
[  641.778112][T25342]  ? __init_rwsem+0xd6/0x1c0
[  641.778134][T25342]  ? copy_signal+0x4e3/0x610
[  641.778159][T25342]  copy_process+0x1149/0x3290
[  641.778188][T25342]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  641.778213][T25342]  ? copy_clone_args_from_user+0x774/0x830
[  641.778236][T25342]  kernel_clone+0x21e/0x9e0
[  641.778259][T25342]  ? __delayed_free_task+0x20/0x20
[  641.778279][T25342]  ? vfs_write+0x9ec/0x1110
[  641.778303][T25342]  ? create_io_thread+0x1e0/0x1e0
[  641.778330][T25342]  __x64_sys_clone3+0x376/0x3a0
[  641.778355][T25342]  ? __ia32_sys_clone+0x290/0x290
[  641.778382][T25342]  ? fput+0x1a/0x20
[  641.778404][T25342]  ? debug_smp_processor_id+0x17/0x20
[  641.778428][T25342]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  641.778465][T25342]  ? exit_to_user_mode_prepare+0x39/0xa0
[  641.778488][T25342]  do_syscall_64+0x3d/0xb0
[  641.778508][T25342]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  641.778534][T25342] RIP: 0033:0x7f19fd5aeda9
[  641.778551][T25342] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  641.778570][T25342] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  641.778595][T25342] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  641.778611][T25342] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  641.778630][T25342] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  641.778645][T25342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  641.778658][T25342] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  641.778677][T25342]  </TASK>
[  641.854039][T25366] FAULT_INJECTION: forcing a failure.
[  641.854039][T25366] name failslab, interval 1, probability 0, space 0, times 0
[  641.854070][T25366] CPU: 1 PID: 25366 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  641.854094][T25366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  641.854107][T25366] Call Trace:
[  641.854114][T25366]  <TASK>
[  641.854121][T25366]  dump_stack_lvl+0x151/0x1b7
[  641.854147][T25366]  ? io_uring_drop_tctx_refs+0x190/0x190
[  641.854170][T25366]  dump_stack+0x15/0x17
[  641.854186][T25366]  should_fail+0x3c6/0x510
[  641.854207][T25366]  __should_failslab+0xa4/0xe0
[  641.854230][T25366]  ? anon_vma_clone+0x9a/0x500
[  641.854248][T25366]  should_failslab+0x9/0x20
[  641.854268][T25366]  slab_pre_alloc_hook+0x37/0xd0
[  641.854290][T25366]  ? anon_vma_clone+0x9a/0x500
[  641.854308][T25366]  kmem_cache_alloc+0x44/0x200
[  641.854329][T25366]  anon_vma_clone+0x9a/0x500
[  641.854350][T25366]  anon_vma_fork+0x91/0x4e0
[  641.854369][T25366]  ? anon_vma_name+0x43/0x70
[  641.854386][T25366]  ? vm_area_dup+0x17a/0x230
[  641.854409][T25366]  copy_mm+0xa3a/0x13e0
[  641.854433][T25366]  ? copy_signal+0x610/0x610
[  641.854455][T25366]  ? __init_rwsem+0xd6/0x1c0
[  641.854475][T25366]  ? copy_signal+0x4e3/0x610
[  641.854498][T25366]  copy_process+0x1149/0x3290
[  641.854524][T25366]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  641.854547][T25366]  ? copy_clone_args_from_user+0x774/0x830
[  641.854567][T25366]  kernel_clone+0x21e/0x9e0
[  641.854589][T25366]  ? __delayed_free_task+0x20/0x20
[  641.854606][T25366]  ? vfs_write+0x9ec/0x1110
[  641.854625][T25366]  ? create_io_thread+0x1e0/0x1e0
[  641.854649][T25366]  __x64_sys_clone3+0x376/0x3a0
[  641.854672][T25366]  ? __ia32_sys_clone+0x290/0x290
[  641.854696][T25366]  ? fput+0x1a/0x20
[  641.854716][T25366]  ? debug_smp_processor_id+0x17/0x20
[  641.854737][T25366]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  641.854760][T25366]  ? exit_to_user_mode_prepare+0x39/0xa0
[  641.854782][T25366]  do_syscall_64+0x3d/0xb0
[  641.854808][T25366]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  641.854834][T25366] RIP: 0033:0x7f19fd5aeda9
[  641.854851][T25366] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  641.854871][T25366] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  641.854895][T25366] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  641.854911][T25366] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  641.854925][T25366] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  641.854939][T25366] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  641.854952][T25366] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  641.854970][T25366]  </TASK>
[  641.938713][T25384] FAULT_INJECTION: forcing a failure.
[  641.938713][T25384] name failslab, interval 1, probability 0, space 0, times 0
[  641.938785][T25384] CPU: 1 PID: 25384 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  641.938810][T25384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  641.938824][T25384] Call Trace:
[  641.938830][T25384]  <TASK>
[  641.938837][T25384]  dump_stack_lvl+0x151/0x1b7
[  641.938864][T25384]  ? io_uring_drop_tctx_refs+0x190/0x190
[  641.938887][T25384]  dump_stack+0x15/0x17
[  641.938906][T25384]  should_fail+0x3c6/0x510
[  641.938928][T25384]  __should_failslab+0xa4/0xe0
[  642.686346][T25384]  ? anon_vma_fork+0xf7/0x4e0
[  642.690848][T25384]  should_failslab+0x9/0x20
[  642.695187][T25384]  slab_pre_alloc_hook+0x37/0xd0
[  642.699958][T25384]  ? anon_vma_fork+0xf7/0x4e0
[  642.704468][T25384]  kmem_cache_alloc+0x44/0x200
[  642.709070][T25384]  anon_vma_fork+0xf7/0x4e0
[  642.713410][T25384]  ? anon_vma_name+0x43/0x70
[  642.717836][T25384]  ? vm_area_dup+0x17a/0x230
[  642.722261][T25384]  copy_mm+0xa3a/0x13e0
[  642.726255][T25384]  ? copy_signal+0x610/0x610
[  642.730680][T25384]  ? __init_rwsem+0xd6/0x1c0
[  642.735107][T25384]  ? copy_signal+0x4e3/0x610
[  642.739541][T25384]  copy_process+0x1149/0x3290
[  642.744050][T25384]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  642.748995][T25384]  ? copy_clone_args_from_user+0x774/0x830
[  642.754639][T25384]  kernel_clone+0x21e/0x9e0
[  642.759062][T25384]  ? __delayed_free_task+0x20/0x20
[  642.764008][T25384]  ? vfs_write+0x9ec/0x1110
[  642.768349][T25384]  ? create_io_thread+0x1e0/0x1e0
[  642.773218][T25384]  __x64_sys_clone3+0x376/0x3a0
[  642.777900][T25384]  ? __ia32_sys_clone+0x290/0x290
[  642.782761][T25384]  ? fput+0x1a/0x20
[  642.786405][T25384]  ? debug_smp_processor_id+0x17/0x20
[  642.791609][T25384]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  642.797518][T25384]  ? exit_to_user_mode_prepare+0x39/0xa0
[  642.802981][T25384]  do_syscall_64+0x3d/0xb0
[  642.807241][T25384]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  642.812964][T25384] RIP: 0033:0x7f19fd5aeda9
[  642.817221][T25384] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  642.836658][T25384] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  642.844899][T25384] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  642.852711][T25384] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x1}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, r2)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)=',@,-}(#,^^-)(-[,\x00')
keyctl$unlink(0x9, r0, r2)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r1)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, r2)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)=',@,-}(#,^^-)(-[,\x00')
keyctl$unlink(0x9, r0, r2)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r1)
add_key$keyring(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
keyctl$link(0x3, r2, r2) (async)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)=',@,-}(#,^^-)(-[,\x00') (async)
keyctl$unlink(0x9, r0, r2) (async)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r1) (async)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1) (async)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000200)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, r2)
keyctl$restrict_keyring(0x1d, r1, 0x0, &(0x7f00000000c0)=',@,-}(#,^^-)(-[,\x00')
keyctl$unlink(0x9, r0, r2)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r1)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x0, 0x622, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1f0f}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff7ba0}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x8001}, 0x4000010)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x50, 0x0, 0x622, 0x70bd25, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1ff}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1f0f}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xffff7ba0}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x6}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80000001}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x8001}, 0x4000010) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r1)
keyctl$link(0x3, r1, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, r2)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$reject(0x13, r0, 0x3, 0x10000, r0)
keyctl$link(0x10, r2, 0x0)
keyctl$search(0xa, r2, &(0x7f00000000c0)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "db68f0e94e50221af5a7f5f20d0ca024"}, @NL80211_ATTR_PMKID={0x14, 0x55, "700119b2b11596aa88a22ab6824d4352"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x48}}, 0x40004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:17 executing program 3:
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, &(0x7f00000002c0), 0x14)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xb3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x40}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}]}, 0x68}, 0x1, 0x0, 0x0, 0x48010}, 0x8813)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x602a8149}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x80, r3, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x61}, @NL80211_ATTR_MAC={0xa, 0x6, @random="1cbbf1d0af51"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xd}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x6}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK={0x14, 0xfe, "3eb98e025a14016abd6d20d43e7e4082"}, @NL80211_ATTR_PMK={0x14, 0xfe, "568bd004699e2d6b72eac9f415629216"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x15}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x4008000)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$KEYCTL_MOVE(0x1e, r5, r2, r5, 0x1)
keyctl$negate(0xd, r5, 0x8, r2)
keyctl$link(0x3, r2, 0x0)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$reject(0x13, r0, 0x3, 0x10000, r0)
keyctl$link(0x10, r2, 0x0)
keyctl$search(0xa, r2, &(0x7f00000000c0)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x8, r0, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc) (async)
keyctl$reject(0x13, r0, 0x3, 0x10000, r0) (async)
keyctl$link(0x10, r2, 0x0) (async)
keyctl$search(0xa, r2, &(0x7f00000000c0)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) (async)
keyctl$link(0x3, r1, 0x0) (async)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "db68f0e94e50221af5a7f5f20d0ca024"}, @NL80211_ATTR_PMKID={0x14, 0x55, "700119b2b11596aa88a22ab6824d4352"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x48}}, 0x40004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r2 = add_key$keyring(&(0x7f0000000140), &(0x7f0000000180)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffc)
keyctl$reject(0x13, r0, 0x3, 0x10000, r0) (async)
keyctl$link(0x10, r2, 0x0) (async)
keyctl$search(0xa, r2, &(0x7f00000000c0)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1) (async)
keyctl$KEYCTL_MOVE(0x1e, r0, r1, r2, 0x0) (async)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 3:
socket(0x2, 0x3, 0x5) (async)
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, &(0x7f00000002c0), 0x14) (async)
bind$802154_raw(r0, &(0x7f00000002c0), 0x14)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xb3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x40}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}]}, 0x68}, 0x1, 0x0, 0x0, 0x48010}, 0x8813)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x602a8149}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x80, r3, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x61}, @NL80211_ATTR_MAC={0xa, 0x6, @random="1cbbf1d0af51"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xd}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x6}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK={0x14, 0xfe, "3eb98e025a14016abd6d20d43e7e4082"}, @NL80211_ATTR_PMK={0x14, 0xfe, "568bd004699e2d6b72eac9f415629216"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x15}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x4008000)
add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2) (async)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$KEYCTL_MOVE(0x1e, r5, r2, r5, 0x1) (async)
keyctl$KEYCTL_MOVE(0x1e, r5, r2, r5, 0x1)
keyctl$negate(0xd, r5, 0x8, r2)
keyctl$link(0x3, r2, 0x0)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1)
keyctl$unlink(0x9, r0, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 3:
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, &(0x7f00000002c0), 0x14) (async)
bind$802154_raw(r0, &(0x7f00000002c0), 0x14)
r1 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xb3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x40}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}]}, 0x68}, 0x1, 0x0, 0x0, 0x48010}, 0x8813) (async)
sendmsg$BATADV_CMD_SET_VLAN(r0, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000280)={&(0x7f0000000200)={0x68, r1, 0x800, 0x70bd2c, 0x25dfdbff, {}, [@BATADV_ATTR_TPMETER_TEST_TIME={0x8, 0xb, 0x80000000}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0xb3}, @BATADV_ATTR_ORIG_INTERVAL={0x8, 0x39, 0x40}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @multicast}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x8}, @BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x4}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0x80000001}]}, 0x68}, 0x1, 0x0, 0x0, 0x48010}, 0x8813)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_PMKSA(r0, &(0x7f0000000480)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x602a8149}, 0xc, &(0x7f0000000440)={&(0x7f00000003c0)={0x80, r3, 0x400, 0x70bd2b, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x61}, @NL80211_ATTR_MAC={0xa, 0x6, @random="1cbbf1d0af51"}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xd}, @NL80211_ATTR_PMK_LIFETIME={0x8, 0x11f, 0x6}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x1}, @NL80211_ATTR_PMK={0x14, 0xfe, "3eb98e025a14016abd6d20d43e7e4082"}, @NL80211_ATTR_PMK={0x14, 0xfe, "568bd004699e2d6b72eac9f415629216"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x15}]}, 0x80}, 0x1, 0x0, 0x0, 0x4}, 0x4008000)
r5 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r2)
keyctl$KEYCTL_MOVE(0x1e, r5, r2, r5, 0x1) (async)
keyctl$KEYCTL_MOVE(0x1e, r5, r2, r5, 0x1)
keyctl$negate(0xd, r5, 0x8, r2)
keyctl$link(0x3, r2, 0x0) (async)
keyctl$link(0x3, r2, 0x0)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "db68f0e94e50221af5a7f5f20d0ca024"}, @NL80211_ATTR_PMKID={0x14, 0x55, "700119b2b11596aa88a22ab6824d4352"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x48}}, 0x40004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_DEL_PMKSA(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfb, {{}, {@void, @void}}, [@NL80211_ATTR_PMK={0x14, 0xfe, "db68f0e94e50221af5a7f5f20d0ca024"}, @NL80211_ATTR_PMKID={0x14, 0x55, "700119b2b11596aa88a22ab6824d4352"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}]}, 0x48}}, 0x40004) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r3 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r3)
setsockopt$TIPC_MCAST_REPLICAST(r3, 0x10f, 0x86)
keyctl$link(0x3, r0, 0x0)
keyctl$search(0xa, r2, &(0x7f0000000080)='encrypted\x00', &(0x7f00000000c0)={'syz', 0x0}, r2)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r3 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r3) (async)
setsockopt$TIPC_MCAST_REPLICAST(r3, 0x10f, 0x86) (async)
keyctl$link(0x3, r0, 0x0) (async)
keyctl$search(0xa, r2, &(0x7f0000000080)='encrypted\x00', &(0x7f00000000c0)={'syz', 0x0}, r2)

10:01:17 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 71)

10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = getuid()
keyctl$get_persistent(0x16, r1, r0)
r2 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r3 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, r3)
setsockopt$TIPC_MCAST_REPLICAST(r3, 0x10f, 0x86)
keyctl$link(0x3, r0, 0x0)
keyctl$search(0xa, r2, &(0x7f0000000080)='encrypted\x00', &(0x7f00000000c0)={'syz', 0x0}, r2)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) (async)
keyctl$unlink(0x9, r0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x3c}}, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x34, r2, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xdf1a}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x825}, 0x4000000)

10:01:17 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58) (async)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0) (async)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff9)
keyctl$KEYCTL_MOVE(0x1e, r0, r0, r0, 0x1) (async)
keyctl$unlink(0x9, r0, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  642.860528][T25384] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  642.868334][T25384] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  642.876144][T25384] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  642.883959][T25384]  </TASK>
10:01:17 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)='logon\x00')
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r5, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x29, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc82, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x12000, 0x0, 0x0, 0x0, 0x9}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @generic={0x6e, 0x9, 0x1, 0x6, 0xffff}, @map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x90}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0xf0, &(0x7f0000000800)=""/240, 0xf1888c68e60994bb, 0x3, '\x00', 0x0, 0x25, r6, 0x8, &(0x7f0000000900)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000940)={0x5, 0xa, 0x10001, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0xad4}, 0x90)
getsockname$tipc(r2, &(0x7f0000000240), &(0x7f0000000280)=0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
keyctl$link(0x3, r0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)={0x11c, r3, 0x100, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_SCAN_SSIDS={0x68, 0x2d, 0x0, 0x1, [{0xd, 0x0, @random="8690ec48638d4216f5"}, {0xa, 0x0, @default_ibss_ssid}, {0xc, 0x0, @random="797f5d5efda23e44"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x22, 0x0, @random="b0cbfcbb8005d297a4275a6b36f385f125f61d8dbfc41dce0c5f0172c354"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x20}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x64, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x2eb9}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x4}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x3ff}, @NL80211_BAND_LC={0x8, 0x5, 0xd364}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xe72}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}]}, 0x11c}, 0x1, 0x0, 0x0, 0x880}, 0x80)
ioctl$RTC_VL_CLR(r2, 0x7014)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc1}, &(0x7f0000000340)={0x0, "24cbc4975b2e75c79d7bd9558aebe981f36806c705ff27229a1f850694c375531ecce495d0463824c45e74f7c235386a73f4b05ca1c95bb4bb87b627dfcfc764", 0x25}, 0x48, r1)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0)

10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x3c}}, 0x1)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x34, r2, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xdf1a}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x825}, 0x4000000)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x3c}}, 0x1) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x34, r2, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xdf1a}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x825}, 0x4000000) (async)

[  642.915789][T25512] FAULT_INJECTION: forcing a failure.
[  642.915789][T25512] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  642.929347][T25512] CPU: 1 PID: 25512 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  642.939509][T25512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  642.949403][T25512] Call Trace:
[  642.952532][T25512]  <TASK>
[  642.955308][T25512]  dump_stack_lvl+0x151/0x1b7
[  642.959817][T25512]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:17 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x3c, r2, 0x100, 0x70bd25, 0x25dfdbfe, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x9}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}]}, 0x3c}}, 0x1) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f00000001c0)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_TP_METER_CANCEL(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x34, r2, 0x2, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xdf1a}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x825}, 0x4000000)

10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0) (async)

[  642.965303][T25512]  ? _raw_spin_lock+0xa4/0x1b0
[  642.969884][T25512]  ? preempt_schedule+0xd9/0xe0
[  642.974743][T25512]  ? __kasan_check_read+0x11/0x20
[  642.979613][T25512]  dump_stack+0x15/0x17
[  642.983603][T25512]  should_fail+0x3c6/0x510
[  642.987855][T25512]  should_fail_alloc_page+0x5a/0x80
[  642.992997][T25512]  prepare_alloc_pages+0x15c/0x700
[  642.998059][T25512]  ? __kasan_check_write+0x14/0x20
[  643.003010][T25512]  ? __alloc_pages_bulk+0xe40/0xe40
[  643.008052][T25512]  ? copy_page_range+0x2d59/0x2f90
10:01:17 executing program 1:
r0 = add_key$keyring(&(0x7f0000000180), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffff8)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r0)

10:01:18 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0) (async)
r1 = getpid()
syz_pidfd_open(r1, 0x0) (async)
r2 = getpid()
syz_pidfd_open(r2, 0x0) (async)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0) (async)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
socket$pptp(0x18, 0x1, 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x20, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40042}, 0x8804)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="eae7b1010000004a7b35f59416aa14f60e87e6d4ace350ae2b92e8080bfd1b7f2e05e61295c4f759f41eed83ede25811f68471ba3ee745291f1902e12ac2997db6ca8dff12809a40"], 0x28}}, 0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
accept4$tipc(r3, 0x0, 0x0, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x28, 0x3f7, 0x200, 0x70bd28, 0x25dfdbfe, {0x7, 0x7, './file0', './file0'}}, 0x28}}, 0x4000010)

10:01:18 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0) (async)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)='logon\x00') (async)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2) (async)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r5, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800) (async)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x29, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc82, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x12000, 0x0, 0x0, 0x0, 0x9}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @generic={0x6e, 0x9, 0x1, 0x6, 0xffff}, @map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x90}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0xf0, &(0x7f0000000800)=""/240, 0xf1888c68e60994bb, 0x3, '\x00', 0x0, 0x25, r6, 0x8, &(0x7f0000000900)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000940)={0x5, 0xa, 0x10001, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0xad4}, 0x90) (async)
getsockname$tipc(r2, &(0x7f0000000240), &(0x7f0000000280)=0x10)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
keyctl$link(0x3, r0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)={0x11c, r3, 0x100, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_SCAN_SSIDS={0x68, 0x2d, 0x0, 0x1, [{0xd, 0x0, @random="8690ec48638d4216f5"}, {0xa, 0x0, @default_ibss_ssid}, {0xc, 0x0, @random="797f5d5efda23e44"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x22, 0x0, @random="b0cbfcbb8005d297a4275a6b36f385f125f61d8dbfc41dce0c5f0172c354"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x20}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x64, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x2eb9}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x4}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x3ff}, @NL80211_BAND_LC={0x8, 0x5, 0xd364}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xe72}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}]}, 0x11c}, 0x1, 0x0, 0x0, 0x880}, 0x80)
ioctl$RTC_VL_CLR(r2, 0x7014) (async)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc1}, &(0x7f0000000340)={0x0, "24cbc4975b2e75c79d7bd9558aebe981f36806c705ff27229a1f850694c375531ecce495d0463824c45e74f7c235386a73f4b05ca1c95bb4bb87b627dfcfc764", 0x25}, 0x48, r1)

[  643.013078][T25512]  __alloc_pages+0x18c/0x8f0
[  643.017500][T25512]  ? prep_new_page+0x110/0x110
[  643.022105][T25512]  new_slab+0x9a/0x4e0
[  643.026024][T25512]  ___slab_alloc+0x39e/0x830
[  643.030432][T25512]  ? vm_area_dup+0x26/0x230
[  643.034776][T25512]  ? vm_area_dup+0x26/0x230
[  643.039117][T25512]  __slab_alloc+0x4a/0x90
[  643.043305][T25512]  ? vm_area_dup+0x26/0x230
[  643.047634][T25512]  kmem_cache_alloc+0x134/0x200
[  643.052318][T25512]  vm_area_dup+0x26/0x230
[  643.056472][T25512]  copy_mm+0x9a1/0x13e0
[  643.060470][T25512]  ? copy_signal+0x610/0x610
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0)

10:01:18 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 72)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0x0) (async)
keyctl$link(0x3, r0, 0x0) (async)

[  643.064893][T25512]  ? __init_rwsem+0xd6/0x1c0
[  643.069316][T25512]  ? copy_signal+0x4e3/0x610
[  643.073743][T25512]  copy_process+0x1149/0x3290
[  643.078369][T25512]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  643.083398][T25512]  ? copy_clone_args_from_user+0x774/0x830
[  643.089047][T25512]  kernel_clone+0x21e/0x9e0
[  643.089081][T25512]  ? __delayed_free_task+0x20/0x20
[  643.089103][T25512]  ? vfs_write+0x9ec/0x1110
10:01:18 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 73)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0x0)
keyctl$link(0x3, r0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0x0) (async)
keyctl$link(0x3, r0, 0x0) (async)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$unlink(0x9, r0, r2)
keyctl$link(0x3, r1, 0x0)

10:01:18 executing program 2:
r0 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0], 0x1}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, 0xffffffffffffffff, r0], 0x3}, 0x58)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x7, 0x1, 0x7ff, 0x20, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, 0x7, 0x7, 0x3d10, 0x9}})

[  643.089124][T25512]  ? create_io_thread+0x1e0/0x1e0
[  643.089151][T25512]  __x64_sys_clone3+0x376/0x3a0
[  643.089177][T25512]  ? __ia32_sys_clone+0x290/0x290
[  643.089204][T25512]  ? fput+0x1a/0x20
[  643.089227][T25512]  ? debug_smp_processor_id+0x17/0x20
[  643.089252][T25512]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  643.089278][T25512]  ? exit_to_user_mode_prepare+0x39/0xa0
10:01:18 executing program 2:
r0 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0], 0x1}, 0x58) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, 0xffffffffffffffff, r0], 0x3}, 0x58) (async)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x7, 0x1, 0x7ff, 0x20, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, 0x7, 0x7, 0x3d10, 0x9}})

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$unlink(0x9, r0, r2)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$link(0x3, r1, 0x0)

[  643.089303][T25512]  do_syscall_64+0x3d/0xb0
[  643.089324][T25512]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  643.089351][T25512] RIP: 0033:0x7f19fd5aeda9
[  643.089370][T25512] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  643.089390][T25512] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  643.089416][T25512] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$unlink(0x9, r0, r2) (async)
keyctl$link(0x3, r1, 0x0)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x5f55, r0)
keyctl$link(0x3, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

10:01:18 executing program 2:
getpid() (async)
r0 = getpid()
syz_clone3(&(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000500)=[r0], 0x1}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000000)=[0x0, 0xffffffffffffffff, r0], 0x3}, 0x58)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r1, 0x89f2, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000040)={'ip6tnl0\x00', 0x0, 0x2f, 0x7, 0x1, 0x7ff, 0x20, @ipv4={'\x00', '\xff\xff', @remote}, @loopback, 0x7, 0x7, 0x3d10, 0x9}})

[  643.089433][T25512] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  643.089449][T25512] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  643.089464][T25512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  643.089479][T25512] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  643.089499][T25512]  </TASK>
[  643.122586][T25561] FAULT_INJECTION: forcing a failure.
[  643.122586][T25561] name failslab, interval 1, probability 0, space 0, times 0
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x5f55, r0)
keyctl$link(0x3, 0x0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x5f55, r0) (async)
keyctl$link(0x3, 0x0, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

10:01:18 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0x4}]}, 0x18}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000065000000080000a8", @ANYRES32=0x0, @ANYBLOB="0c009900b51d000000000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040846}, 0x20000)

[  643.122620][T25561] CPU: 1 PID: 25561 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  643.122645][T25561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  643.122658][T25561] Call Trace:
[  643.122665][T25561]  <TASK>
[  643.122673][T25561]  dump_stack_lvl+0x151/0x1b7
[  643.122699][T25561]  ? io_uring_drop_tctx_refs+0x190/0x190
[  643.122723][T25561]  dump_stack+0x15/0x17
[  643.122741][T25561]  should_fail+0x3c6/0x510
[  643.122764][T25561]  __should_failslab+0xa4/0xe0
[  643.122788][T25561]  ? vm_area_dup+0x26/0x230
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r2, 0xc8ae3aa7fda0452b, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "547b75e90f9dcfe9b805a9c71f45c846"}, @NL80211_ATTR_PMK={0x14, 0xfe, "c74f34c9627eef266358e2330b495852"}]}, 0x3c}}, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xd6f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x4081)
keyctl$link(0x3, r3, 0x0)
r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3)
keyctl$restrict_keyring(0x1d, r4, &(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)='syz')

10:01:18 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0x4}]}, 0x18}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000065000000080000a8", @ANYRES32=0x0, @ANYBLOB="0c009900b51d000000000000"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040846}, 0x20000)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0x4}]}, 0x18}}, 0x0) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000065000000080000a8", @ANYRES32=0x0, @ANYBLOB="0c009900b51d000000000000"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00'}) (async)
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040846}, 0x20000) (async)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r2, 0xc8ae3aa7fda0452b, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "547b75e90f9dcfe9b805a9c71f45c846"}, @NL80211_ATTR_PMK={0x14, 0xfe, "c74f34c9627eef266358e2330b495852"}]}, 0x3c}}, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xd6f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x4081)
keyctl$link(0x3, r3, 0x0)
r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3)
keyctl$restrict_keyring(0x1d, r4, &(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)='syz')
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r2, 0xc8ae3aa7fda0452b, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "547b75e90f9dcfe9b805a9c71f45c846"}, @NL80211_ATTR_PMK={0x14, 0xfe, "c74f34c9627eef266358e2330b495852"}]}, 0x3c}}, 0x0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0) (async)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xd6f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x4081) (async)
keyctl$link(0x3, r3, 0x0) (async)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3) (async)
keyctl$restrict_keyring(0x1d, r4, &(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)='syz') (async)

[  643.122812][T25561]  should_failslab+0x9/0x20
[  643.122833][T25561]  slab_pre_alloc_hook+0x37/0xd0
[  643.122857][T25561]  ? vm_area_dup+0x26/0x230
[  643.122879][T25561]  kmem_cache_alloc+0x44/0x200
[  643.122903][T25561]  vm_area_dup+0x26/0x230
[  643.122924][T25561]  copy_mm+0x9a1/0x13e0
[  643.122950][T25561]  ? copy_signal+0x610/0x610
[  643.122974][T25561]  ? __init_rwsem+0xd6/0x1c0
[  643.122996][T25561]  ? copy_signal+0x4e3/0x610
[  643.123019][T25561]  copy_process+0x1149/0x3290
[  643.123046][T25561]  ? pidfd_show_fdinfo+0x2b0/0x2b0
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x3c, r2, 0xc8ae3aa7fda0452b, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_PMKID={0x14, 0x55, "547b75e90f9dcfe9b805a9c71f45c846"}, @NL80211_ATTR_PMK={0x14, 0xfe, "c74f34c9627eef266358e2330b495852"}]}, 0x3c}}, 0x0)
r3 = add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r0)
sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x20, 0x70bd2d, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0xd6f}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x8}, @BATADV_ATTR_GW_MODE={0x5, 0x33, 0x1}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40004}, 0x4081) (async)
keyctl$link(0x3, r3, 0x0) (async)
r4 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r3)
keyctl$restrict_keyring(0x1d, r4, &(0x7f0000000180)='cifs.idmap\x00', &(0x7f00000001c0)='syz')

[  643.123070][T25561]  ? copy_clone_args_from_user+0x774/0x830
[  643.123092][T25561]  kernel_clone+0x21e/0x9e0
[  643.123115][T25561]  ? __delayed_free_task+0x20/0x20
[  643.123135][T25561]  ? vfs_write+0x9ec/0x1110
[  643.123160][T25561]  ? create_io_thread+0x1e0/0x1e0
[  643.123187][T25561]  __x64_sys_clone3+0x376/0x3a0
[  643.123212][T25561]  ? __ia32_sys_clone+0x290/0x290
[  643.123239][T25561]  ? fput+0x1a/0x20
[  643.123261][T25561]  ? debug_smp_processor_id+0x17/0x20
[  643.123285][T25561]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  643.123310][T25561]  ? exit_to_user_mode_prepare+0x39/0xa0
10:01:18 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x18, r1, 0x1, 0x0, 0x0, {{}, {@void, @void}}, [@NL80211_ATTR_MESH_SETUP={0x4}]}, 0x18}}, 0x0) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000065000000080000a8", @ANYRES32=0x0, @ANYBLOB="0c009900b51d000000000000"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_UNEXPECTED_FRAME(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x1c, r3, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r4}, @void}}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20040846}, 0x20000)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$search(0xa, r2, &(0x7f0000000180)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$search(0xa, r2, &(0x7f0000000180)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1)

10:01:18 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_setup(0x2da6, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000180))
write$char_usb(r0, &(0x7f0000000000)="4e97359d41747bad38b5dd67baee267e327408e0fdc33ac2bd", 0x19)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  643.123335][T25561]  do_syscall_64+0x3d/0xb0
[  643.123355][T25561]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  643.123382][T25561] RIP: 0033:0x7f19fd5aeda9
[  643.123400][T25561] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  643.123419][T25561] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  643.123444][T25561] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, r1)
keyctl$search(0xa, r2, &(0x7f0000000180)='trusted\x00', &(0x7f00000001c0)={'syz', 0x0}, r1)

10:01:18 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:18 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

[  643.123460][T25561] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  643.123476][T25561] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  643.123492][T25561] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  643.123506][T25561] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  643.123524][T25561]  </TASK>
[  643.153141][T25569] FAULT_INJECTION: forcing a failure.
[  643.153141][T25569] name failslab, interval 1, probability 0, space 0, times 0
10:01:18 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x3, 0x0, 0x0)

10:01:18 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x8, r0, r0) (async, rerun: 64)
keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000080)='asymmetric\x00', &(0x7f00000000c0)='logon\x00') (rerun: 64)
r1 = add_key$fscrypt_v1(&(0x7f0000000100), &(0x7f0000000140)={'fscrypt:', @desc2}, &(0x7f0000000180)={0x0, "33b97b7d8b78ca9caec4ebdfcbd3e0de101ad4c6842089b5ba5eddf29e58f9348353757dc731f6dae5bb845e2cc45858b40f315e12a18b6cf8f58f1133cb801a"}, 0x48, r0) (async)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), r2)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
r5 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r4)
sendmsg$IPVS_CMD_DEL_DEST(r4, &(0x7f0000000dc0)={&(0x7f0000000c40)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000d80)={&(0x7f0000000c80)={0xd0, r5, 0x20, 0x70bd28, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x6}, @IPVS_CMD_ATTR_DEST={0x2c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x800}, @IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x602}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}]}, @IPVS_CMD_ATTR_DAEMON={0xc, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x1}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x1f}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x6}, @IPVS_CMD_ATTR_DEST={0x1c, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x3667}, @IPVS_DEST_ATTR_INACT_CONNS={0x8, 0x8, 0x1}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x3e8}]}, @IPVS_CMD_ATTR_DAEMON={0x50, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @loopback}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'tunl0\x00'}, @IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7f}]}]}, 0xd0}, 0x1, 0x0, 0x0, 0x20000040}, 0x800)
r6 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x80, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r6)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000009c0)={0x6, 0x29, &(0x7f0000000640)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0xc82, 0x0, 0x0, 0x0, 0x7}, {{0x18, 0x1, 0x1, 0x0, r2}}, {}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r4}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x69, 0x0, 0x0, 0x0, 0x6}, @initr0={0x18, 0x0, 0x0, 0x0, 0x12000, 0x0, 0x0, 0x0, 0x9}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r2}}, @generic={0x6e, 0x9, 0x1, 0x6, 0xffff}, @map_fd={0x18, 0x3, 0x1, 0x0, r2}, @call={0x85, 0x0, 0x0, 0x90}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000007c0)='GPL\x00', 0x6, 0xf0, &(0x7f0000000800)=""/240, 0xf1888c68e60994bb, 0x3, '\x00', 0x0, 0x25, r6, 0x8, &(0x7f0000000900)={0x0, 0x5}, 0x8, 0x10, &(0x7f0000000940)={0x5, 0xa, 0x10001, 0x7}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000980)=[r2], 0x0, 0x10, 0xad4}, 0x90) (async, rerun: 32)
getsockname$tipc(r2, &(0x7f0000000240), &(0x7f0000000280)=0x10) (async, rerun: 32)
socket$inet_icmp_raw(0x2, 0x3, 0x1) (async)
keyctl$link(0x3, r0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000440)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000600)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000005c0)={&(0x7f0000000480)={0x11c, r3, 0x100, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x5}, @NL80211_ATTR_SCAN_SSIDS={0x68, 0x2d, 0x0, 0x1, [{0xd, 0x0, @random="8690ec48638d4216f5"}, {0xa, 0x0, @default_ibss_ssid}, {0xc, 0x0, @random="797f5d5efda23e44"}, {0xa, 0x0, @default_ibss_ssid}, {0xa, 0x0, @default_ap_ssid}, {0x22, 0x0, @random="b0cbfcbb8005d297a4275a6b36f385f125f61d8dbfc41dce0c5f0172c354"}]}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_MEASUREMENT_DURATION_MANDATORY={0x4}, @NL80211_ATTR_SCHED_SCAN_DELAY={0x8}, @NL80211_ATTR_SCAN_FLAGS={0x8, 0x9e, 0x20}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x64, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x3c, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x2eb9}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x4}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x3ff}, @NL80211_BAND_LC={0x8, 0x5, 0xd364}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xe72}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x7}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ibss_ssid}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0xa, 0x1, @default_ap_ssid}]}, @NL80211_ATTR_SCHED_SCAN_MULTI={0x4}, @NL80211_ATTR_SCHED_SCAN_RELATIVE_RSSI={0x5, 0xf6, 0x3}]}, 0x11c}, 0x1, 0x0, 0x0, 0x880}, 0x80) (async)
ioctl$RTC_VL_CLR(r2, 0x7014) (async)
add_key$fscrypt_v1(&(0x7f00000002c0), &(0x7f0000000300)={'fscrypt:', @desc1}, &(0x7f0000000340)={0x0, "24cbc4975b2e75c79d7bd9558aebe981f36806c705ff27229a1f850694c375531ecce495d0463824c45e74f7c235386a73f4b05ca1c95bb4bb87b627dfcfc764", 0x25}, 0x48, r1)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$search(0xa, r1, &(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000140)={'syz', 0x3}, r2)
keyctl$link(0x3, r1, 0x0)
r3 = getuid()
keyctl$get_persistent(0x16, r3, r2)

[  643.523211][T25569] CPU: 1 PID: 25569 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  643.523245][T25569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  643.523258][T25569] Call Trace:
[  643.523265][T25569]  <TASK>
[  643.523273][T25569]  dump_stack_lvl+0x151/0x1b7
[  643.523301][T25569]  ? io_uring_drop_tctx_refs+0x190/0x190
[  643.523326][T25569]  dump_stack+0x15/0x17
[  643.523344][T25569]  should_fail+0x3c6/0x510
[  643.523368][T25569]  __should_failslab+0xa4/0xe0
[  643.523403][T25569]  ? vm_area_dup+0x26/0x230
10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$search(0xa, r1, &(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000140)={'syz', 0x3}, r2)
keyctl$link(0x3, r1, 0x0)
r3 = getuid()
keyctl$get_persistent(0x16, r3, r2)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r1) (async)
keyctl$search(0xa, r1, &(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000140)={'syz', 0x3}, r2) (async)
keyctl$link(0x3, r1, 0x0) (async)
getuid() (async)
keyctl$get_persistent(0x16, r3, r2) (async)

10:01:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
socket$pptp(0x18, 0x1, 0x2) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x20, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40042}, 0x8804) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="eae7b1010000004a7b35f59416aa14f60e87e6d4ace350ae2b92e8080bfd1b7f2e05e61295c4f759f41eed83ede25811f68471ba3ee745291f1902e12ac2997db6ca8dff12809a40"], 0x28}}, 0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
accept4$tipc(r3, 0x0, 0x0, 0x0) (async)
sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x28, 0x3f7, 0x200, 0x70bd28, 0x25dfdbfe, {0x7, 0x7, './file0', './file0'}}, 0x28}}, 0x4000010)

10:01:18 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_setup(0x2da6, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000180)) (async)
write$char_usb(r0, &(0x7f0000000000)="4e97359d41747bad38b5dd67baee267e327408e0fdc33ac2bd", 0x19)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  643.523427][T25569]  should_failslab+0x9/0x20
[  643.523449][T25569]  slab_pre_alloc_hook+0x37/0xd0
[  643.523472][T25569]  ? vm_area_dup+0x26/0x230
[  643.590027][T25569]  kmem_cache_alloc+0x44/0x200
[  643.590065][T25569]  vm_area_dup+0x26/0x230
[  643.598780][T25569]  copy_mm+0x9a1/0x13e0
[  643.602784][T25569]  ? copy_signal+0x610/0x610
[  643.602818][T25569]  ? __init_rwsem+0xd6/0x1c0
10:01:18 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 74)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r1)
keyctl$search(0xa, r1, &(0x7f00000000c0)='cifs.spnego\x00', &(0x7f0000000140)={'syz', 0x3}, r2)
keyctl$link(0x3, r1, 0x0)
getuid() (async)
r3 = getuid()
keyctl$get_persistent(0x16, r3, r2)

10:01:18 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = socket$pptp(0x18, 0x1, 0x2)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000000c0))
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000100), 0x2, 0x0)
setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000140)=0x4, 0x1)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r4)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x44}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40840)
keyctl$link(0x3, r3, 0x0)
keyctl$reject(0x13, r3, 0x48d, 0x8a45, r0)
keyctl$link(0x3, r1, 0x0)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000002c0))

[  643.602856][T25569]  ? copy_signal+0x4e3/0x610
[  643.602881][T25569]  copy_process+0x1149/0x3290
[  643.602929][T25569]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  643.602954][T25569]  ? copy_clone_args_from_user+0x774/0x830
[  643.602978][T25569]  kernel_clone+0x21e/0x9e0
[  643.603014][T25569]  ? __delayed_free_task+0x20/0x20
[  643.603034][T25569]  ? vfs_write+0x9ec/0x1110
[  643.603065][T25569]  ? create_io_thread+0x1e0/0x1e0
[  643.603090][T25569]  __x64_sys_clone3+0x376/0x3a0
[  643.603121][T25569]  ? __ia32_sys_clone+0x290/0x290
[  643.603146][T25569]  ? fput+0x1a/0x20
[  643.603167][T25569]  ? debug_smp_processor_id+0x17/0x20
[  643.603190][T25569]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  643.603215][T25569]  ? exit_to_user_mode_prepare+0x39/0xa0
[  643.603237][T25569]  do_syscall_64+0x3d/0xb0
[  643.603256][T25569]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  643.603282][T25569] RIP: 0033:0x7f19fd5aeda9
[  643.603299][T25569] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  643.603318][T25569] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  643.603342][T25569] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  643.603358][T25569] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  643.603373][T25569] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  643.603387][T25569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:18 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
socket$pptp(0x18, 0x1, 0x2) (async)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x20, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40042}, 0x8804)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="eae7b1010000004a7b35f59416aa14f60e87e6d4ace350ae2b92e8080bfd1b7f2e05e61295c4f759f41eed83ede25811f68471ba3ee745291f1902e12ac2997db6ca8dff12809a40"], 0x28}}, 0x0) (async)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
accept4$tipc(r3, 0x0, 0x0, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x28, 0x3f7, 0x200, 0x70bd28, 0x25dfdbfe, {0x7, 0x7, './file0', './file0'}}, 0x28}}, 0x4000010)

10:01:18 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 75)

[  643.603400][T25569] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  643.603418][T25569]  </TASK>
[  643.648590][T25674] FAULT_INJECTION: forcing a failure.
[  643.648590][T25674] name failslab, interval 1, probability 0, space 0, times 0
[  643.797613][T25674] CPU: 0 PID: 25674 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  643.797646][T25674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  643.797659][T25674] Call Trace:
10:01:18 executing program 2:
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_io_uring_setup(0x2da6, &(0x7f0000000080)={0x0, 0x0, 0x20, 0x0, 0x0, 0x0, r0}, &(0x7f0000000100), &(0x7f0000000180)) (async)
write$char_usb(r0, &(0x7f0000000000)="4e97359d41747bad38b5dd67baee267e327408e0fdc33ac2bd", 0x19) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  643.797666][T25674]  <TASK>
[  643.797676][T25674]  dump_stack_lvl+0x151/0x1b7
[  643.797697][T25674]  ? io_uring_drop_tctx_refs+0x190/0x190
[  643.797714][T25674]  dump_stack+0x15/0x17
[  643.797727][T25674]  should_fail+0x3c6/0x510
[  643.797744][T25674]  __should_failslab+0xa4/0xe0
[  643.797762][T25674]  ? vm_area_dup+0x26/0x230
[  643.797779][T25674]  should_failslab+0x9/0x20
[  643.797794][T25674]  slab_pre_alloc_hook+0x37/0xd0
[  643.797812][T25674]  ? vm_area_dup+0x26/0x230
[  643.797827][T25674]  kmem_cache_alloc+0x44/0x200
[  643.797844][T25674]  vm_area_dup+0x26/0x230
[  643.797860][T25674]  copy_mm+0x9a1/0x13e0
[  643.797880][T25674]  ? copy_signal+0x610/0x610
[  643.797898][T25674]  ? __init_rwsem+0xd6/0x1c0
[  643.797914][T25674]  ? copy_signal+0x4e3/0x610
[  643.797931][T25674]  copy_process+0x1149/0x3290
[  643.797952][T25674]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  643.797970][T25674]  ? copy_clone_args_from_user+0x774/0x830
[  643.797986][T25674]  kernel_clone+0x21e/0x9e0
[  643.798003][T25674]  ? __delayed_free_task+0x20/0x20
[  643.798016][T25674]  ? vfs_write+0x9ec/0x1110
[  643.798039][T25674]  ? create_io_thread+0x1e0/0x1e0
[  643.798058][T25674]  __x64_sys_clone3+0x376/0x3a0
[  643.798076][T25674]  ? __ia32_sys_clone+0x290/0x290
[  643.798095][T25674]  ? fput+0x1a/0x20
[  643.798112][T25674]  ? debug_smp_processor_id+0x17/0x20
[  643.798129][T25674]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  643.798148][T25674]  ? exit_to_user_mode_prepare+0x39/0xa0
[  643.798166][T25674]  do_syscall_64+0x3d/0xb0
[  643.798180][T25674]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  643.798200][T25674] RIP: 0033:0x7f19fd5aeda9
[  643.798214][T25674] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  643.798228][T25674] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  643.798246][T25674] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  643.798259][T25674] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  643.798270][T25674] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  643.798281][T25674] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  643.798291][T25674] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  643.798305][T25674]  </TASK>
[  643.831286][T25690] FAULT_INJECTION: forcing a failure.
[  643.831286][T25690] name failslab, interval 1, probability 0, space 0, times 0
[  644.058890][T25690] CPU: 1 PID: 25690 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  644.058922][T25690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
10:01:19 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r2 = socket$pptp(0x18, 0x1, 0x2)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000000c0)) (async)
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000100), 0x2, 0x0)
setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000140)=0x4, 0x1)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r4)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x44}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40840)
keyctl$link(0x3, r3, 0x0) (async)
keyctl$reject(0x13, r3, 0x48d, 0x8a45, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000002c0))

10:01:19 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
syz_genetlink_get_family_id$team(&(0x7f0000000000), r0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r0)
socket$pptp(0x18, 0x1, 0x2)
sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r2, 0x20, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x40042}, 0x8804)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000380)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="eae7b1010000004a7b35f59416aa14f60e87e6d4ace350ae2b92e8080bfd1b7f2e05e61295c4f759f41eed83ede25811f68471ba3ee745291f1902e12ac2997db6ca8dff12809a40"], 0x28}}, 0x0)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
accept4$tipc(r3, 0x0, 0x0, 0x0)
sendmsg$AUDIT_MAKE_EQUIV(r3, &(0x7f0000000340)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000300)={&(0x7f0000000200)={0x28, 0x3f7, 0x200, 0x70bd28, 0x25dfdbfe, {0x7, 0x7, './file0', './file0'}}, 0x28}}, 0x4000010)

10:01:19 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 76)

[  644.058937][T25690] Call Trace:
[  644.082183][T25690]  <TASK>
[  644.082199][T25690]  dump_stack_lvl+0x151/0x1b7
[  644.089471][T25690]  ? io_uring_drop_tctx_refs+0x190/0x190
[  644.089494][T25690]  dump_stack+0x15/0x17
[  644.089507][T25690]  should_fail+0x3c6/0x510
[  644.089525][T25690]  __should_failslab+0xa4/0xe0
[  644.089543][T25690]  ? vm_area_dup+0x26/0x230
[  644.089560][T25690]  should_failslab+0x9/0x20
[  644.089576][T25690]  slab_pre_alloc_hook+0x37/0xd0
[  644.089594][T25690]  ? vm_area_dup+0x26/0x230
[  644.089614][T25690]  kmem_cache_alloc+0x44/0x200
[  644.089631][T25690]  vm_area_dup+0x26/0x230
[  644.089648][T25690]  copy_mm+0x9a1/0x13e0
[  644.089668][T25690]  ? copy_signal+0x610/0x610
[  644.089686][T25690]  ? __init_rwsem+0xd6/0x1c0
[  644.089702][T25690]  ? copy_signal+0x4e3/0x610
[  644.089720][T25690]  copy_process+0x1149/0x3290
[  644.089742][T25690]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  644.089761][T25690]  ? copy_clone_args_from_user+0x774/0x830
[  644.089777][T25690]  kernel_clone+0x21e/0x9e0
[  644.089794][T25690]  ? __delayed_free_task+0x20/0x20
[  644.089808][T25690]  ? vfs_write+0x9ec/0x1110
[  644.089823][T25690]  ? create_io_thread+0x1e0/0x1e0
[  644.089843][T25690]  __x64_sys_clone3+0x376/0x3a0
[  644.089862][T25690]  ? __ia32_sys_clone+0x290/0x290
[  644.089882][T25690]  ? fput+0x1a/0x20
[  644.089898][T25690]  ? debug_smp_processor_id+0x17/0x20
[  644.089915][T25690]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  644.089934][T25690]  ? exit_to_user_mode_prepare+0x39/0xa0
[  644.089952][T25690]  do_syscall_64+0x3d/0xb0
[  644.089967][T25690]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  644.089986][T25690] RIP: 0033:0x7f19fd5aeda9
[  644.090001][T25690] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  644.090015][T25690] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  644.090033][T25690] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  644.090045][T25690] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  644.090056][T25690] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  644.090067][T25690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  644.090078][T25690] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  644.090092][T25690]  </TASK>
[  644.130750][T25705] FAULT_INJECTION: forcing a failure.
[  644.130750][T25705] name failslab, interval 1, probability 0, space 0, times 0
10:01:19 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0)
pidfd_send_signal(r0, 0x18, &(0x7f0000000000)={0x18, 0xd70, 0x8}, 0x0)

10:01:19 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8010000", @ANYRES16=r0, @ANYBLOB="00012cbd7000fbdbdf25600000000600b100040000000600b100200000000600b100ca7c00090600b100040000001b002a007e15d90177080211000001010000006200000000000000006e012a000100ff89b587b4c7533e90d7809b041c6530584b0a6ea1850ebd92805a82a09ee93b656e4f57a99d1f86e700365e4db451a073fdbd4cb5fde45038f25cd8cf0858972a1acd7c5929de77284c0b4091889ecbe11f1c3a3e662cfceadc581f4c8069adf8a27fc52b177e563c71c50baf9031dcee121ca9dd5d4054f0773fe95670f8b3d5c0c8e67f06e43c7752fe7508010051010300380010018809ceafbcdd90f5da411fd10c9ff99fe3dda1f5ec25ffbbf1fbe370a9cfe43a48a4f5b2975e34bd0222cb73418a0595dea5dadfc89b15a6b16c59d94365f4e9c7107ba7a23c6745f59232c72554e1aba2d7503f6abf04d9a30aa1a9ab4f875bf1554203aa5978640d4fcb47a73b494be782b21f837b4636d58a2e430d600bd328ac64c3e214bc4a6c4c4dd3339552be085b1da0782f1b7c8e3f070ec032daf1517527d3940e8dcb6b54674b26ae28d67d023803898669cc199f2a29a4bc55d4c7cb8d1f665bf7aa2b348910e94d44dd7d00001e002a000301847e150006d208021100000001000080f10e00000900000000000600b1003f000000"], 0x1e8}, 0x1, 0x0, 0x0, 0x40800}, 0x4000)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r0, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x0, 0x7a}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x7}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x4}, @device_a, @device_b}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x84, r2, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x57}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x37}, @NL80211_ATTR_PMK={0x14, 0xfe, "296f4148a2ecfef2ff95214672355622"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xf}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "e019fc6cf16225dea608aa761cec7468"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xed60}]}, 0x84}, 0x1, 0x0, 0x0, 0x20040010}, 0x48001)

10:01:19 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8010000", @ANYRES16=r0, @ANYBLOB="00012cbd7000fbdbdf25600000000600b100040000000600b100200000000600b100ca7c00090600b100040000001b002a007e15d90177080211000001010000006200000000000000006e012a000100ff89b587b4c7533e90d7809b041c6530584b0a6ea1850ebd92805a82a09ee93b656e4f57a99d1f86e700365e4db451a073fdbd4cb5fde45038f25cd8cf0858972a1acd7c5929de77284c0b4091889ecbe11f1c3a3e662cfceadc581f4c8069adf8a27fc52b177e563c71c50baf9031dcee121ca9dd5d4054f0773fe95670f8b3d5c0c8e67f06e43c7752fe7508010051010300380010018809ceafbcdd90f5da411fd10c9ff99fe3dda1f5ec25ffbbf1fbe370a9cfe43a48a4f5b2975e34bd0222cb73418a0595dea5dadfc89b15a6b16c59d94365f4e9c7107ba7a23c6745f59232c72554e1aba2d7503f6abf04d9a30aa1a9ab4f875bf1554203aa5978640d4fcb47a73b494be782b21f837b4636d58a2e430d600bd328ac64c3e214bc4a6c4c4dd3339552be085b1da0782f1b7c8e3f070ec032daf1517527d3940e8dcb6b54674b26ae28d67d023803898669cc199f2a29a4bc55d4c7cb8d1f665bf7aa2b348910e94d44dd7d00001e002a000301847e150006d208021100000001000080f10e00000900000000000600b1003f000000"], 0x1e8}, 0x1, 0x0, 0x0, 0x40800}, 0x4000) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r0, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x0, 0x7a}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x7}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x4}, @device_a, @device_b}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x84, r2, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x57}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x37}, @NL80211_ATTR_PMK={0x14, 0xfe, "296f4148a2ecfef2ff95214672355622"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xf}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "e019fc6cf16225dea608aa761cec7468"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xed60}]}, 0x84}, 0x1, 0x0, 0x0, 0x20040010}, 0x48001)

10:01:19 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 77)

[  644.325031][T25705] CPU: 0 PID: 25705 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  644.325064][T25705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  644.325079][T25705] Call Trace:
[  644.325086][T25705]  <TASK>
[  644.325094][T25705]  dump_stack_lvl+0x151/0x1b7
[  644.325122][T25705]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:19 executing program 0:
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_UPDATE_FT_IES(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="e8010000", @ANYRES16=r0, @ANYBLOB="00012cbd7000fbdbdf25600000000600b100040000000600b100200000000600b100ca7c00090600b100040000001b002a007e15d90177080211000001010000006200000000000000006e012a000100ff89b587b4c7533e90d7809b041c6530584b0a6ea1850ebd92805a82a09ee93b656e4f57a99d1f86e700365e4db451a073fdbd4cb5fde45038f25cd8cf0858972a1acd7c5929de77284c0b4091889ecbe11f1c3a3e662cfceadc581f4c8069adf8a27fc52b177e563c71c50baf9031dcee121ca9dd5d4054f0773fe95670f8b3d5c0c8e67f06e43c7752fe7508010051010300380010018809ceafbcdd90f5da411fd10c9ff99fe3dda1f5ec25ffbbf1fbe370a9cfe43a48a4f5b2975e34bd0222cb73418a0595dea5dadfc89b15a6b16c59d94365f4e9c7107ba7a23c6745f59232c72554e1aba2d7503f6abf04d9a30aa1a9ab4f875bf1554203aa5978640d4fcb47a73b494be782b21f837b4636d58a2e430d600bd328ac64c3e214bc4a6c4c4dd3339552be085b1da0782f1b7c8e3f070ec032daf1517527d3940e8dcb6b54674b26ae28d67d023803898669cc199f2a29a4bc55d4c7cb8d1f665bf7aa2b348910e94d44dd7d00001e002a000301847e150006d208021100000001000080f10e00000900000000000600b1003f000000"], 0x1e8}, 0x1, 0x0, 0x0, 0x40800}, 0x4000) (async)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r0, 0x2, 0x70bd2a, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @val={0xc, 0x99, {0x0, 0x7a}}}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x7}, @NL80211_ATTR_FRAME={0x14, 0x33, @ctrl_frame=@rts={{}, {0x4}, @device_a, @device_b}}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000540)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000680)={&(0x7f00000005c0)={0x84, r2, 0x8, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x57}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0x37}, @NL80211_ATTR_PMK={0x14, 0xfe, "296f4148a2ecfef2ff95214672355622"}, @NL80211_ATTR_PMK_REAUTH_THRESHOLD={0x5, 0x120, 0xf}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_PMK={0x14, 0xfe, "e019fc6cf16225dea608aa761cec7468"}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ibss_ssid}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0x9}, @NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xed60}]}, 0x84}, 0x1, 0x0, 0x0, 0x20040010}, 0x48001)

10:01:19 executing program 0:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000088", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r2, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x56, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x884)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x45}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000)

10:01:19 executing program 0:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000088", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r2, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x56, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x884)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x45}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000) (async)
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x45}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000)

10:01:19 executing program 0:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000088", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async, rerun: 32)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1) (async, rerun: 32)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r2, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x56, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x884)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x45}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000)

[  644.325149][T25705]  dump_stack+0x15/0x17
[  644.325168][T25705]  should_fail+0x3c6/0x510
[  644.325192][T25705]  __should_failslab+0xa4/0xe0
[  644.325217][T25705]  ? vm_area_dup+0x26/0x230
[  644.325240][T25705]  should_failslab+0x9/0x20
[  644.325261][T25705]  slab_pre_alloc_hook+0x37/0xd0
[  644.325286][T25705]  ? vm_area_dup+0x26/0x230
[  644.325308][T25705]  kmem_cache_alloc+0x44/0x200
[  644.325332][T25705]  vm_area_dup+0x26/0x230
[  644.325355][T25705]  copy_mm+0x9a1/0x13e0
[  644.325383][T25705]  ? copy_signal+0x610/0x610
10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x89b0, &(0x7f00000008c0)={'batadv_slave_1\x00'})
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000ed94cc627e6740033523a15c6009ef7c15f64cf457131e4a6c609bc21962c07762594a46d5247be18ea70fe29236829b6e5c98f03b9fb657e0cd0864bcdf8124efcf10efd2ce1a5d00", @ANYRES16=0x0, @ANYBLOB="040026bd7000ffdbdf253000ffff08000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000230000000600e9004100000072040000001643b4ab8f55fb9a738598"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0xc011)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0x0, 0xfffffffffffffff8, 0x0)
r5 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r4, &(0x7f0000000200)='logon\x00', &(0x7f0000000440)={'syz', 0x2}, r5)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7fff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040002}, 0x1)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x89b0, &(0x7f00000008c0)={'batadv_slave_1\x00'}) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000ed94cc627e6740033523a15c6009ef7c15f64cf457131e4a6c609bc21962c07762594a46d5247be18ea70fe29236829b6e5c98f03b9fb657e0cd0864bcdf8124efcf10efd2ce1a5d00", @ANYRES16=0x0, @ANYBLOB="040026bd7000ffdbdf253000ffff08000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000230000000600e9004100000072040000001643b4ab8f55fb9a738598"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0xc011) (async)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0x0, 0xfffffffffffffff8, 0x0) (async)
r5 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r4, &(0x7f0000000200)='logon\x00', &(0x7f0000000440)={'syz', 0x2}, r5) (async)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7fff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040002}, 0x1) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

[  644.325407][T25705]  ? __init_rwsem+0xd6/0x1c0
[  644.325440][T25705]  ? copy_signal+0x4e3/0x610
[  644.325466][T25705]  copy_process+0x1149/0x3290
[  644.325496][T25705]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  644.325522][T25705]  ? copy_clone_args_from_user+0x774/0x830
[  644.325546][T25705]  kernel_clone+0x21e/0x9e0
[  644.325569][T25705]  ? __delayed_free_task+0x20/0x20
[  644.325590][T25705]  ? vfs_write+0x9ec/0x1110
[  644.325610][T25705]  ? create_io_thread+0x1e0/0x1e0
[  644.325637][T25705]  __x64_sys_clone3+0x376/0x3a0
[  644.325662][T25705]  ? __ia32_sys_clone+0x290/0x290
10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x89b0, &(0x7f00000008c0)={'batadv_slave_1\x00'}) (async, rerun: 32)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (rerun: 32)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), r0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r0, &(0x7f0000000340)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="44000000ed94cc627e6740033523a15c6009ef7c15f64cf457131e4a6c609bc21962c07762594a46d5247be18ea70fe29236829b6e5c98f03b9fb657e0cd0864bcdf8124efcf10efd2ce1a5d00", @ANYRES16=0x0, @ANYBLOB="040026bd7000ffdbdf253000ffff08000300", @ANYRES32=r3, @ANYBLOB="0c00990000000000230000000600e9004100000072040000001643b4ab8f55fb9a738598"], 0x40}, 0x1, 0x0, 0x0, 0x1}, 0xc011) (async)
r4 = add_key$keyring(&(0x7f0000000040), &(0x7f0000000080)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$KEYCTL_MOVE(0x1e, r4, 0x0, 0xfffffffffffffff8, 0x0)
r5 = add_key$keyring(&(0x7f0000000480), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$search(0xa, r4, &(0x7f0000000200)='logon\x00', &(0x7f0000000440)={'syz', 0x2}, r5) (async, rerun: 64)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x40, r2, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @broadcast}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x7fff}, @BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}]}, 0x40}, 0x1, 0x0, 0x0, 0x4040002}, 0x1) (async, rerun: 64)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:19 executing program 0:
setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000040)=0x8, 0x2)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYRESOCT=r0], 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)

10:01:19 executing program 0:
setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000040)=0x8, 0x2) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYRESOCT=r0], 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)

[  644.325688][T25705]  ? fput+0x1a/0x20
[  644.325710][T25705]  ? debug_smp_processor_id+0x17/0x20
[  644.325737][T25705]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  644.325763][T25705]  ? exit_to_user_mode_prepare+0x39/0xa0
[  644.325787][T25705]  do_syscall_64+0x3d/0xb0
[  644.325807][T25705]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[  644.325831][T25705]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  644.325860][T25705] RIP: 0033:0x7f19fd5aeda9
10:01:19 executing program 0:
setsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, &(0x7f0000000040)=0x8, 0x2) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_COALESCE(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYRESOCT=r0], 0x28}, 0x1, 0x0, 0x0, 0x4000040}, 0x0)

10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffd71, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x28}}, 0x2404c0d1)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r16}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r17}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xbc}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r20}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r21=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r22=>0x0})
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r1, 0x8, 0x70bd25, 0x25dfdbfb, {}, [{{0x8, 0x1, r6}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xc65d}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r22}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40010}, 0x20004040)

[  644.325879][T25705] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  644.325899][T25705] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  644.325925][T25705] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  644.325941][T25705] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  644.325958][T25705] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  644.325974][T25705] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:19 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = socket$pptp(0x18, 0x1, 0x2)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000000c0))
r3 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r4 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000100), 0x2, 0x0)
setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000140)=0x4, 0x1)
r5 = syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r4)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x44}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40840)
keyctl$link(0x3, r3, 0x0)
keyctl$reject(0x13, r3, 0x48d, 0x8a45, r0)
keyctl$link(0x3, r1, 0x0)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000002c0))
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
socket$pptp(0x18, 0x1, 0x2) (async)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000000c0)) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r4, &(0x7f0000000100), 0x2, 0x0) (async)
setsockopt$bt_BT_POWER(r4, 0x112, 0x9, &(0x7f0000000140)=0x4, 0x1) (async)
syz_genetlink_get_family_id$batadv(&(0x7f00000001c0), r4) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x10001}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r5, 0x2, 0x70bd26, 0x25dfdbff, {}, [@BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x44}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004}, 0x40840) (async)
keyctl$link(0x3, r3, 0x0) (async)
keyctl$reject(0x13, r3, 0x48d, 0x8a45, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
ioctl$PPPIOCGMRU(r2, 0x80047453, &(0x7f00000002c0)) (async)

10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffd71, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x28}}, 0x2404c0d1) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffd71, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x28}}, 0x2404c0d1)
syz_genetlink_get_family_id$team(&(0x7f0000000040), r0) (async)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', 0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', 0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', 0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r16}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r17}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xbc}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r20}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r21=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r22=>0x0})
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r1, 0x8, 0x70bd25, 0x25dfdbfb, {}, [{{0x8, 0x1, r6}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xc65d}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r22}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40010}, 0x20004040)

[  644.325988][T25705] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  644.326007][T25705]  </TASK>
[  644.376889][T25717] FAULT_INJECTION: forcing a failure.
[  644.376889][T25717] name failslab, interval 1, probability 0, space 0, times 0
[  644.577783][T25756] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25756 comm=syz-executor.0
[  644.580687][T25717] CPU: 0 PID: 25717 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
10:01:19 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 78)

[  644.601975][T25756] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25756 comm=syz-executor.0
[  644.603696][T25717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  644.603713][T25717] Call Trace:
[  644.603721][T25717]  <TASK>
[  644.603730][T25717]  dump_stack_lvl+0x151/0x1b7
[  644.659868][T25717]  ? io_uring_drop_tctx_refs+0x190/0x190
[  644.659903][T25717]  dump_stack+0x15/0x17
[  644.659918][T25717]  should_fail+0x3c6/0x510
[  644.659937][T25717]  __should_failslab+0xa4/0xe0
10:01:19 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffd71, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x28}}, 0x2404c0d1)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r16}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r17}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xbc}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r20}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r21=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r22=>0x0})
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r1, 0x8, 0x70bd25, 0x25dfdbfb, {}, [{{0x8, 0x1, r6}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xc65d}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r22}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40010}, 0x20004040)

[  644.659957][T25717]  ? vm_area_dup+0x26/0x230
[  644.659977][T25717]  should_failslab+0x9/0x20
[  644.659994][T25717]  slab_pre_alloc_hook+0x37/0xd0
[  644.660013][T25717]  ? vm_area_dup+0x26/0x230
[  644.660031][T25717]  kmem_cache_alloc+0x44/0x200
[  644.660050][T25717]  vm_area_dup+0x26/0x230
[  644.660067][T25717]  copy_mm+0x9a1/0x13e0
[  644.660089][T25717]  ? copy_signal+0x610/0x610
[  644.660109][T25717]  ? __init_rwsem+0xd6/0x1c0
[  644.660127][T25717]  ? copy_signal+0x4e3/0x610
[  644.660147][T25717]  copy_process+0x1149/0x3290
10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0xfffffffffffffd71, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[], 0x28}}, 0x2404c0d1) (async)
r1 = syz_genetlink_get_family_id$team(&(0x7f0000000040), r0)
r2 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000400)={'team0\x00', <r3=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r4=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000500)={'team0\x00', <r6=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000540)={'team0\x00', <r7=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r8=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r2, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r9=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r10=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000b00)={'team0\x00', <r11=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r12=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000e40)={'team0\x00', <r13=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r14=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r15=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r16=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000001580)={'team0\x00', <r17=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r2, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r18=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r19=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r2, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r20=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r3}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r4}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}]}}, {{0x8, 0x1, r7}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r9}}}]}}, {{0x8, 0x1, r10}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r13}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r16}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r17}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xbc}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r18}}}]}}, {{0x8, 0x1, r19}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r20}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r21=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000000c0)={'team0\x00', <r22=>0x0})
sendmsg$TEAM_CMD_NOOP(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000100)={&(0x7f00000002c0)={0x98, r1, 0x8, 0x70bd25, 0x25dfdbfb, {}, [{{0x8, 0x1, r6}, {0x7c, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0xc65d}}, {0x8, 0x6, r21}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r22}}}]}}]}, 0x98}, 0x1, 0x0, 0x0, 0x40010}, 0x20004040)

[  644.660169][T25717]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  644.660189][T25717]  ? copy_clone_args_from_user+0x774/0x830
[  644.660207][T25717]  kernel_clone+0x21e/0x9e0
[  644.660226][T25717]  ? __delayed_free_task+0x20/0x20
[  644.660241][T25717]  ? vfs_write+0x9ec/0x1110
[  644.660258][T25717]  ? create_io_thread+0x1e0/0x1e0
[  644.660279][T25717]  __x64_sys_clone3+0x376/0x3a0
[  644.660298][T25717]  ? __ia32_sys_clone+0x290/0x290
[  644.660320][T25717]  ? fput+0x1a/0x20
[  644.660337][T25717]  ? debug_smp_processor_id+0x17/0x20
10:01:19 executing program 3:
r0 = syz_init_net_socket$nfc_raw(0x27, 0x5, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000088", @ANYRES16=r2, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r1, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x34, r2, 0x800, 0x70bd26, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x56, 0x7b}}}}, [@NL80211_ATTR_MAC={0xa}]}, 0x34}, 0x1, 0x0, 0x0, 0x20004000}, 0x884)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r5=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, r3, 0x10, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x6, 0x45}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x4000}, 0x40000000)

[  644.660356][T25717]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  644.660376][T25717]  ? exit_to_user_mode_prepare+0x39/0xa0
[  644.660395][T25717]  do_syscall_64+0x3d/0xb0
[  644.660411][T25717]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  644.660433][T25717] RIP: 0033:0x7f19fd5aeda9
[  644.660449][T25717] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  644.660465][T25717] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
10:01:19 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$negate(0xd, r0, 0x5f55, r0)
keyctl$link(0x3, 0x0, 0x0)
add_key$keyring(&(0x7f0000000080), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff)

[  644.660486][T25717] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  644.660500][T25717] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  644.660513][T25717] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  644.660525][T25717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  644.660537][T25717] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  644.660552][T25717]  </TASK>
10:01:19 executing program 3:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
r2 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, r1)
keyctl$unlink(0x9, r0, r2)
keyctl$link(0x3, r1, 0x0)

10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x40, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x40}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r2, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x36}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x13}}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040080}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r8=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r9=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r10=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r12=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r14=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r12}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r17}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4)
sendmsg$NL80211_CMD_DISCONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="03052bbd7000ffdbdf253000000008000300", @ANYRES32=r7, @ANYBLOB="0c009900080000ee35000000060036003d00000006003600220000000600360034000000060036002f000000060036000f000000"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x3)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESDEC=r4, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x20000844)
sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc041}, 0x4000010)

10:01:19 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

[  644.692159][T25761] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25761 comm=syz-executor.0
[  644.710275][T25764] FAULT_INJECTION: forcing a failure.
[  644.710275][T25764] name failslab, interval 1, probability 0, space 0, times 0
[  644.715737][T25761] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25761 comm=syz-executor.0
[  644.718039][T25764] CPU: 0 PID: 25764 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  644.749790][T25768] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25768 comm=syz-executor.3
[  644.751231][T25764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  644.751249][T25764] Call Trace:
[  644.751255][T25764]  <TASK>
[  644.751264][T25764]  dump_stack_lvl+0x151/0x1b7
[  644.762100][T25768] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25768 comm=syz-executor.3
[  644.765121][T25764]  ? io_uring_drop_tctx_refs+0x190/0x190
[  644.765156][T25764]  dump_stack+0x15/0x17
10:01:19 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x40, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x40}}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x40, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x40}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r2, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x36}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x13}}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r4 = socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040080}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r8=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r9=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r10=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r12=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', 0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r14=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', 0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r12}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r17}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4)
sendmsg$NL80211_CMD_DISCONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="03052bbd7000ffdbdf253000000008000300", @ANYRES32=r7, @ANYBLOB="0c009900080000ee35000000060036003d00000006003600220000000600360034000000060036002f000000060036000f000000"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x3) (async)
sendmsg$NL80211_CMD_DISCONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="03052bbd7000ffdbdf253000000008000300", @ANYRES32=r7, @ANYBLOB="0c009900080000ee35000000060036003d00000006003600220000000600360034000000060036002f000000060036000f000000"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x3)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESDEC=r4, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x20000844)
sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc041}, 0x4000010)

10:01:19 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) (async)
pidfd_send_signal(r0, 0x18, &(0x7f0000000000)={0x18, 0xd70, 0x8}, 0x0)

[  644.776432][T25783] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=25783 comm=syz-executor.0
[  644.778832][T25764]  should_fail+0x3c6/0x510
[  644.778864][T25764]  __should_failslab+0xa4/0xe0
[  644.974371][T25801] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  644.977593][T25764]  ? vm_area_dup+0x26/0x230
[  644.977631][T25764]  should_failslab+0x9/0x20
[  645.015967][T25764]  slab_pre_alloc_hook+0x37/0xd0
[  645.016004][T25764]  ? vm_area_dup+0x26/0x230
[  645.016029][T25764]  kmem_cache_alloc+0x44/0x200
[  645.029691][T25764]  vm_area_dup+0x26/0x230
10:01:20 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:20 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0)
pidfd_send_signal(r0, 0x18, &(0x7f0000000000)={0x18, 0xd70, 0x8}, 0x0)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) (async)
getsockopt$bt_BT_DEFER_SETUP(r0, 0x112, 0x7, 0x0, 0x0) (async)
pidfd_send_signal(r0, 0x18, &(0x7f0000000000)={0x18, 0xd70, 0x8}, 0x0) (async)

[  645.033836][T25764]  copy_mm+0x9a1/0x13e0
[  645.037849][T25764]  ? copy_signal+0x610/0x610
[  645.042342][T25764]  ? __init_rwsem+0xd6/0x1c0
[  645.046763][T25764]  ? copy_signal+0x4e3/0x610
[  645.051193][T25764]  copy_process+0x1149/0x3290
[  645.055712][T25764]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  645.060654][T25764]  ? copy_clone_args_from_user+0x774/0x830
[  645.066296][T25764]  kernel_clone+0x21e/0x9e0
[  645.070638][T25764]  ? __delayed_free_task+0x20/0x20
[  645.075594][T25764]  ? vfs_write+0x9ec/0x1110
[  645.079922][T25764]  ? create_io_thread+0x1e0/0x1e0
10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)={0x40, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @val={0xc}}}, [@NL80211_ATTR_COALESCE_RULE_PKT_PATTERN={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, @NL80211_PKTPAT_OFFSET={0x8}}]}, @NL80211_ATTR_COALESCE_RULE_DELAY={0x8}]}, 0x40}}, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_REGISTER_BEACONS(r0, &(0x7f0000000600)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f00000005c0)={&(0x7f0000000580)={0x30, r2, 0x200, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8, 0x1, 0x36}, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x5, 0x13}}}}, ["", ""]}, 0x30}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) (async)
r4 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_GET_MESH_CONFIG(r4, &(0x7f0000000380)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r5, 0x1, 0x70bd25, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r6}, @void}}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4040080}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r7=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r8=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r9=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000b00)={'team0\x00', <r10=>0x0}) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r11=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000e40)={'team0\x00', <r12=>0x0}) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) (async, rerun: 64)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r14=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000001580)={'team0\x00', <r16=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r17=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r18=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r19=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(0xffffffffffffffff, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r8}}}]}}, {{0x8, 0x1, r9}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r10}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r11}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r12}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r14}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r15}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r16}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r17}}}]}}, {{0x8, 0x1, r18}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r19}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0) (async)
sendmsg$BATADV_CMD_TP_METER_CANCEL(r4, &(0x7f0000000740)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f0000000700)={&(0x7f00000006c0)={0x2c, 0x0, 0x200, 0x70bd28, 0x25dfdbfc, {}, [@BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5}, @BATADV_ATTR_ISOLATION_MASK={0x8, 0x2c, 0x6}, @BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r17}]}, 0x2c}, 0x1, 0x0, 0x0, 0x801}, 0x4)
sendmsg$NL80211_CMD_DISCONNECT(r4, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="03052bbd7000ffdbdf253000000008000300", @ANYRES32=r7, @ANYBLOB="0c009900080000ee35000000060036003d00000006003600220000000600360034000000060036002f000000060036000f000000"], 0x50}, 0x1, 0x0, 0x0, 0x20008000}, 0x3) (async, rerun: 64)
sendmsg$NL80211_CMD_SET_COALESCE(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRESDEC=r4, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x20000844) (rerun: 64)
sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f00000004c0)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000480)={&(0x7f0000000400)={0x4c, 0x0, 0x2, 0x70bd28, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x2}, @BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0x5}, @BATADV_ATTR_BONDING_ENABLED={0x5}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5, 0x30, 0x1}, @BATADV_ATTR_DISTRIBUTED_ARP_TABLE_ENABLED={0x5, 0x2f, 0x1}]}, 0x4c}, 0x1, 0x0, 0x0, 0xc041}, 0x4000010)

[  645.084783][T25764]  __x64_sys_clone3+0x376/0x3a0
[  645.089467][T25764]  ? __ia32_sys_clone+0x290/0x290
[  645.094335][T25764]  ? fput+0x1a/0x20
[  645.097408][T25807] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  645.097973][T25764]  ? debug_smp_processor_id+0x17/0x20
[  645.106074][T25808] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  645.111075][T25764]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  645.111111][T25764]  ? exit_to_user_mode_prepare+0x39/0xa0
10:01:20 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  645.130451][T25764]  do_syscall_64+0x3d/0xb0
[  645.130484][T25764]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  645.130513][T25764] RIP: 0033:0x7f19fd5aeda9
[  645.130533][T25764] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  645.130552][T25764] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
10:01:20 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 79)

10:01:20 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)

[  645.130576][T25764] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  645.130593][T25764] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  645.130609][T25764] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  645.130625][T25764] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  645.130639][T25764] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  645.130658][T25764]  </TASK>
[  645.146222][T25817] netlink: 'syz-executor.0': attribute type 3 has an invalid length.
[  645.224883][T25832] FAULT_INJECTION: forcing a failure.
10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r1, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x68800}, 0x14)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x48094}, 0x0)

10:01:20 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000180)={0x0, 0x0, 0x100, &(0x7f0000000140)=0x7})
write$char_usb(r0, &(0x7f0000000040)="0c42ff54692cdd360abceaffa5d2bfe4ada4a7a603962bfaca8ea99b884a347d945e1b8dc3350d45365764ad5193edec04c554edcba704642ceee4263a761c3d5fefab35a118d8719096564540e9a2391379599b61b846085c3b6979d4f9a7533f3f13a16886dc652a3a0bceee0d809ac02351e4508ba57fa817b7d537578c54b13d2dd306a0123b8ae8bbe0c359f5b607c8f40514fef7798e1a40d8dfd24aeddc90e4bcc3af2711f53681edd336f9ea6d13634bc0c3d4d0513089806dcb23d7dea2c4062fa81ab47caf9a8e14864a658f8b5d60fe7f9aacfe72a9011f788cfe968c21fc18ca96b4564efacf8841808557af927fbe9b56015f0b7ece75", 0xfd)

10:01:20 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0)
r1 = add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x2}, 0x0, 0x0, 0x0) (async)
add_key$keyring(&(0x7f0000000100), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), r0) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r1, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x68800}, 0x14)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x48094}, 0x0)

10:01:20 executing program 1:
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000200))
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)

[  645.224883][T25832] name failslab, interval 1, probability 0, space 0, times 0
[  645.283114][T25832] CPU: 0 PID: 25832 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  645.293295][T25832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  645.303193][T25832] Call Trace:
[  645.306312][T25832]  <TASK>
[  645.309088][T25832]  dump_stack_lvl+0x151/0x1b7
[  645.313607][T25832]  ? io_uring_drop_tctx_refs+0x190/0x190
[  645.319074][T25832]  dump_stack+0x15/0x17
[  645.323062][T25832]  should_fail+0x3c6/0x510
[  645.327316][T25832]  __should_failslab+0xa4/0xe0
10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), r0)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r1, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x68800}, 0x14)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x48094}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000000), r0) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000100)={&(0x7f0000000040), 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x18, r1, 0x4, 0x70bd25, 0x25dfdbfc, {{}, {@void, @void}}, [@NL80211_ATTR_HANDLE_DFS={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x68800}, 0x14) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x48094}, 0x0) (async)

10:01:20 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000180)={0x0, 0x0, 0x100, &(0x7f0000000140)=0x7}) (async)
write$char_usb(r0, &(0x7f0000000040)="0c42ff54692cdd360abceaffa5d2bfe4ada4a7a603962bfaca8ea99b884a347d945e1b8dc3350d45365764ad5193edec04c554edcba704642ceee4263a761c3d5fefab35a118d8719096564540e9a2391379599b61b846085c3b6979d4f9a7533f3f13a16886dc652a3a0bceee0d809ac02351e4508ba57fa817b7d537578c54b13d2dd306a0123b8ae8bbe0c359f5b607c8f40514fef7798e1a40d8dfd24aeddc90e4bcc3af2711f53681edd336f9ea6d13634bc0c3d4d0513089806dcb23d7dea2c4062fa81ab47caf9a8e14864a658f8b5d60fe7f9aacfe72a9011f788cfe968c21fc18ca96b4564efacf8841808557af927fbe9b56015f0b7ece75", 0xfd)

10:01:20 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
write$cgroup_netprio_ifpriomap(r3, 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:20 executing program 1:
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x0) (async)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000200)) (async)
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0xc00)
bind$tipc(r2, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0153a9cff813f30000000000000059f607"], 0x28}}, 0x0)

10:01:20 executing program 1:
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r0)
r1 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x0)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000200))
r2 = add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r0)
r3 = add_key$keyring(&(0x7f0000000100), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r3, 0x0)
ioctl$RTC_EPOCH_SET(0xffffffffffffffff, 0x4008700e, 0x9) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000140)={'syz', 0x3}, 0x0, 0x0, r0) (async)
openat$rtc(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$RTC_IRQP_SET(r1, 0x4008700c, 0x0) (async)
ioctl$RTC_PLL_GET(r1, 0x80207011, &(0x7f0000000200)) (async)
add_key$keyring(&(0x7f0000000180), &(0x7f00000001c0)={'syz', 0x0}, 0x0, 0x0, r0) (async)
add_key$keyring(&(0x7f0000000100), &(0x7f00000000c0)={'syz', 0x3}, 0x0, 0x0, r2) (async)
keyctl$link(0x3, r3, 0x0) (async)

[  645.331913][T25832]  ? vm_area_dup+0x26/0x230
[  645.336253][T25832]  should_failslab+0x9/0x20
[  645.340597][T25832]  slab_pre_alloc_hook+0x37/0xd0
[  645.345371][T25832]  ? vm_area_dup+0x26/0x230
[  645.349717][T25832]  kmem_cache_alloc+0x44/0x200
[  645.349753][T25832]  vm_area_dup+0x26/0x230
[  645.349780][T25832]  copy_mm+0x9a1/0x13e0
[  645.349809][T25832]  ? copy_signal+0x610/0x610
[  645.349833][T25832]  ? __init_rwsem+0xd6/0x1c0
10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async, rerun: 64)
r2 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0xc00) (rerun: 64)
bind$tipc(r2, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0153a9cff813f30000000000000059f607"], 0x28}}, 0x0)

10:01:20 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 80)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "2b15095c5adc6a48b240899cd2e7f7143f837959095f1b0f0973592896b1901eacc493afeeed81ab6e5fc02fced4b4af98558e409ea8c946a86a8d866965c310", 0x1e}, 0x48, r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2)
sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xe8ab40aca2105516}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="07008000", @ANYRES16=r3, @ANYBLOB="20002dbd7000fcdbdf256800000008000300", @ANYRES32=0x0, @ANYBLOB="3600c70000060901810502060704040202000801ff060307200705074002080308072f04d40201060100060240033c746edc8d65ce320000"], 0x54}}, 0x20000010)
keyctl$search(0xa, r0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, r1)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000400)=0x2)
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000480)=0x6)
keyctl$link(0x3, r5, 0x0)
keyctl$link(0x8, r0, r5)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "2b15095c5adc6a48b240899cd2e7f7143f837959095f1b0f0973592896b1901eacc493afeeed81ab6e5fc02fced4b4af98558e409ea8c946a86a8d866965c310", 0x1e}, 0x48, r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2)
sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xe8ab40aca2105516}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="07008000", @ANYRES16=r3, @ANYBLOB="20002dbd7000fcdbdf256800000008000300", @ANYRES32=0x0, @ANYBLOB="3600c70000060901810502060704040202000801ff060307200705074002080308072f04d40201060100060240033c746edc8d65ce320000"], 0x54}}, 0x20000010) (async)
keyctl$search(0xa, r0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, r1)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000400)=0x2)
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000480)=0x6)
keyctl$link(0x3, r5, 0x0) (async)
keyctl$link(0x8, r0, r5)

[  645.349857][T25832]  ? copy_signal+0x4e3/0x610
[  645.349882][T25832]  copy_process+0x1149/0x3290
[  645.349911][T25832]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  645.349935][T25832]  ? copy_clone_args_from_user+0x774/0x830
10:01:20 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 81)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffff9)
r1 = add_key$fscrypt_v1(&(0x7f0000000180), &(0x7f00000001c0)={'fscrypt:', @desc4}, &(0x7f0000000200)={0x0, "2b15095c5adc6a48b240899cd2e7f7143f837959095f1b0f0973592896b1901eacc493afeeed81ab6e5fc02fced4b4af98558e409ea8c946a86a8d866965c310", 0x1e}, 0x48, r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2) (async)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000440), r2)
sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xe8ab40aca2105516}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="07008000", @ANYRES16=r3, @ANYBLOB="20002dbd7000fcdbdf256800000008000300", @ANYRES32=0x0, @ANYBLOB="3600c70000060901810502060704040202000801ff060307200705074002080308072f04d40201060100060240033c746edc8d65ce320000"], 0x54}}, 0x20000010) (async)
sendmsg$NL80211_CMD_SET_QOS_MAP(r2, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0xe8ab40aca2105516}, 0xc, &(0x7f0000000340)={&(0x7f00000002c0)=ANY=[@ANYBLOB="07008000", @ANYRES16=r3, @ANYBLOB="20002dbd7000fcdbdf256800000008000300", @ANYRES32=0x0, @ANYBLOB="3600c70000060901810502060704040202000801ff060307200705074002080308072f04d40201060100060240033c746edc8d65ce320000"], 0x54}}, 0x20000010)
keyctl$search(0xa, r0, &(0x7f0000000000)='asymmetric\x00', &(0x7f0000000140)={'syz', 0x3}, r1)
openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) (async)
r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000400)=0x2)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
r5 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f0000000480)=0x6)
keyctl$link(0x3, r5, 0x0)
keyctl$link(0x8, r0, r5)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000000), &(0x7f0000000040)=0x10, 0xc00)
bind$tipc(r2, 0x0, 0x0) (async)
bind$tipc(r2, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0153a9cff813f30000000000000059f607"], 0x28}}, 0x0)

[  645.349955][T25832]  kernel_clone+0x21e/0x9e0
[  645.349975][T25832]  ? __delayed_free_task+0x20/0x20
[  645.349993][T25832]  ? vfs_write+0x9ec/0x1110
[  645.350012][T25832]  ? create_io_thread+0x1e0/0x1e0
[  645.350045][T25832]  __x64_sys_clone3+0x376/0x3a0
10:01:20 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 82)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x8001)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0xbf15, 0x4, 0x16, 0x0, "5f8d65fede7f56bd42e6c09418c0704efef589533eab2c548827588a73f32e0d3767c915f88b82ffd78fa1f19e5420eb9078b48353333abf3f26e5f5909a8616", "75178eff904927efa6b4c64935404c3dedc091d339fa71e9c6d78678fadf1d25", [0x5c, 0x23ce9fac]})

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000ec90baeca4d2965897e00f67f0289a6ad1fc10dff66d63a2e94ca47c12c005975eeacb97814281ba382a04ee9eb96fb75064131218dc00c4f366662e397864339d952a6adbcb404709e2e8488a3f1b9e73b899f30600000000000000b02e000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)

10:01:20 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x8001)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0xbf15, 0x4, 0x16, 0x0, "5f8d65fede7f56bd42e6c09418c0704efef589533eab2c548827588a73f32e0d3767c915f88b82ffd78fa1f19e5420eb9078b48353333abf3f26e5f5909a8616", "75178eff904927efa6b4c64935404c3dedc091d339fa71e9c6d78678fadf1d25", [0x5c, 0x23ce9fac]})

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = syz_open_dev$loop(&(0x7f00000000c0), 0x1, 0x8001)
ioctl$LOOP_SET_STATUS(r2, 0x4c02, &(0x7f0000000140)={0x0, {}, 0x0, {}, 0xbf15, 0x4, 0x16, 0x0, "5f8d65fede7f56bd42e6c09418c0704efef589533eab2c548827588a73f32e0d3767c915f88b82ffd78fa1f19e5420eb9078b48353333abf3f26e5f5909a8616", "75178eff904927efa6b4c64935404c3dedc091d339fa71e9c6d78678fadf1d25", [0x5c, 0x23ce9fac]})

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000ec90baeca4d2965897e00f67f0289a6ad1fc10dff66d63a2e94ca47c12c005975eeacb97814281ba382a04ee9eb96fb75064131218dc00c4f366662e397864339d952a6adbcb404709e2e8488a3f1b9e73b899f30600000000000000b02e000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000ec90baeca4d2965897e00f67f0289a6ad1fc10dff66d63a2e94ca47c12c005975eeacb97814281ba382a04ee9eb96fb75064131218dc00c4f366662e397864339d952a6adbcb404709e2e8488a3f1b9e73b899f30600000000000000b02e000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

[  645.350070][T25832]  ? __ia32_sys_clone+0x290/0x290
[  645.350097][T25832]  ? fput+0x1a/0x20
[  645.350120][T25832]  ? debug_smp_processor_id+0x17/0x20
[  645.350144][T25832]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  645.350170][T25832]  ? exit_to_user_mode_prepare+0x39/0xa0
[  645.350193][T25832]  do_syscall_64+0x3d/0xb0
[  645.350214][T25832]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
10:01:20 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
r3 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1, {r3}}, 0x58)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, r0)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$restrict_keyring(0x1d, r2, &(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)='keyring\x00')
keyctl$unlink(0x9, r2, r2)
keyctl$link(0x3, r2, 0x0)

[  645.350240][T25832] RIP: 0033:0x7f19fd5aeda9
[  645.350260][T25832] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  645.350280][T25832] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  645.350306][T25832] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  645.350324][T25832] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$restrict_keyring(0x1d, r2, &(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)='keyring\x00')
keyctl$unlink(0x9, r2, r2) (async)
keyctl$link(0x3, r2, 0x0)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000ec90baeca4d2965897e00f67f0289a6ad1fc10dff66d63a2e94ca47c12c005975eeacb97814281ba382a04ee9eb96fb75064131218dc00c4f366662e397864339d952a6adbcb404709e2e8488a3f1b9e73b899f30600000000000000b02e000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="0000ec90baeca4d2965897e00f67f0289a6ad1fc10dff66d63a2e94ca47c12c005975eeacb97814281ba382a04ee9eb96fb75064131218dc00c4f366662e397864339d952a6adbcb404709e2e8488a3f1b9e73b899f30600000000000000b02e000000", @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x0}, 0x0, 0x0, 0x0)
keyctl$link(0x8, 0x0, r0) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$restrict_keyring(0x1d, r2, &(0x7f0000000180)='keyring\x00', &(0x7f00000001c0)='keyring\x00')
keyctl$unlink(0x9, r2, r2) (async)
keyctl$link(0x3, r2, 0x0)

[  645.350339][T25832] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  645.350355][T25832] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  645.350370][T25832] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  645.350390][T25832]  </TASK>
[  645.408929][T25878] FAULT_INJECTION: forcing a failure.
[  645.408929][T25878] name failslab, interval 1, probability 0, space 0, times 0
[  645.408963][T25878] CPU: 0 PID: 25878 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
10:01:20 executing program 1:
r0 = accept4$tipc(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000140)=0x10, 0x80000)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:20 executing program 1:
r0 = accept4$tipc(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000140)=0x10, 0x80000)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) (async)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x248, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0xd, 0x2a, [@chsw_timing={0x68, 0x4, {0x2, 0xa8c}}, @sec_chan_ofs={0x3e, 0x1, 0x2}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x9}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}, @NL80211_ATTR_IE={0x204, 0x2a, [@ssid={0x0, 0x6, @default_ibss_ssid}, @dsss={0x3, 0x1, 0x40}, @fast_bss_trans={0x37, 0xf1, {0xf8, 0x7, "b913fd5141b3718c88a8ae1190cd58d8", "2f233e447d74672f4d6313fbc17596bc24db5a4e6a1847c65f8bafa6d3e602aa", "cdc97348600fb3f04eb4ef15be5c30ed89e8a6174dfa9f3162ab2ecb0d4e63f0", [{0x4, 0x1c, "e0445ed6faf7f5c8139c5c0050a3dd15395a091a88c931bcf9bac19a"}, {0x4, 0x15, "c668a8483e3d858d4d2b105d93991c22123cb3083c"}, {0x1, 0x18, "d6947f07ab528d88f0a828e39375735efdc11f2a1bee3205"}, {0x1, 0x1b, "57379d5780a2fe081e9acf7a9a3d8d037c38000d7070c30e141c07"}, {0x2}, {0x4, 0x1a, "1228a8e5ecdd8944e4bd26dde7adac955e7f75d1c232015a0030"}, {0x3, 0x13, "91b2dc5058dc3bd39c9737029457824fe2fca5"}]}}, @rann={0x7e, 0x15, {{0x0, 0x6f}, 0xff, 0xb0, @broadcast, 0x1, 0xc6c8, 0x5}}, @supported_rates={0x1, 0x7, [{0x5}, {0x4}, {0xdee9cbfabf81bec7, 0x1}, {0x3, 0x1}, {0x3}, {0x30}, {0x0, 0x1}]}, @random={0x1, 0xcf, "1ab852a459ef309542c2d1170b7cbc148100d90954b33afdabdc9fa60ebe221819c1aff9acc3f221eab730cafee7ec8db9c9c89969e2673c2ecf935d8c8aea8bcda5cd51f09c24cf4aad5c6638bfb550b5def36c3920af5ca2528c5f75c9db459e209cc05e82646c601e44b55dab0730188fd55f1f1e2d8196ce478d924f1b963b53dd7a9bdd2fd54b3b2825b213ee5f96f710c0ba58dfc4d5bc71f9767e5e512a12e4b5233243673de046fb1a53c21183a988946d8a7bb38724102f602d4301852b90941c5f6b6292cd070e625665"}, @gcr_ga={0xbd, 0x6, @device_b}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x29}}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}]}, 0x248}, 0x1, 0x0, 0x0, 0x800}, 0x4000004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRESDEC=r1, @ANYRES16=r1], 0x28}, 0x1, 0x0, 0x0, 0x4044844}, 0x24000041)

[  645.408988][T25878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  645.409003][T25878] Call Trace:
[  645.409010][T25878]  <TASK>
[  645.409018][T25878]  dump_stack_lvl+0x151/0x1b7
[  645.409046][T25878]  ? io_uring_drop_tctx_refs+0x190/0x190
[  645.409071][T25878]  dump_stack+0x15/0x17
[  645.409090][T25878]  should_fail+0x3c6/0x510
[  645.409114][T25878]  __should_failslab+0xa4/0xe0
[  645.409138][T25878]  ? vm_area_dup+0x26/0x230
[  645.409164][T25878]  should_failslab+0x9/0x20
[  645.409192][T25878]  slab_pre_alloc_hook+0x37/0xd0
[  645.409218][T25878]  ? vm_area_dup+0x26/0x230
10:01:20 executing program 1:
r0 = accept4$tipc(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000140)=0x10, 0x80000)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85)
r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$link(0x3, r2, 0x0)
accept4$tipc(0xffffffffffffffff, &(0x7f00000000c0), &(0x7f0000000140)=0x10, 0x80000) (async)
setsockopt$TIPC_MCAST_BROADCAST(r0, 0x10f, 0x85) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r1) (async)
keyctl$link(0x3, r2, 0x0) (async)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x248, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0xd, 0x2a, [@chsw_timing={0x68, 0x4, {0x2, 0xa8c}}, @sec_chan_ofs={0x3e, 0x1, 0x2}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x9}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}, @NL80211_ATTR_IE={0x204, 0x2a, [@ssid={0x0, 0x6, @default_ibss_ssid}, @dsss={0x3, 0x1, 0x40}, @fast_bss_trans={0x37, 0xf1, {0xf8, 0x7, "b913fd5141b3718c88a8ae1190cd58d8", "2f233e447d74672f4d6313fbc17596bc24db5a4e6a1847c65f8bafa6d3e602aa", "cdc97348600fb3f04eb4ef15be5c30ed89e8a6174dfa9f3162ab2ecb0d4e63f0", [{0x4, 0x1c, "e0445ed6faf7f5c8139c5c0050a3dd15395a091a88c931bcf9bac19a"}, {0x4, 0x15, "c668a8483e3d858d4d2b105d93991c22123cb3083c"}, {0x1, 0x18, "d6947f07ab528d88f0a828e39375735efdc11f2a1bee3205"}, {0x1, 0x1b, "57379d5780a2fe081e9acf7a9a3d8d037c38000d7070c30e141c07"}, {0x2}, {0x4, 0x1a, "1228a8e5ecdd8944e4bd26dde7adac955e7f75d1c232015a0030"}, {0x3, 0x13, "91b2dc5058dc3bd39c9737029457824fe2fca5"}]}}, @rann={0x7e, 0x15, {{0x0, 0x6f}, 0xff, 0xb0, @broadcast, 0x1, 0xc6c8, 0x5}}, @supported_rates={0x1, 0x7, [{0x5}, {0x4}, {0xdee9cbfabf81bec7, 0x1}, {0x3, 0x1}, {0x3}, {0x30}, {0x0, 0x1}]}, @random={0x1, 0xcf, "1ab852a459ef309542c2d1170b7cbc148100d90954b33afdabdc9fa60ebe221819c1aff9acc3f221eab730cafee7ec8db9c9c89969e2673c2ecf935d8c8aea8bcda5cd51f09c24cf4aad5c6638bfb550b5def36c3920af5ca2528c5f75c9db459e209cc05e82646c601e44b55dab0730188fd55f1f1e2d8196ce478d924f1b963b53dd7a9bdd2fd54b3b2825b213ee5f96f710c0ba58dfc4d5bc71f9767e5e512a12e4b5233243673de046fb1a53c21183a988946d8a7bb38724102f602d4301852b90941c5f6b6292cd070e625665"}, @gcr_ga={0xbd, 0x6, @device_b}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x29}}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}]}, 0x248}, 0x1, 0x0, 0x0, 0x800}, 0x4000004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRESDEC=r1, @ANYRES16=r1], 0x28}, 0x1, 0x0, 0x0, 0x4044844}, 0x24000041)
socket$nl_generic(0x10, 0x3, 0x10) (async)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x248, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0xd, 0x2a, [@chsw_timing={0x68, 0x4, {0x2, 0xa8c}}, @sec_chan_ofs={0x3e, 0x1, 0x2}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x9}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}, @NL80211_ATTR_IE={0x204, 0x2a, [@ssid={0x0, 0x6, @default_ibss_ssid}, @dsss={0x3, 0x1, 0x40}, @fast_bss_trans={0x37, 0xf1, {0xf8, 0x7, "b913fd5141b3718c88a8ae1190cd58d8", "2f233e447d74672f4d6313fbc17596bc24db5a4e6a1847c65f8bafa6d3e602aa", "cdc97348600fb3f04eb4ef15be5c30ed89e8a6174dfa9f3162ab2ecb0d4e63f0", [{0x4, 0x1c, "e0445ed6faf7f5c8139c5c0050a3dd15395a091a88c931bcf9bac19a"}, {0x4, 0x15, "c668a8483e3d858d4d2b105d93991c22123cb3083c"}, {0x1, 0x18, "d6947f07ab528d88f0a828e39375735efdc11f2a1bee3205"}, {0x1, 0x1b, "57379d5780a2fe081e9acf7a9a3d8d037c38000d7070c30e141c07"}, {0x2}, {0x4, 0x1a, "1228a8e5ecdd8944e4bd26dde7adac955e7f75d1c232015a0030"}, {0x3, 0x13, "91b2dc5058dc3bd39c9737029457824fe2fca5"}]}}, @rann={0x7e, 0x15, {{0x0, 0x6f}, 0xff, 0xb0, @broadcast, 0x1, 0xc6c8, 0x5}}, @supported_rates={0x1, 0x7, [{0x5}, {0x4}, {0xdee9cbfabf81bec7, 0x1}, {0x3, 0x1}, {0x3}, {0x30}, {0x0, 0x1}]}, @random={0x1, 0xcf, "1ab852a459ef309542c2d1170b7cbc148100d90954b33afdabdc9fa60ebe221819c1aff9acc3f221eab730cafee7ec8db9c9c89969e2673c2ecf935d8c8aea8bcda5cd51f09c24cf4aad5c6638bfb550b5def36c3920af5ca2528c5f75c9db459e209cc05e82646c601e44b55dab0730188fd55f1f1e2d8196ce478d924f1b963b53dd7a9bdd2fd54b3b2825b213ee5f96f710c0ba58dfc4d5bc71f9767e5e512a12e4b5233243673de046fb1a53c21183a988946d8a7bb38724102f602d4301852b90941c5f6b6292cd070e625665"}, @gcr_ga={0xbd, 0x6, @device_b}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x29}}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}]}, 0x248}, 0x1, 0x0, 0x0, 0x800}, 0x4000004) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRESDEC=r1, @ANYRES16=r1], 0x28}, 0x1, 0x0, 0x0, 0x4044844}, 0x24000041) (async)

[  645.409242][T25878]  kmem_cache_alloc+0x44/0x200
[  645.409267][T25878]  vm_area_dup+0x26/0x230
[  645.409291][T25878]  copy_mm+0x9a1/0x13e0
[  645.409319][T25878]  ? copy_signal+0x610/0x610
[  645.409343][T25878]  ? __init_rwsem+0xd6/0x1c0
[  645.409372][T25878]  ? copy_signal+0x4e3/0x610
[  645.409397][T25878]  copy_process+0x1149/0x3290
[  645.409427][T25878]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  645.409452][T25878]  ? copy_clone_args_from_user+0x774/0x830
[  645.409475][T25878]  kernel_clone+0x21e/0x9e0
[  645.409498][T25878]  ? __delayed_free_task+0x20/0x20
10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1)

10:01:20 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_UPDATE_FT_IES(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000280)={0x248, r1, 0x10, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_IE={0xd, 0x2a, [@chsw_timing={0x68, 0x4, {0x2, 0xa8c}}, @sec_chan_ofs={0x3e, 0x1, 0x2}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x9}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}, @NL80211_ATTR_IE={0x204, 0x2a, [@ssid={0x0, 0x6, @default_ibss_ssid}, @dsss={0x3, 0x1, 0x40}, @fast_bss_trans={0x37, 0xf1, {0xf8, 0x7, "b913fd5141b3718c88a8ae1190cd58d8", "2f233e447d74672f4d6313fbc17596bc24db5a4e6a1847c65f8bafa6d3e602aa", "cdc97348600fb3f04eb4ef15be5c30ed89e8a6174dfa9f3162ab2ecb0d4e63f0", [{0x4, 0x1c, "e0445ed6faf7f5c8139c5c0050a3dd15395a091a88c931bcf9bac19a"}, {0x4, 0x15, "c668a8483e3d858d4d2b105d93991c22123cb3083c"}, {0x1, 0x18, "d6947f07ab528d88f0a828e39375735efdc11f2a1bee3205"}, {0x1, 0x1b, "57379d5780a2fe081e9acf7a9a3d8d037c38000d7070c30e141c07"}, {0x2}, {0x4, 0x1a, "1228a8e5ecdd8944e4bd26dde7adac955e7f75d1c232015a0030"}, {0x3, 0x13, "91b2dc5058dc3bd39c9737029457824fe2fca5"}]}}, @rann={0x7e, 0x15, {{0x0, 0x6f}, 0xff, 0xb0, @broadcast, 0x1, 0xc6c8, 0x5}}, @supported_rates={0x1, 0x7, [{0x5}, {0x4}, {0xdee9cbfabf81bec7, 0x1}, {0x3, 0x1}, {0x3}, {0x30}, {0x0, 0x1}]}, @random={0x1, 0xcf, "1ab852a459ef309542c2d1170b7cbc148100d90954b33afdabdc9fa60ebe221819c1aff9acc3f221eab730cafee7ec8db9c9c89969e2673c2ecf935d8c8aea8bcda5cd51f09c24cf4aad5c6638bfb550b5def36c3920af5ca2528c5f75c9db459e209cc05e82646c601e44b55dab0730188fd55f1f1e2d8196ce478d924f1b963b53dd7a9bdd2fd54b3b2825b213ee5f96f710c0ba58dfc4d5bc71f9767e5e512a12e4b5233243673de046fb1a53c21183a988946d8a7bb38724102f602d4301852b90941c5f6b6292cd070e625665"}, @gcr_ga={0xbd, 0x6, @device_b}, @mesh_config={0x71, 0x7, {0x1, 0x0, 0x0, 0x1, 0x0, 0x2, 0x29}}]}, @NL80211_ATTR_MDID={0x6, 0xb1, 0x8}]}, 0x248}, 0x1, 0x0, 0x0, 0x800}, 0x4000004)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES32=r1, @ANYRESDEC=r0, @ANYRES32=r1, @ANYRESDEC=r1, @ANYRES16=r1], 0x28}, 0x1, 0x0, 0x0, 0x4044844}, 0x24000041)

10:01:20 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
keyctl$link(0x3, r1, 0x0)
keyctl$KEYCTL_MOVE(0x1e, r1, r0, r1, 0x1)

[  645.409518][T25878]  ? vfs_write+0x9ec/0x1110
[  645.409539][T25878]  ? create_io_thread+0x1e0/0x1e0
[  645.409565][T25878]  __x64_sys_clone3+0x376/0x3a0
[  645.409590][T25878]  ? __ia32_sys_clone+0x290/0x290
[  645.409616][T25878]  ? fput+0x1a/0x20
[  645.409637][T25878]  ? debug_smp_processor_id+0x17/0x20
[  645.409660][T25878]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  645.409686][T25878]  ? exit_to_user_mode_prepare+0x39/0xa0
[  645.409709][T25878]  do_syscall_64+0x3d/0xb0
[  645.409729][T25878]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  645.409756][T25878] RIP: 0033:0x7f19fd5aeda9
[  645.409774][T25878] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  645.409794][T25878] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  645.409818][T25878] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  645.409835][T25878] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  645.409850][T25878] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  645.409865][T25878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  645.409879][T25878] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  645.409898][T25878]  </TASK>
[  645.453541][T25889] FAULT_INJECTION: forcing a failure.
[  645.453541][T25889] name failslab, interval 1, probability 0, space 0, times 0
[  645.453575][T25889] CPU: 1 PID: 25889 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  645.453602][T25889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  645.453617][T25889] Call Trace:
[  645.453624][T25889]  <TASK>
[  645.453632][T25889]  dump_stack_lvl+0x151/0x1b7
[  645.453660][T25889]  ? io_uring_drop_tctx_refs+0x190/0x190
[  645.453687][T25889]  dump_stack+0x15/0x17
[  645.453707][T25889]  should_fail+0x3c6/0x510
[  645.453731][T25889]  __should_failslab+0xa4/0xe0
[  645.453755][T25889]  ? anon_vma_clone+0x9a/0x500
[  645.453780][T25889]  should_failslab+0x9/0x20
[  645.453804][T25889]  slab_pre_alloc_hook+0x37/0xd0
[  645.453829][T25889]  ? anon_vma_clone+0x9a/0x500
[  645.453849][T25889]  kmem_cache_alloc+0x44/0x200
[  645.453881][T25889]  anon_vma_clone+0x9a/0x500
[  645.453904][T25889]  anon_vma_fork+0x91/0x4e0
[  645.453925][T25889]  ? anon_vma_name+0x43/0x70
[  645.453946][T25889]  ? vm_area_dup+0x17a/0x230
[  645.453972][T25889]  copy_mm+0xa3a/0x13e0
[  645.453999][T25889]  ? copy_signal+0x610/0x610
[  645.454024][T25889]  ? __init_rwsem+0xd6/0x1c0
[  645.454047][T25889]  ? copy_signal+0x4e3/0x610
[  645.454071][T25889]  copy_process+0x1149/0x3290
[  645.454100][T25889]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  645.454125][T25889]  ? copy_clone_args_from_user+0x774/0x830
[  645.454150][T25889]  kernel_clone+0x21e/0x9e0
[  645.454173][T25889]  ? __delayed_free_task+0x20/0x20
[  645.454194][T25889]  ? vfs_write+0x9ec/0x1110
[  645.454215][T25889]  ? create_io_thread+0x1e0/0x1e0
[  645.454243][T25889]  __x64_sys_clone3+0x376/0x3a0
[  645.454269][T25889]  ? __ia32_sys_clone+0x290/0x290
[  645.454296][T25889]  ? fput+0x1a/0x20
[  645.454318][T25889]  ? debug_smp_processor_id+0x17/0x20
[  645.454342][T25889]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  645.454367][T25889]  ? exit_to_user_mode_prepare+0x39/0xa0
[  645.454391][T25889]  do_syscall_64+0x3d/0xb0
[  645.454412][T25889]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  645.454439][T25889] RIP: 0033:0x7f19fd5aeda9
[  645.454458][T25889] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  645.454478][T25889] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  645.454503][T25889] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  645.454522][T25889] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  645.454537][T25889] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  645.454553][T25889] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  645.454567][T25889] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  645.454587][T25889]  </TASK>
[  645.519052][T25900] FAULT_INJECTION: forcing a failure.
[  645.519052][T25900] name failslab, interval 1, probability 0, space 0, times 0
[  646.142736][T25900] CPU: 1 PID: 25900 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  646.152890][T25900] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  646.162793][T25900] Call Trace:
[  646.165910][T25900]  <TASK>
[  646.168689][T25900]  dump_stack_lvl+0x151/0x1b7
[  646.173200][T25900]  ? io_uring_drop_tctx_refs+0x190/0x190
[  646.178669][T25900]  dump_stack+0x15/0x17
[  646.182663][T25900]  should_fail+0x3c6/0x510
[  646.186917][T25900]  __should_failslab+0xa4/0xe0
[  646.191698][T25900]  ? anon_vma_clone+0x9a/0x500
[  646.196719][T25900]  should_failslab+0x9/0x20
[  646.201070][T25900]  slab_pre_alloc_hook+0x37/0xd0
[  646.205920][T25900]  ? anon_vma_clone+0x9a/0x500
[  646.210521][T25900]  kmem_cache_alloc+0x44/0x200
[  646.215123][T25900]  anon_vma_clone+0x9a/0x500
[  646.219547][T25900]  anon_vma_fork+0x91/0x4e0
[  646.223896][T25900]  ? anon_vma_name+0x43/0x70
[  646.228314][T25900]  ? vm_area_dup+0x17a/0x230
[  646.232743][T25900]  copy_mm+0xa3a/0x13e0
[  646.236734][T25900]  ? copy_signal+0x610/0x610
[  646.241161][T25900]  ? __init_rwsem+0xd6/0x1c0
[  646.245590][T25900]  ? copy_signal+0x4e3/0x610
[  646.250012][T25900]  copy_process+0x1149/0x3290
[  646.254534][T25900]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  646.259470][T25900]  ? copy_clone_args_from_user+0x774/0x830
[  646.265113][T25900]  kernel_clone+0x21e/0x9e0
[  646.269466][T25900]  ? __delayed_free_task+0x20/0x20
[  646.274400][T25900]  ? vfs_write+0x9ec/0x1110
[  646.278739][T25900]  ? create_io_thread+0x1e0/0x1e0
[  646.283602][T25900]  __x64_sys_clone3+0x376/0x3a0
[  646.288291][T25900]  ? __ia32_sys_clone+0x290/0x290
[  646.293149][T25900]  ? fput+0x1a/0x20
[  646.296793][T25900]  ? debug_smp_processor_id+0x17/0x20
[  646.301999][T25900]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  646.307904][T25900]  ? exit_to_user_mode_prepare+0x39/0xa0
[  646.313370][T25900]  do_syscall_64+0x3d/0xb0
[  646.317621][T25900]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  646.323350][T25900] RIP: 0033:0x7f19fd5aeda9
[  646.327605][T25900] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  646.347046][T25900] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  646.355402][T25900] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  646.363213][T25900] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  646.371024][T25900] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  646.378834][T25900] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:21 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000180)={0x0, 0x0, 0x100, &(0x7f0000000140)=0x7})
write$char_usb(r0, &(0x7f0000000040)="0c42ff54692cdd360abceaffa5d2bfe4ada4a7a603962bfaca8ea99b884a347d945e1b8dc3350d45365764ad5193edec04c554edcba704642ceee4263a761c3d5fefab35a118d8719096564540e9a2391379599b61b846085c3b6979d4f9a7533f3f13a16886dc652a3a0bceee0d809ac02351e4508ba57fa817b7d537578c54b13d2dd306a0123b8ae8bbe0c359f5b607c8f40514fef7798e1a40d8dfd24aeddc90e4bcc3af2711f53681edd336f9ea6d13634bc0c3d4d0513089806dcb23d7dea2c4062fa81ab47caf9a8e14864a658f8b5d60fe7f9aacfe72a9011f788cfe968c21fc18ca96b4564efacf8841808557af927fbe9b56015f0b7ece75", 0xfd)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) (async)
ioctl$KVM_SET_DEVICE_ATTR(r0, 0x4018aee1, &(0x7f0000000180)={0x0, 0x0, 0x100, &(0x7f0000000140)=0x7}) (async)
write$char_usb(r0, &(0x7f0000000040)="0c42ff54692cdd360abceaffa5d2bfe4ada4a7a603962bfaca8ea99b884a347d945e1b8dc3350d45365764ad5193edec04c554edcba704642ceee4263a761c3d5fefab35a118d8719096564540e9a2391379599b61b846085c3b6979d4f9a7533f3f13a16886dc652a3a0bceee0d809ac02351e4508ba57fa817b7d537578c54b13d2dd306a0123b8ae8bbe0c359f5b607c8f40514fef7798e1a40d8dfd24aeddc90e4bcc3af2711f53681edd336f9ea6d13634bc0c3d4d0513089806dcb23d7dea2c4062fa81ab47caf9a8e14864a658f8b5d60fe7f9aacfe72a9011f788cfe968c21fc18ca96b4564efacf8841808557af927fbe9b56015f0b7ece75", 0xfd) (async)

10:01:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair(0x23, 0x1, 0x10000, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$tipc(r2, &(0x7f0000000040), &(0x7f0000000080)=0x10)

10:01:21 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
r2 = getpid()
syz_pidfd_open(r2, 0x0)
syz_clone3(&(0x7f0000000540)={0x100000400, &(0x7f0000000280), &(0x7f00000002c0), &(0x7f0000000300), {0x1b}, &(0x7f0000000340)=""/191, 0xbf, &(0x7f0000000400)=""/218, &(0x7f0000000500)=[r1, r1, r1, r1, r1, r1, r1, r2, r1, r1], 0xa, {r0}}, 0x58)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r2], 0x1}, 0x58)

10:01:21 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 83)

[  646.386647][T25900] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  646.394636][T25900]  </TASK>
10:01:21 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$link(0x3, 0x0, 0x0)

10:01:21 executing program 0:
socket$nl_generic(0x10, 0x3, 0x10) (async)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0)
socketpair(0x23, 0x1, 0x10000, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$tipc(r2, &(0x7f0000000040), &(0x7f0000000080)=0x10)

[  646.421592][T25958] __nla_validate_parse: 52 callbacks suppressed
[  646.421612][T25958] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  646.445402][T25963] FAULT_INJECTION: forcing a failure.
[  646.445402][T25963] name failslab, interval 1, probability 0, space 0, times 0
10:01:21 executing program 1:
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$link(0x3, 0x0, 0x0)

10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @auto=[0x37]}, &(0x7f0000000280)={0x0, "8418d0b7d5546502f1e78faa310a60d8aaa0511379cdf21530fc7b1665ca552f5204a45ea7b8ea61b9b854f19626fe38a12c770e3410a4594acbf2c63b151978"}, 0x48, r2)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000180)={'fscrypt:', @auto=[0x33, 0x30, 0x36, 0x35, 0x32, 0x64, 0x32, 0x62, 0x38, 0x34, 0x33, 0x36, 0x62, 0x33, 0x31, 0x37]}, &(0x7f00000001c0)={0x0, "33be8b99b24c96afaefa65a57f14cb50f715a06accd70a66e621df3098522eb370b9337a616dd6b73e62ee3c6f47e243f9ce28eaea3f6fd17dcfa831b6e0214a", 0x3c}, 0x48, r2)
r3 = syz_open_dev$rtc(&(0x7f0000000080), 0x7fffffffffffffff, 0x80000)
ioctl$RTC_VL_CLR(r3, 0x7014)

10:01:21 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0xfffffffc}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = getpid()
syz_pidfd_open(r1, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r1], 0x1}, 0x58)

[  646.466626][T25974] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  646.480931][T25963] CPU: 0 PID: 25963 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  646.491105][T25963] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  646.500998][T25963] Call Trace:
[  646.504127][T25963]  <TASK>
[  646.506897][T25963]  dump_stack_lvl+0x151/0x1b7
[  646.511412][T25963]  ? io_uring_drop_tctx_refs+0x190/0x190
[  646.516887][T25963]  dump_stack+0x15/0x17
10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @auto=[0x37]}, &(0x7f0000000280)={0x0, "8418d0b7d5546502f1e78faa310a60d8aaa0511379cdf21530fc7b1665ca552f5204a45ea7b8ea61b9b854f19626fe38a12c770e3410a4594acbf2c63b151978"}, 0x48, r2)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000180)={'fscrypt:', @auto=[0x33, 0x30, 0x36, 0x35, 0x32, 0x64, 0x32, 0x62, 0x38, 0x34, 0x33, 0x36, 0x62, 0x33, 0x31, 0x37]}, &(0x7f00000001c0)={0x0, "33be8b99b24c96afaefa65a57f14cb50f715a06accd70a66e621df3098522eb370b9337a616dd6b73e62ee3c6f47e243f9ce28eaea3f6fd17dcfa831b6e0214a", 0x3c}, 0x48, r2)
r3 = syz_open_dev$rtc(&(0x7f0000000080), 0x7fffffffffffffff, 0x80000)
ioctl$RTC_VL_CLR(r3, 0x7014)

10:01:21 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0xfffffffc}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc)
r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb)
add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f00000000c0)={'fscrypt:', @auto=[0x37]}, &(0x7f0000000280)={0x0, "8418d0b7d5546502f1e78faa310a60d8aaa0511379cdf21530fc7b1665ca552f5204a45ea7b8ea61b9b854f19626fe38a12c770e3410a4594acbf2c63b151978"}, 0x48, r2) (async)
add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000180)={'fscrypt:', @auto=[0x33, 0x30, 0x36, 0x35, 0x32, 0x64, 0x32, 0x62, 0x38, 0x34, 0x33, 0x36, 0x62, 0x33, 0x31, 0x37]}, &(0x7f00000001c0)={0x0, "33be8b99b24c96afaefa65a57f14cb50f715a06accd70a66e621df3098522eb370b9337a616dd6b73e62ee3c6f47e243f9ce28eaea3f6fd17dcfa831b6e0214a", 0x3c}, 0x48, r2)
r3 = syz_open_dev$rtc(&(0x7f0000000080), 0x7fffffffffffffff, 0x80000)
ioctl$RTC_VL_CLR(r3, 0x7014)

10:01:21 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0xfffffffc}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {0xfffffffc}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)

[  646.520874][T25963]  should_fail+0x3c6/0x510
[  646.525129][T25963]  __should_failslab+0xa4/0xe0
[  646.529727][T25963]  ? anon_vma_clone+0x9a/0x500
[  646.534323][T25963]  should_failslab+0x9/0x20
[  646.538664][T25963]  slab_pre_alloc_hook+0x37/0xd0
[  646.543437][T25963]  ? anon_vma_clone+0x9a/0x500
[  646.548043][T25963]  kmem_cache_alloc+0x44/0x200
[  646.552641][T25963]  anon_vma_clone+0x9a/0x500
[  646.557154][T25963]  anon_vma_fork+0x91/0x4e0
[  646.561493][T25963]  ? anon_vma_name+0x43/0x70
[  646.565916][T25963]  ? vm_area_dup+0x17a/0x230
10:01:21 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
r1 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r1], 0x1}, 0x58)

[  646.570345][T25963]  copy_mm+0xa3a/0x13e0
[  646.574338][T25963]  ? copy_signal+0x610/0x610
[  646.578851][T25963]  ? __init_rwsem+0xd6/0x1c0
[  646.583276][T25963]  ? copy_signal+0x4e3/0x610
[  646.587701][T25963]  copy_process+0x1149/0x3290
[  646.592219][T25963]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  646.597162][T25963]  ? copy_clone_args_from_user+0x774/0x830
[  646.602806][T25963]  kernel_clone+0x21e/0x9e0
[  646.607143][T25963]  ? __delayed_free_task+0x20/0x20
[  646.612091][T25963]  ? vfs_write+0x9ec/0x1110
[  646.616427][T25963]  ? create_io_thread+0x1e0/0x1e0
10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)

10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000140), 0x2, 0x0)
keyctl$negate(0xd, 0x0, 0x1, r1)

[  646.621293][T25963]  __x64_sys_clone3+0x376/0x3a0
[  646.625977][T25963]  ? __ia32_sys_clone+0x290/0x290
[  646.630841][T25963]  ? fput+0x1a/0x20
[  646.634485][T25963]  ? debug_smp_processor_id+0x17/0x20
[  646.639689][T25963]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  646.645595][T25963]  ? exit_to_user_mode_prepare+0x39/0xa0
[  646.651071][T25963]  do_syscall_64+0x3d/0xb0
[  646.655322][T25963]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  646.661043][T25963] RIP: 0033:0x7f19fd5aeda9
10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_pidfd_open(r0, 0x0)
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[0x0], 0x1}, 0x58)

[  646.665295][T25963] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  646.684881][T25963] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  646.693125][T25963] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  646.700938][T25963] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  646.708753][T25963] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
10:01:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async, rerun: 64)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (rerun: 64)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000002"], 0x28}}, 0x0) (async)
socketpair(0x23, 0x1, 0x10000, &(0x7f0000000000)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
getsockname$tipc(r2, &(0x7f0000000040), &(0x7f0000000080)=0x10)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
getpid()
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000140), 0x2, 0x0) (async)
keyctl$negate(0xd, 0x0, 0x1, r1)

10:01:21 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

10:01:21 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 84)

[  646.716648][T25963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  646.724458][T25963] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  646.732281][T25963]  </TASK>
10:01:21 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000140), 0x2, 0x0)
keyctl$negate(0xd, 0x0, 0x1, r1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup/syz1\x00', 0x200002, 0x0) (async)
openat$cgroup_netprio_ifpriomap(r2, &(0x7f0000000140), 0x2, 0x0) (async)
keyctl$negate(0xd, 0x0, 0x1, r1) (async)

10:01:21 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x200100, 0x0)
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

[  646.785902][T26016] FAULT_INJECTION: forcing a failure.
[  646.785902][T26016] name failslab, interval 1, probability 0, space 0, times 0
[  646.801631][T26016] CPU: 0 PID: 26016 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  646.811797][T26016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  646.821779][T26016] Call Trace:
[  646.824903][T26016]  <TASK>
[  646.827684][T26016]  dump_stack_lvl+0x151/0x1b7
10:01:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}, 0x840)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
syz_io_uring_setup(0x7fff, &(0x7f00000002c0)={0x0, 0x1fc4, 0x4, 0x2, 0x194}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000340))
r5 = syz_io_uring_complete(r4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xdc, r1, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x4f}}}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0xa0, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x2c, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0x52f2cda2}, @NL80211_BAND_LC={0x8, 0x5, 0xaaf0}, @NL80211_BAND_LC={0x8, 0x5, 0xee2}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x400}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0xff}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4c, 0x6, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8, 0x1, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x2}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_60GHZ={0x8}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x81}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xdf7c}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_6GHZ={0x8}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="762b4998d599"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x80000000}]}]}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x100}, @NL80211_ATTR_MAC={0xa}]}, 0xdc}, 0x1, 0x0, 0x0, 0xe95309cb873d3923}, 0x2404c004)
r7 = syz_open_dev$rtc(&(0x7f00000006c0), 0xbc5, 0x200)
ioctl$RTC_VL_CLR(r7, 0x7014)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x8, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00022abd7000f9dbdf0812000000080006000000000000000000", @ANYRES32=r8, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40041)

10:01:21 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) (async, rerun: 64)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0) (rerun: 64)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}, 0x840) (async)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
syz_io_uring_setup(0x7fff, &(0x7f00000002c0)={0x0, 0x1fc4, 0x4, 0x2, 0x194}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000340))
r5 = syz_io_uring_complete(r4) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xdc, r1, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x4f}}}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0xa0, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x2c, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0x52f2cda2}, @NL80211_BAND_LC={0x8, 0x5, 0xaaf0}, @NL80211_BAND_LC={0x8, 0x5, 0xee2}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x400}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0xff}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4c, 0x6, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8, 0x1, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x2}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_60GHZ={0x8}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x81}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xdf7c}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_6GHZ={0x8}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="762b4998d599"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x80000000}]}]}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x100}, @NL80211_ATTR_MAC={0xa}]}, 0xdc}, 0x1, 0x0, 0x0, 0xe95309cb873d3923}, 0x2404c004)
r7 = syz_open_dev$rtc(&(0x7f00000006c0), 0xbc5, 0x200)
ioctl$RTC_VL_CLR(r7, 0x7014) (async)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x8, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc000) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00', <r8=>0x0}) (rerun: 32)
sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00022abd7000f9dbdf0812000000080006000000000000000000", @ANYRES32=r8, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40041)

[  646.832197][T26016]  ? io_uring_drop_tctx_refs+0x190/0x190
[  646.837668][T26016]  dump_stack+0x15/0x17
[  646.841653][T26016]  should_fail+0x3c6/0x510
[  646.845912][T26016]  __should_failslab+0xa4/0xe0
[  646.850506][T26016]  ? anon_vma_fork+0x1df/0x4e0
[  646.855127][T26016]  should_failslab+0x9/0x20
[  646.859451][T26016]  slab_pre_alloc_hook+0x37/0xd0
[  646.864232][T26016]  ? anon_vma_fork+0x1df/0x4e0
[  646.868818][T26016]  kmem_cache_alloc+0x44/0x200
[  646.873426][T26016]  anon_vma_fork+0x1df/0x4e0
[  646.877861][T26016]  copy_mm+0xa3a/0x13e0
[  646.881845][T26016]  ? copy_signal+0x610/0x610
10:01:21 executing program 2:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0) (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)

[  646.886263][T26016]  ? __init_rwsem+0xd6/0x1c0
[  646.890695][T26016]  ? copy_signal+0x4e3/0x610
[  646.895118][T26016]  copy_process+0x1149/0x3290
[  646.899637][T26016]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  646.904584][T26016]  ? copy_clone_args_from_user+0x774/0x830
[  646.910224][T26016]  kernel_clone+0x21e/0x9e0
[  646.914578][T26016]  ? __delayed_free_task+0x20/0x20
[  646.919525][T26016]  ? vfs_write+0x9ec/0x1110
[  646.923844][T26016]  ? create_io_thread+0x1e0/0x1e0
[  646.928714][T26016]  __x64_sys_clone3+0x376/0x3a0
[  646.933391][T26016]  ? __ia32_sys_clone+0x290/0x290
[  646.938257][T26016]  ? fput+0x1a/0x20
[  646.941899][T26016]  ? debug_smp_processor_id+0x17/0x20
[  646.947103][T26016]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  646.953007][T26016]  ? exit_to_user_mode_prepare+0x39/0xa0
[  646.958473][T26016]  do_syscall_64+0x3d/0xb0
[  646.962725][T26016]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  646.968470][T26016] RIP: 0033:0x7f19fd5aeda9
[  646.972708][T26016] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  646.992236][T26016] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  647.000479][T26016] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  647.008292][T26016] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  647.016104][T26016] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  647.023916][T26016] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:22 executing program 3:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 1:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x48)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001400)={0x6, 0x1d, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @alu={0x7, 0x0, 0x4, 0xb, 0x7, 0x6, 0x4}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x2}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x7, 0x4, 0x9, 0xfffffffffffffff4, 0xffffffffffffffff}, @exit, @generic={0x80, 0x9, 0x8, 0x6, 0x401}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1227}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x8000, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001300)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0x5, 0x800, 0x800}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000001380)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x3, 0x4, 0xc, 0x3}, {0x4, 0x3, 0x5, 0x7}, {0x0, 0x4, 0x10, 0x8}]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001500)={{r0}, &(0x7f00000000c0), &(0x7f00000014c0)=r1}, 0x20)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001540)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001680)={@cgroup=r3, 0x14, 0x0, 0x3, &(0x7f0000001580)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000015c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001600)=[0x0, 0x0], &(0x7f0000001640)=[0x0]}, 0x40)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r4, 0x0)
keyctl$link(0x8, r4, r4)

10:01:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYRES16=r0, @ANYRESOCT=r2, @ANYBLOB='\x00\x00\x00\x00'], 0x28}}, 0x840)
r3 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r0)
syz_io_uring_setup(0x7fff, &(0x7f00000002c0)={0x0, 0x1fc4, 0x4, 0x2, 0x194}, &(0x7f0000000200)=<r4=>0x0, &(0x7f0000000340))
r5 = syz_io_uring_complete(r4)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000500)={'wlan1\x00', <r6=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000680)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000640)={&(0x7f0000000540)={0xdc, r1, 0x2, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x7ff, 0x4f}}}}, [@NL80211_ATTR_SCHED_SCAN_MATCH={0xa0, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x2c, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0x52f2cda2}, @NL80211_BAND_LC={0x8, 0x5, 0xaaf0}, @NL80211_BAND_LC={0x8, 0x5, 0xee2}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x6}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x400}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x8, 0x3, 0xff}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x4c, 0x6, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8, 0x1, 0x3}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x2}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_60GHZ={0x8}, @NL80211_BAND_2GHZ={0x8, 0x0, 0x81}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x7}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xdf7c}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x5}, @NL80211_BAND_6GHZ={0x8}]}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @random="762b4998d599"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0xc, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x80000000}]}]}, @NL80211_ATTR_BG_SCAN_PERIOD={0x6, 0x98, 0x100}, @NL80211_ATTR_MAC={0xa}]}, 0xdc}, 0x1, 0x0, 0x0, 0xe95309cb873d3923}, 0x2404c004)
syz_open_dev$rtc(&(0x7f00000006c0), 0xbc5, 0x200) (async)
r7 = syz_open_dev$rtc(&(0x7f00000006c0), 0xbc5, 0x200)
ioctl$RTC_VL_CLR(r7, 0x7014) (async)
ioctl$RTC_VL_CLR(r7, 0x7014)
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r3, 0x8, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0xc000)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00'}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000003c0)={'batadv_slave_0\x00', <r8=>0x0})
sendmsg$BATADV_CMD_SET_VLAN(r5, &(0x7f0000000480)={&(0x7f0000000380)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00022abd7000f9dbdf0812000000080006000000000000000000", @ANYRES32=r8, @ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x1}, 0x40041)

10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 85)

[  647.031728][T26016] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  647.039541][T26016]  </TASK>
10:01:22 executing program 1:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x48) (async)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001400)={0x6, 0x1d, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @alu={0x7, 0x0, 0x4, 0xb, 0x7, 0x6, 0x4}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x2}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x7, 0x4, 0x9, 0xfffffffffffffff4, 0xffffffffffffffff}, @exit, @generic={0x80, 0x9, 0x8, 0x6, 0x401}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1227}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x8000, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001300)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0x5, 0x800, 0x800}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000001380)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x3, 0x4, 0xc, 0x3}, {0x4, 0x3, 0x5, 0x7}, {0x0, 0x4, 0x10, 0x8}]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001500)={{r0}, &(0x7f00000000c0), &(0x7f00000014c0)=r1}, 0x20) (async)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001540)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001680)={@cgroup=r3, 0x14, 0x0, 0x3, &(0x7f0000001580)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000015c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001600)=[0x0, 0x0], &(0x7f0000001640)=[0x0]}, 0x40) (async, rerun: 64)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2) (rerun: 64)
keyctl$link(0x3, r4, 0x0) (async)
keyctl$link(0x8, r4, r4)

10:01:22 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000000)=0x7)
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xf, 0x7}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000884)
getpeername$tipc(r0, &(0x7f0000000240)=@name, &(0x7f0000000280)=0x10)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'macvlan1\x00', 0xab9})
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000001c0)=0x7, &(0x7f0000000200)=0x4)

10:01:22 executing program 1:
r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000140)={0x3, 0x4, 0x4, 0xa, 0x0, 0x1, 0x7f, '\x00', 0x0, 0xffffffffffffffff, 0x5, 0x3}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001400)={0x6, 0x1d, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @alu={0x7, 0x0, 0x4, 0xb, 0x7, 0x6, 0x4}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x2}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x7, 0x4, 0x9, 0xfffffffffffffff4, 0xffffffffffffffff}, @exit, @generic={0x80, 0x9, 0x8, 0x6, 0x401}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1227}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x8000, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001300)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0x5, 0x800, 0x800}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000001380)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x3, 0x4, 0xc, 0x3}, {0x4, 0x3, 0x5, 0x7}, {0x0, 0x4, 0x10, 0x8}]}, 0x90) (async)
r1 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000001400)={0x6, 0x1d, &(0x7f00000001c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x3}, {{0x18, 0x1, 0x1, 0x0, 0x1}}, {}, [@cb_func={0x18, 0x2, 0x4, 0x0, 0x7}, @alu={0x7, 0x0, 0x4, 0xb, 0x7, 0x6, 0x4}, @cb_func={0x18, 0x8, 0x4, 0x0, 0x2}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x2}, @alu={0x4, 0x0, 0x7, 0x4, 0x9, 0xfffffffffffffff4, 0xffffffffffffffff}, @exit, @generic={0x80, 0x9, 0x8, 0x6, 0x401}, @btf_id={0x18, 0x8, 0x3, 0x0, 0x3}, @map_val={0x18, 0xa, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1227}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f00000002c0)='syzkaller\x00', 0x8000, 0x1000, &(0x7f0000000300)=""/4096, 0x41100, 0x8, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000001300)={0xa, 0x1}, 0x8, 0x10, &(0x7f0000001340)={0x2, 0x5, 0x800, 0x800}, 0x10, 0x0, 0x0, 0x3, &(0x7f0000001380)=[0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff], &(0x7f00000013c0)=[{0x3, 0x4, 0xc, 0x3}, {0x4, 0x3, 0x5, 0x7}, {0x0, 0x4, 0x10, 0x8}]}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000001500)={{r0}, &(0x7f00000000c0), &(0x7f00000014c0)=r1}, 0x20)
r2 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000001540)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000001680)={@cgroup=r3, 0x14, 0x0, 0x3, &(0x7f0000001580)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000015c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001600)=[0x0, 0x0], &(0x7f0000001640)=[0x0]}, 0x40)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2) (async)
r4 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r2)
keyctl$link(0x3, r4, 0x0)
keyctl$link(0x8, r4, r4) (async)
keyctl$link(0x8, r4, r4)

10:01:22 executing program 3:
getpid()
syz_clone3(0x0, 0x0)

[  647.128588][T26054] FAULT_INJECTION: forcing a failure.
[  647.128588][T26054] name failslab, interval 1, probability 0, space 0, times 0
[  647.142750][T26054] CPU: 1 PID: 26054 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  647.152921][T26054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  647.162815][T26054] Call Trace:
[  647.165946][T26054]  <TASK>
[  647.168733][T26054]  dump_stack_lvl+0x151/0x1b7
[  647.173230][T26054]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:22 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000000)=0x7)
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xf, 0x7}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000884) (async)
getpeername$tipc(r0, &(0x7f0000000240)=@name, &(0x7f0000000280)=0x10)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'macvlan1\x00', 0xab9})
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000001c0)=0x7, &(0x7f0000000200)=0x4)

10:01:22 executing program 3:
getpid()
syz_clone3(0x0, 0x0)

10:01:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3ff, 0x80}}}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[], 0x28}}, 0x8040)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r0)
r3 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000400)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000500)={'team0\x00', <r7=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000540)={'team0\x00', <r8=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r9=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r10=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r11=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000b00)={'team0\x00', <r12=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000e40)={'team0\x00', <r14=>0x0})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r16=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}})
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r17=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000001580)={'team0\x00', <r18=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r19=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r20=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r21=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r17}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r18}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x81c}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xb3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40045}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x44, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffd}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x20000004)

10:01:22 executing program 3:
getpid()
syz_clone3(0x0, 0x0)

[  647.178797][T26054]  dump_stack+0x15/0x17
[  647.182787][T26054]  should_fail+0x3c6/0x510
[  647.187043][T26054]  __should_failslab+0xa4/0xe0
[  647.191644][T26054]  ? anon_vma_fork+0x1df/0x4e0
[  647.196249][T26054]  should_failslab+0x9/0x20
[  647.200582][T26054]  slab_pre_alloc_hook+0x37/0xd0
[  647.205358][T26054]  ? anon_vma_fork+0x1df/0x4e0
[  647.209953][T26054]  kmem_cache_alloc+0x44/0x200
[  647.214558][T26054]  anon_vma_fork+0x1df/0x4e0
[  647.218985][T26054]  copy_mm+0xa3a/0x13e0
[  647.222979][T26054]  ? copy_signal+0x610/0x610
10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

[  647.227400][T26054]  ? __init_rwsem+0xd6/0x1c0
[  647.231999][T26054]  ? copy_signal+0x4e3/0x610
[  647.236446][T26054]  copy_process+0x1149/0x3290
[  647.241196][T26054]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  647.246212][T26054]  ? copy_clone_args_from_user+0x774/0x830
[  647.247536][T26079] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=26079 comm=syz-executor.0
[  647.251831][T26054]  kernel_clone+0x21e/0x9e0
[  647.251862][T26054]  ? __delayed_free_task+0x20/0x20
[  647.273878][T26054]  ? vfs_write+0x9ec/0x1110
[  647.278220][T26054]  ? create_io_thread+0x1e0/0x1e0
[  647.283081][T26054]  __x64_sys_clone3+0x376/0x3a0
[  647.286160][T26079] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=26079 comm=syz-executor.0
[  647.287862][T26054]  ? __ia32_sys_clone+0x290/0x290
[  647.287896][T26054]  ? fput+0x1a/0x20
[  647.309133][T26054]  ? debug_smp_processor_id+0x17/0x20
[  647.314340][T26054]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  647.320243][T26054]  ? exit_to_user_mode_prepare+0x39/0xa0
[  647.325711][T26054]  do_syscall_64+0x3d/0xb0
[  647.329963][T26054]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  647.335695][T26054] RIP: 0033:0x7f19fd5aeda9
[  647.339940][T26054] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  647.359386][T26054] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  647.367631][T26054] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x0, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, 0x0, &(0x7f0000000040), &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, 0x0, 0x0, &(0x7f0000000080), {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x220800, 0x0)
ioctl$PPPIOCDISCONN(r2, 0x7439)

10:01:22 executing program 2:
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)
ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000000)=0x7) (async)
r0 = socket(0x2, 0x3, 0x5)
bind$802154_raw(r0, 0x0, 0x0) (async)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r1=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x28, 0x0, 0x8, 0x70bd26, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_SCHED_SCAN_RSSI_ADJUST={0x6, 0xf7, {0xf, 0x7}}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x20004000}, 0x4000884) (async)
getpeername$tipc(r0, &(0x7f0000000240)=@name, &(0x7f0000000280)=0x10)
ioctl$SIOCSIFMTU(r0, 0x8922, &(0x7f0000000040)={'macvlan1\x00', 0xab9})
getsockopt$bt_BT_FLUSHABLE(r0, 0x112, 0x8, &(0x7f00000001c0)=0x7, &(0x7f0000000200)=0x4)

10:01:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3ff, 0x80}}}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[], 0x28}}, 0x8040) (async)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r0) (async, rerun: 64)
r3 = socket(0x10, 0x2, 0x4) (rerun: 64)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000400)={'team0\x00', <r4=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r6=>0x0}) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000500)={'team0\x00', <r7=>0x0}) (rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000540)={'team0\x00', <r8=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r9=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r10=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r11=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000b00)={'team0\x00', <r12=>0x0}) (async, rerun: 64)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10) (async, rerun: 64)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000e40)={'team0\x00', <r14=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r16=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r17=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async, rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000001580)={'team0\x00', <r18=>0x0}) (rerun: 32)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r19=>0x0}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r20=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r21=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'})
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r17}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r18}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x81c}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xb3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40045}, 0x0)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x44, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffd}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x20000004)

10:01:22 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0) (async)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x220800, 0x0)
ioctl$PPPIOCDISCONN(r2, 0x7439)

10:01:22 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 86)

[  647.375445][T26054] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  647.383250][T26054] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  647.389959][T26089] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pid=26089 comm=syz-executor.0
[  647.391057][T26054] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  647.391076][T26054] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  647.391096][T26054]  </TASK>
10:01:22 executing program 2:
r0 = syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r3 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r4=>0x0, &(0x7f00000004c0)=<r5=>0x0, {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r2, r3], 0x2, {r6}}, 0x58)
syz_clone3(&(0x7f0000001980)={0x800, &(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0)=<r7=>0x0, {0x17}, &(0x7f0000000900), 0x0, &(0x7f0000000940)=""/4096, &(0x7f0000001940)=[r0, r1, r4, r2, r1, r4], 0x6, {r6}}, 0x58)
r8 = getpid()
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000001b00), r9)
sendmsg$BATADV_CMD_TP_METER(r9, &(0x7f0000001ac0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001b40)=ANY=[@ANYBLOB="000000001c1a08d2ae5dcc3b80c0b2566aba7628937f2789a62ea4a9c45757b75c9f68239c28c051b10be145", @ANYRES16=r10, @ANYBLOB="20002cbd7000fbdbdf2502000000"], 0x14}}, 0x84)
syz_clone3(&(0x7f00000042c0)={0x21000800, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000001a00)=[r3, r4, r2, r5, r7, r8], 0x6}, 0x58)

[  647.441088][T26100] FAULT_INJECTION: forcing a failure.
[  647.441088][T26100] name failslab, interval 1, probability 0, space 0, times 0
[  647.454216][T26100] CPU: 1 PID: 26100 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  647.464379][T26100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  647.474276][T26100] Call Trace:
[  647.477398][T26100]  <TASK>
[  647.480178][T26100]  dump_stack_lvl+0x151/0x1b7
[  647.484692][T26100]  ? io_uring_drop_tctx_refs+0x190/0x190
10:01:22 executing program 2:
r0 = syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58) (async)
r3 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r4=>0x0, &(0x7f00000004c0)=<r5=>0x0, {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r2, r3], 0x2, {r6}}, 0x58) (async)
syz_clone3(&(0x7f0000001980)={0x800, &(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0)=<r7=>0x0, {0x17}, &(0x7f0000000900), 0x0, &(0x7f0000000940)=""/4096, &(0x7f0000001940)=[r0, r1, r4, r2, r1, r4], 0x6, {r6}}, 0x58) (async)
r8 = getpid() (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000001b00), r9)
sendmsg$BATADV_CMD_TP_METER(r9, &(0x7f0000001ac0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001b40)=ANY=[@ANYBLOB="000000001c1a08d2ae5dcc3b80c0b2566aba7628937f2789a62ea4a9c45757b75c9f68239c28c051b10be145", @ANYRES16=r10, @ANYBLOB="20002cbd7000fbdbdf2502000000"], 0x14}}, 0x84) (async)
syz_clone3(&(0x7f00000042c0)={0x21000800, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000001a00)=[r3, r4, r2, r5, r7, r8], 0x6}, 0x58)

[  647.490156][T26100]  dump_stack+0x15/0x17
[  647.494149][T26100]  should_fail+0x3c6/0x510
[  647.498401][T26100]  __should_failslab+0xa4/0xe0
[  647.503010][T26100]  ? anon_vma_fork+0x1df/0x4e0
[  647.507603][T26100]  should_failslab+0x9/0x20
[  647.511943][T26100]  slab_pre_alloc_hook+0x37/0xd0
[  647.516718][T26100]  ? anon_vma_fork+0x1df/0x4e0
[  647.521320][T26100]  kmem_cache_alloc+0x44/0x200
[  647.525918][T26100]  anon_vma_fork+0x1df/0x4e0
[  647.530357][T26100]  copy_mm+0xa3a/0x13e0
[  647.534336][T26100]  ? copy_signal+0x610/0x610
10:01:22 executing program 2:
r0 = syz_clone3(&(0x7f00000003c0)={0x8210400, &(0x7f0000000180), &(0x7f00000001c0)=<r1=>0x0, &(0x7f0000000200)=<r2=>0x0, {0x25}, &(0x7f0000000240)=""/41, 0x29, &(0x7f0000000280)=""/202, &(0x7f0000000380)=[0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff], 0x5}, 0x58)
r3 = syz_clone3(&(0x7f00000006c0)={0x40001000, &(0x7f0000000440), &(0x7f0000000480)=<r4=>0x0, &(0x7f00000004c0)=<r5=>0x0, {0x1a}, &(0x7f0000000500)=""/216, 0xd8, &(0x7f0000000600)=""/83, &(0x7f0000000680)=[0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0x0], 0x7}, 0x58) (async)
r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup.cpu/syz1\x00', 0x200002, 0x0)
syz_clone3(&(0x7f00000007c0)={0x20011000, &(0x7f0000000000), &(0x7f0000000040), &(0x7f0000000080), {0x1a}, &(0x7f00000000c0)=""/64, 0x40, &(0x7f0000000100)=""/107, &(0x7f0000000740)=[r2, r3], 0x2, {r6}}, 0x58)
syz_clone3(&(0x7f0000001980)={0x800, &(0x7f0000000840), &(0x7f0000000880), &(0x7f00000008c0)=<r7=>0x0, {0x17}, &(0x7f0000000900), 0x0, &(0x7f0000000940)=""/4096, &(0x7f0000001940)=[r0, r1, r4, r2, r1, r4], 0x6, {r6}}, 0x58)
r8 = getpid() (async)
r9 = socket$nl_generic(0x10, 0x3, 0x10)
r10 = syz_genetlink_get_family_id$batadv(&(0x7f0000001b00), r9)
sendmsg$BATADV_CMD_TP_METER(r9, &(0x7f0000001ac0)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000001a80)={&(0x7f0000001b40)=ANY=[@ANYBLOB="000000001c1a08d2ae5dcc3b80c0b2566aba7628937f2789a62ea4a9c45757b75c9f68239c28c051b10be145", @ANYRES16=r10, @ANYBLOB="20002cbd7000fbdbdf2502000000"], 0x14}}, 0x84) (async)
syz_clone3(&(0x7f00000042c0)={0x21000800, 0x0, 0x0, 0x0, {0xfffffffe}, 0x0, 0x0, 0x0, &(0x7f0000001a00)=[r3, r4, r2, r5, r7, r8], 0x6}, 0x58)

10:01:22 executing program 2:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000040)=0x3, 0x4)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  647.538757][T26100]  ? __init_rwsem+0xd6/0x1c0
[  647.543187][T26100]  ? copy_signal+0x4e3/0x610
[  647.547612][T26100]  copy_process+0x1149/0x3290
[  647.552133][T26100]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  647.557071][T26100]  ? copy_clone_args_from_user+0x774/0x830
[  647.562717][T26100]  kernel_clone+0x21e/0x9e0
[  647.567052][T26100]  ? __delayed_free_task+0x20/0x20
[  647.572001][T26100]  ? vfs_write+0x9ec/0x1110
[  647.576343][T26100]  ? create_io_thread+0x1e0/0x1e0
[  647.581205][T26100]  __x64_sys_clone3+0x376/0x3a0
[  647.585890][T26100]  ? __ia32_sys_clone+0x290/0x290
10:01:22 executing program 2:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000040)=0x3, 0x4)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)) (async)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000040)=0x3, 0x4) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58) (async)

10:01:22 executing program 2:
socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff})
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000040)=0x3, 0x4) (async)
syz_clone3(&(0x7f00000042c0)={0x80200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1}, 0x58)

[  647.590750][T26100]  ? fput+0x1a/0x20
[  647.594394][T26100]  ? debug_smp_processor_id+0x17/0x20
[  647.599599][T26100]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  647.605506][T26100]  ? exit_to_user_mode_prepare+0x39/0xa0
[  647.610990][T26100]  do_syscall_64+0x3d/0xb0
[  647.615224][T26100]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  647.620948][T26100] RIP: 0033:0x7f19fd5aeda9
10:01:22 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x1}, 0x8)

10:01:22 executing program 2:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0) (async)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x1}, 0x8)

10:01:22 executing program 2:
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000080)='./cgroup/syz0\x00', 0x200002, 0x0)
syz_clone3(&(0x7f0000000000)={0x80200, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, &(0x7f0000004280)=[0x0], 0x1, {r0}}, 0x58)
bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f00000000c0)={0x1}, 0x8)

[  647.625205][T26100] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  647.644659][T26100] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  647.652893][T26100] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  647.661749][T26100] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  647.669567][T26100] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  647.677369][T26100] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, 0x0, 0x0, 0x0, {0x39}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

10:01:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10) (async)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x48, r1, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x3ff, 0x80}}}}, [@NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x8}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x1}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}, @NL80211_ATTR_CONTROL_PORT_OVER_NL80211={0x4}]}, 0x48}, 0x1, 0x0, 0x0, 0x20004080}, 0x0) (async)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000001340)=ANY=[], 0x28}}, 0x8040)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000380), r0)
r3 = socket(0x10, 0x2, 0x4)
sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x3c, 0x0, 0x100, 0x70bd2c, 0x25dfdbff, {{}, {@val={0x8}, @val={0xc, 0x99, {0x5, 0x79}}}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0xfffffffd}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000400)={'team0\x00', <r4=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'batadv_slave_0\x00', <r5=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000004c0)={'batadv_slave_0\x00', <r6=>0x0})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000500)={'team0\x00', <r7=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000540)={'team0\x00', <r8=>0x0}) (async)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000580)={'batadv_slave_1\x00', <r9=>0x0})
ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000000940)={'ip6tnl0\x00', &(0x7f00000008c0)={'ip6tnl0\x00', 0x0, 0x29, 0x40, 0x94, 0x2, 0x0, @private2, @private2={0xfc, 0x2, '\x00', 0x1}, 0x10, 0x0, 0x2, 0x7fffffff}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000a00)={'tunl0\x00', &(0x7f0000000980)={'syztnl2\x00', <r10=>0x0, 0x10, 0x1, 0x7, 0x0, {{0xd, 0x4, 0x0, 0x1b, 0x34, 0x68, 0x0, 0x0, 0x29, 0x0, @broadcast, @multicast1, {[@end, @timestamp={0x44, 0x1c, 0xb, 0x0, 0xc, [0x20, 0x9, 0x0, 0x7fff, 0x1, 0x0]}, @noop]}}}}}) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(0xffffffffffffffff, 0x89f8, &(0x7f0000000ac0)={'gretap0\x00', &(0x7f0000000a40)={'syztnl2\x00', <r11=>0x0, 0x1, 0x80, 0x4, 0x800, {{0x12, 0x4, 0x0, 0xb, 0x48, 0x68, 0x0, 0x8, 0x4, 0x0, @multicast1, @multicast1, {[@timestamp_prespec={0x44, 0x1c, 0xf4, 0x3, 0xb, [{@local, 0x40}, {@private=0xa010101, 0xe26}, {@remote, 0x3}]}, @lsrr={0x83, 0x17, 0x12, [@broadcast, @initdev={0xac, 0x1e, 0x1, 0x0}, @rand_addr=0x64010100, @remote, @local]}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000b00)={'team0\x00', <r12=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000e00)={0xffffffffffffffff, 0xe0, &(0x7f0000000d00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r13=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, &(0x7f0000000c40), &(0x7f0000000c80), 0x8, 0x7b, 0x8, 0x8, &(0x7f0000000cc0)}}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000e40)={'team0\x00', <r14=>0x0}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001140)={0xffffffffffffffff, 0xe0, &(0x7f0000001040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, &(0x7f0000000e80)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r15=>0x0, 0x0, 0x0, 0x0, 0x4, 0x3, &(0x7f0000000ec0)=[0x0, 0x0, 0x0, 0x0], &(0x7f0000000f00)=[0x0, 0x0, 0x0], 0x0, 0x6a, &(0x7f0000000f40)=[{}, {}, {}, {}, {}, {}, {}, {}], 0x40, 0x10, &(0x7f0000000f80), &(0x7f0000000fc0), 0x8, 0x78, 0x8, 0x8, &(0x7f0000001000)}}, 0x10) (async)
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001240)={'sit0\x00', &(0x7f00000011c0)={'syztnl0\x00', <r16=>0x0, 0x8, 0x700, 0x8001, 0x1, {{0xb, 0x4, 0x1, 0x4, 0x2c, 0x64, 0x0, 0x3, 0x2f, 0x0, @local, @empty, {[@noop, @generic={0x82, 0x12, "98bee13e303399b0ec52eb0fa2a877fc"}, @end, @ra={0x94, 0x4}]}}}}}) (async)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000001540)={0xffffffffffffffff, 0xe0, &(0x7f0000001440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, &(0x7f0000001280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, <r17=>0x0, 0x0, 0x0, 0x0, 0x6, 0x1, &(0x7f00000012c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000001300)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38, 0x8, 0x8, &(0x7f0000001400)}}, 0x10) (async)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000001580)={'team0\x00', <r18=>0x0})
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f00000015c0)={'batadv0\x00', <r19=>0x0})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f00000016c0)={'gre0\x00', &(0x7f0000001600)={'gretap0\x00', <r20=>0x0, 0x80, 0x7800, 0x19, 0xffff, {{0x1c, 0x4, 0x0, 0x4, 0x70, 0x65, 0x0, 0x3, 0x4, 0x0, @empty, @rand_addr=0x64010102, {[@generic={0x82, 0x7, 'l@X0G'}, @end, @timestamp_prespec={0x44, 0x24, 0xc9, 0x3, 0xa, [{@broadcast, 0x626}, {@remote, 0x1}, {@empty, 0x9}, {@remote, 0x200}]}, @end, @timestamp_addr={0x44, 0x2c, 0xbc, 0x1, 0x2, [{@multicast2, 0x4103}, {@private=0xa010101, 0xed}, {@rand_addr=0x64010100, 0x6}, {@dev}, {@empty, 0x80000001}]}]}}}}})
ioctl$sock_ipv6_tunnel_SIOCGET6RD(r3, 0x89f8, &(0x7f0000001840)={'syztnl0\x00', &(0x7f0000001700)={'syztnl2\x00', <r21=>0x0, 0x40, 0x76fa96fe04401fad, 0x3ff, 0x3f, {{0x2e, 0x4, 0x3, 0x21, 0xb8, 0x68, 0x0, 0x76, 0x4, 0x0, @multicast2, @local, {[@ra={0x94, 0x4}, @timestamp_prespec={0x44, 0x14, 0xf, 0x3, 0x7, [{@initdev={0xac, 0x1e, 0x1, 0x0}, 0xa0}, {@remote, 0x3}]}, @timestamp={0x44, 0x18, 0x67, 0x0, 0x1, [0xd3, 0x0, 0x14fe5b7, 0x401, 0x951]}, @rr={0x7, 0x27, 0xeb, [@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @broadcast, @rand_addr=0x64010101, @multicast1, @empty, @rand_addr=0x64010101, @multicast2, @multicast1]}, @timestamp_addr={0x44, 0x2c, 0xcf, 0x1, 0x4, [{@local}, {@multicast2, 0x6}, {}, {@private=0xa010101, 0xfff}, {@loopback, 0x1}]}, @timestamp={0x44, 0x1c, 0xd8, 0x0, 0x0, [0x0, 0x4, 0x1, 0x6, 0x6, 0x80000001]}, @generic={0x44, 0x2}]}}}}})
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000001880)={'batadv_slave_1\x00'}) (async)
sendmsg$TEAM_CMD_OPTIONS_SET(r3, &(0x7f00000023c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000002380)={&(0x7f00000018c0)={0x978, 0x0, 0x800, 0x70bd29, 0x25dfdbff, {}, [{{0x8}, {0x1e4, 0x2, 0x0, 0x1, [{0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x4}}, {0x8}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8}}, {0x8}}}, {0x40, 0x1, @name={{0x24}, {0x5}, {0xf, 0x4, 'roundrobin\x00'}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8, 0x4, r4}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x199}}}]}}, {{0x8}, {0x1e8, 0x2, 0x0, 0x1, [{0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x44, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x14, 0x4, [{0x1, 0x7, 0x8, 0x200}, {0xff, 0x8, 0x81, 0xd7}]}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x40}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r5}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r6}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8}}}, {0x3c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x9, 0x4, 'hash\x00'}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r7}}}]}}, {{0x8, 0x1, r8}, {0x7c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x40, 0x1, @lb_port_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r9}}}]}}, {{0x8}, {0x4}}, {{0x8}, {0xb4, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x3}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x3}}, {0x8, 0x6, r10}}}]}}, {{0x8, 0x1, r11}, {0x234, 0x2, 0x0, 0x1, [{0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x8001}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r12}}}, {0x3c, 0x1, @enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r13}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r14}}, {0x8}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r15}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}, {0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r16}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r17}}, {0x8}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}]}}, {{0x8, 0x1, r18}, {0xb0, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0xb5}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0xba}}}, {0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r19}}}]}}, {{0x8, 0x1, r20}, {0x140, 0x2, 0x0, 0x1, [{0x38, 0x1, @notify_peers_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x5}}, {0x8, 0x6, r21}}}, {0x40, 0x1, @lb_hash_stats={{{0x24}, {0x5}, {0x8, 0x4, 0x7}}, {0x8}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}]}}]}, 0x978}}, 0x0) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_LOCAL(r0, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x3c, r2, 0x400, 0x70bd29, 0x25dfdbfe, {}, [@BATADV_ATTR_BRIDGE_LOOP_AVOIDANCE_ENABLED={0x5}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r6}, @BATADV_ATTR_HOP_PENALTY={0x5, 0x35, 0x8}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0x81c}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xb3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40045}, 0x0) (async)
sendmsg$BATADV_CMD_GET_TRANSTABLE_GLOBAL(r0, &(0x7f0000000300)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)={0x44, 0x0, 0x800, 0x70bd26, 0x25dfdbfe, {}, [@BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x5}, @BATADV_ATTR_MULTICAST_FANOUT={0x8, 0x3c, 0xfffffffd}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}, @BATADV_ATTR_BONDING_ENABLED={0x5, 0x2d, 0x1}, @BATADV_ATTR_VLANID={0x6}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x41}, 0x20000004)

10:01:22 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x220800, 0x0)
ioctl$PPPIOCDISCONN(r2, 0x7439)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x220800, 0x0) (async)
ioctl$PPPIOCDISCONN(r2, 0x7439) (async)

10:01:22 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$clear(0x7, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "335168eff8fe3d20052d6e8e2bc1f8cc0516eb8b1d2a69732832f7f8a6e844226a286edd825c8fb912ae7e759442a856ebb04309863e4fbd4e3308fce6597f1c", 0x38}, 0x48, r1)

10:01:22 executing program 2:
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{0x200, 0x9}, {0x3b0, 0x39b}, 0x6f0})

[  647.685178][T26100] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  647.693084][T26100]  </TASK>
10:01:22 executing program 2:
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{0x200, 0x9}, {0x3b0, 0x39b}, 0x6f0})
ioctl$PTP_PEROUT_REQUEST2(0xffffffffffffffff, 0x40383d0c, &(0x7f0000000000)={{0x200, 0x9}, {0x3b0, 0x39b}, 0x6f0}) (async)

10:01:22 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), r0)
sendmsg$IPVS_CMD_FLUSH(r0, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x2000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r1, 0x200, 0x70bd2c, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x7fffffff}]}, 0x1c}, 0x1, 0x0, 0x0, 0x24040004}, 0x4804)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000ea0000000002"], 0x28}}, 0x0)

10:01:22 executing program 4:
openat$rtc(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_io_uring_complete(0x0)
syz_clone3(&(0x7f0000000600)={0x110822000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000580)=[0x0], 0x1}, 0x58) (fail_nth: 87)

10:01:22 executing program 1:
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd)
keyctl$clear(0x7, r0)
r1 = add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$link(0x3, r1, 0x0)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "335168eff8fe3d20052d6e8e2bc1f8cc0516eb8b1d2a69732832f7f8a6e844226a286edd825c8fb912ae7e759442a856ebb04309863e4fbd4e3308fce6597f1c", 0x38}, 0x48, r1)
add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) (async)
keyctl$clear(0x7, r0) (async)
add_key$keyring(&(0x7f0000000080), &(0x7f0000000100)={'syz', 0x3}, 0x0, 0x0, r0) (async)
keyctl$link(0x3, r1, 0x0) (async)
add_key$fscrypt_v1(&(0x7f00000000c0), &(0x7f0000000140)={'fscrypt:', @desc1}, &(0x7f0000000180)={0x0, "335168eff8fe3d20052d6e8e2bc1f8cc0516eb8b1d2a69732832f7f8a6e844226a286edd825c8fb912ae7e759442a856ebb04309863e4fbd4e3308fce6597f1c", 0x38}, 0x48, r1) (async)

10:01:22 executing program 3:
r0 = getpid()
syz_clone3(&(0x7f0000000200)={0x20000000, 0x0, 0x0, 0x0, {}, &(0x7f00000000c0)=""/168, 0xa8, &(0x7f0000000180)=""/45, &(0x7f00000001c0)=[r0], 0x1}, 0x58)

[  647.763091][T26151] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'.
[  647.766153][T26154] general protection fault, probably for non-canonical address 0xe3db189f20000001: 0000 [#1] PREEMPT SMP KASAN
[  647.783754][T26154] KASAN: maybe wild-memory-access in range [0x1ed8e4f900000008-0x1ed8e4f90000000f]
[  647.792865][T26154] CPU: 1 PID: 26154 Comm: syz-executor.4 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  647.803018][T26154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024
[  647.812913][T26154] RIP: 0010:__rb_insert_augmented+0x91/0x610
[  647.818729][T26154] Code: 00 74 08 4c 89 ef e8 5e 0b 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 30 0b 2b ff 48 89 d8 48 8b 1b 4c
[  647.838168][T26154] RSP: 0018:ffffc90007c4f858 EFLAGS: 00010202
[  647.844072][T26154] RAX: 1ed8e4f900000000 RBX: 1ed8e4f900000008 RCX: dffffc0000000000
[  647.851884][T26154] RDX: ffffffff81a50880 RSI: ffff88810be60348 RDI: ffff888111253d10
[  647.859695][T26154] RBP: ffffc90007c4f8c0 R08: dffffc0000000000 R09: ffff888111253d18
[  647.867507][T26154] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  647.875322][T26154] R13: ffff88812679b86c R14: 03db1c9f20000001 R15: ffff888128313ac0
[  647.883127][T26154] FS:  00007f19fc3306c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[  647.891894][T26154] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  647.898320][T26154] CR2: 00007ffce65a8b98 CR3: 0000000156393000 CR4: 00000000003506a0
[  647.906132][T26154] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  647.913938][T26154] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  647.921752][T26154] Call Trace:
[  647.924881][T26154]  <TASK>
[  647.927654][T26154]  ? __die_body+0x62/0xb0
[  647.931821][T26154]  ? die_addr+0x9f/0xd0
[  647.935813][T26154]  ? exc_general_protection+0x311/0x4b0
[  647.941195][T26154]  ? asm_exc_general_protection+0x27/0x30
[  647.946748][T26154]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  647.953014][T26154]  ? __rb_insert_augmented+0x91/0x610
[  647.958205][T26154]  ? anon_vma_interval_tree_iter_next+0x390/0x390
[  647.964457][T26154]  vma_interval_tree_insert_after+0x2be/0x2d0
[  647.970354][T26154]  copy_mm+0xba2/0x13e0
[  647.974353][T26154]  ? copy_signal+0x610/0x610
[  647.978774][T26154]  ? __init_rwsem+0xd6/0x1c0
[  647.983202][T26154]  ? copy_signal+0x4e3/0x610
[  647.987648][T26154]  copy_process+0x1149/0x3290
[  647.992143][T26154]  ? pidfd_show_fdinfo+0x2b0/0x2b0
[  647.997086][T26154]  ? copy_clone_args_from_user+0x774/0x830
[  648.002730][T26154]  kernel_clone+0x21e/0x9e0
[  648.007069][T26154]  ? __delayed_free_task+0x20/0x20
[  648.012027][T26154]  ? vfs_write+0x9ec/0x1110
[  648.016356][T26154]  ? create_io_thread+0x1e0/0x1e0
[  648.021219][T26154]  __x64_sys_clone3+0x376/0x3a0
[  648.025902][T26154]  ? __ia32_sys_clone+0x290/0x290
[  648.030899][T26154]  ? fput+0x1a/0x20
[  648.034517][T26154]  ? debug_smp_processor_id+0x17/0x20
[  648.039720][T26154]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  648.045627][T26154]  ? exit_to_user_mode_prepare+0x39/0xa0
[  648.051093][T26154]  do_syscall_64+0x3d/0xb0
[  648.055345][T26154]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  648.061073][T26154] RIP: 0033:0x7f19fd5aeda9
[  648.065329][T26154] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  648.084764][T26154] RSP: 002b:00007f19fc32ff98 EFLAGS: 00000246 ORIG_RAX: 00000000000001b3
[  648.093013][T26154] RAX: ffffffffffffffda RBX: 0000000000000058 RCX: 00007f19fd5aeda9
[  648.100821][T26154] RDX: 00007f19fc32ffb0 RSI: 0000000000000058 RDI: 00007f19fc32ffb0
[  648.108635][T26154] RBP: 00007f19fc330120 R08: 0000000000000000 R09: 0000000000000058
[  648.116446][T26154] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  648.124258][T26154] R13: 000000000000000b R14: 00007f19fd6dcf80 R15: 00007ffc3244ef08
[  648.132072][T26154]  </TASK>
[  648.134943][T26154] Modules linked in:
[  648.143235][T26154] ---[ end trace 3b5c0d5ee1646202 ]---
[  648.148563][T26154] RIP: 0010:__rb_insert_augmented+0x91/0x610
[  648.154403][T26154] Code: 00 74 08 4c 89 ef e8 5e 0b 2b ff 49 8b 45 00 a8 01 0f 85 60 05 00 00 48 89 5d a0 48 89 45 c0 48 8d 58 08 49 89 de 49 c1 ee 03 <43> 80 3c 26 00 74 08 48 89 df e8 30 0b 2b ff 48 89 d8 48 8b 1b 4c
[  648.173841][T26154] RSP: 0018:ffffc90007c4f858 EFLAGS: 00010202
[  648.179725][T26154] RAX: 1ed8e4f900000000 RBX: 1ed8e4f900000008 RCX: dffffc0000000000
[  648.187698][T26154] RDX: ffffffff81a50880 RSI: ffff88810be60348 RDI: ffff888111253d10
[  648.195650][T26154] RBP: ffffc90007c4f8c0 R08: dffffc0000000000 R09: ffff888111253d18
[  648.203651][T26154] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  648.211505][T26154] R13: ffff88812679b86c R14: 03db1c9f20000001 R15: ffff888128313ac0
[  648.219289][T26154] FS:  00007f19fc3306c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  648.228275][T26154] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  648.234824][T26154] CR2: 00007fe1ddc8d748 CR3: 0000000156393000 CR4: 00000000003506b0
[  648.242711][T26154] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  648.250463][T26154] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  648.258319][T26154] Kernel panic - not syncing: Fatal exception
[  648.264361][T26154] Kernel Offset: disabled
[  648.268499][T26154] Rebooting in 86400 seconds..